Docker Basics¶
105 cards — 🟢 20 easy | 🟡 47 medium | 🔴 23 hard
🟢 Easy (20)¶
1. True or False? It's not possible to remove an image if a certain container is using it
Show answer
True. You should stop and remove the container before trying to remove the image it uses.Example: docker rmi nginx fails if any container (even stopped) uses that image. Fix: docker rm
Gotcha: docker rmi -f can force-remove, but running containers will keep using the image layers via their mount. The image tag disappears but the data stays until the container is removed.
2. How to retrieve the latest ubuntu image?
Show answer
`podman image pull ubuntu:latest`Gotcha: 'latest' tag is just a convention — it is not guaranteed to be the newest version. Always use explicit version tags (ubuntu:22.04) in production.
3. How is a container different from a VM?
Show answer
Containers share the host kernel; VMs have their own OS.Under the hood: containers share the host kernel and use namespaces/cgroups for isolation. VMs run separate kernels on a hypervisor. Containers start in milliseconds; VMs take seconds to minutes.
Analogy: VMs are separate houses (each with its own foundation). Containers are apartments in a building (shared foundation/kernel, separate living spaces).
Number anchor: container startup: ~100ms. VM startup: 30-90 seconds. Container image: 5-500MB. VM image: 1-20GB.
4. How to stop and remove a container?
Show answer
`podman container stopGotcha: docker rm -f combines stop + remove. docker container prune batch-removes ALL stopped containers.
5. How to download/pull a container image without actually running a container?
Show answer
`podman pull6. How to list all the containers on the local host?
Show answer
`podman container ls`Gotcha: only shows running containers. Add -a for all (including stopped). Use -q for IDs only — great for scripting.
7. What is a "container"?
Show answer
An isolated environment holding an app and its dependencies.Under the hood: containers use Linux namespaces (PID, network, mount) for isolation and cgroups for resource limits. They share the host kernel — not a VM.
8. Containerfile/Dockerfile can contain more than one ENTRYPOINT instruction and one CMD instruction
Show answer
True, a Dockerfile can contain multiple ENTRYPOINT and CMD instructions, but only the last of each takes effect. This is useful in multi-stage builds where each stage can have its own ENTRYPOINT.Gotcha: if you override ENTRYPOINT at runtime with --entrypoint, CMD is also reset.
9. Which instructions in Containerfile/Dockerfile create new layers?
Show answer
Instructions such as FROM, COPY and RUN, create new image layers instead of just adding metadata.Remember: FROM, RUN, COPY, ADD create layers. ENV, EXPOSE, CMD create metadata only. Fewer RUN = smaller images.
10. How do you run a container from an image?
Show answer
`docker run11. True or False? You can remove a running container if it doesn't running anything
Show answer
False. You have to stop the container before removing it.Under the hood: docker stop sends SIGTERM, waits 10s, then SIGKILL. docker rm -f sends SIGKILL immediately.
12. What is Docker and what problem does containerization solve?
Show answer
Docker is a platform for containerization. It allows you to package applications and their dependencies into containers – lightweight, portable units that run uniformly across environments (from development to production).13. After running a container, it stopped. podman ps shows nothing. How can you show its details?
Show answer
`podman ps -a` shows all containers including stopped ones. Without `-a`, only running containers appear. Add `--filter status=exited` to see only stopped containers, or `--format` for custom output columns.14. How to check what a certain container image will execute once we'll run a container based on that image?
Show answer
Look for the `Cmd` or `Entrypoint` fields in the output of `docker image inspectExample: `docker image inspect nginx | jq '.[0].Config.Cmd'` returns the default command.
Gotcha: if both ENTRYPOINT and CMD are set, the effective command is ENTRYPOINT + CMD concatenated.
15. What is the "build context"?
Show answer
The build context is the set of files located at the PATH or URL passed to `docker build`. Docker sends the entire context to the daemon, so a large context slows builds. Use `.dockerignore` to exclude unnecessary files like `.git/`, `node_modules/`, and test data.16. True or False? In most cases, container images contain their own kernel
Show answer
False. They share and access the one used by the host on which they are running.Under the hood: sharing the host kernel is why images are small — only userspace needed. But kernel exploits affect all containers.
17. How to list all the image tags for a given container image?
Show answer
`podman search --list-tags IMAGE_NAME` or use the registry API directly. For Docker Hub: `curl -s 'https://hub.docker.com/v2/repositories/library/nginx/tags/?page_size=100' | jq '.results[].name'`.Gotcha: some registries limit tag listing or require authentication.
18. What is a "Dockerfile"?
Show answer
A script with instructions to build a Docker image.Gotcha: each RUN creates a new layer. Combine related commands with && to reduce image size and layer count.
Example: FROM python:3.11-slim / WORKDIR /app / COPY . . / RUN pip install -r requirements.txt / CMD ["python", "main.py"]
19. What happens when CMD instruction is defined but not an ENTRYPOINT instruction in a Containerfile/Dockerfile?
Show answer
When CMD is defined but ENTRYPOINT is not, the ENTRYPOINT from the base image is used. If the base image also has no ENTRYPOINT (rare), CMD runs as the main process via `/bin/sh -c`.Gotcha: if you later add ENTRYPOINT, the existing CMD becomes arguments to it, which may break the container.
20. What is the relationship between a container image and a running container?
Show answer
An image is a reusable filesystem template (read-only layers). A container is a running process with its own writable layer on top. Multiple containers can share the same image.🟡 Medium (47)¶
1. How to list the container images on certain host?
Show answer
`podman images` or `docker images` lists all local images. Add `--format '{{.Repository}}:{{.Tag}} {{.Size}}'` for cleaner output. Use `--filter dangling=true` to find untagged images wasting disk space.2. What are some of the advantages in using containers? you can compare to other options like VMs
Show answer
* Reusable: container can be used by multiple different users for different usages - production vs. staging, development, testing, etc.* Lightweight: containers are fairly lightweight which means deployments can be done quickly since you don't need to install a full OS (as in VMs for example)
* Isolation: Containers are isolated environments, usually changes made to the OS won't affect the containers and vice-versa
3. What is a Docker container?
Show answer
A container is a runtime instance of a Docker image. It's a lightweight, isolated process running the application packaged in the image, with its own filesystem, network interface, etc., but sharing the host kernel.4. What is the difference between CMD and ENTRYPOINT in a Dockerfile?
Show answer
Both define the startup command for a container. ENTRYPOINT is the fixed main command (and can't be overridden by default), while CMD provides default arguments to that command (or a fallback command). If you provide arguments to docker run, it replaces the CMD but adds to the ENTRYPOINT. Essentially, use ENTRYPOINT for the primary command (e.g., the executable) and CMD for default options or command if none is provided.5. What does docker ps do?
Show answer
It lists running containers (add -a to list all containers, including stopped ones). It shows container IDs, names, images, status, and port mappings.Example: docker ps shows running containers. docker ps -a shows all (including stopped). docker ps -q returns only IDs (useful for scripting: docker stop $(docker ps -q)).
6. True or False? If image httpd-service has an entry point for running the httpd service then, the following will run the container and eventually the httpd service podman run httpd-service ls
Show answer
False. Running that command will override the entry point so the httpd service won't run and instead podman will run the `ls` command.7. How to remove an image from the host?
Show answer
`podman rmi IMAGE`It will fail if some containers are using it. You can then use `--force` flag for that but generally, it's better if you inspect the containers using the image before doing so.
To delete all images: `podman rmi -a`
8. What is a container image?
Show answer
* An image of a container contains the application, its dependencies and the operating system where the application is executed.* It's a collection of read-only layers. These layers are loosely coupled
* Each layer is assembled out of one or more files
9. What does docker pull ubuntu:20.04 do?
Show answer
It downloads the Ubuntu 20.04 image from Docker Hub (or another registry) to your local machine, so you can run containers from it.Under the hood: pull resolves the tag to a manifest, downloads each layer in parallel, verifies SHA256 digests, and unpacks into the local storage driver (overlay2).
Remember: docker pull only downloads. docker run will auto-pull if the image is not local. Explicit pull is useful for pre-caching images in CI or air-gapped environments.
10. What is Docker Compose?
Show answer
Docker Compose is a tool for defining and running multi-container Docker applications using a YAML file (docker-compose.yml or compose.yaml). It allows you to spin up a stack of interconnected services with one command (`docker compose up`), simplifying orchestration for development or testing.11. What's the difference between an image and a container?
Show answer
An image is the static definition (the blueprint), while a container is the live, running instance of that image. You can have many containers from the same image.Under the hood: an image is a stack of read-only filesystem layers. A container adds a writable layer on top. Multiple containers can share the same image layers.
12. True or False? Once a container is stopped and removed, its image removed as well from the host
Show answer
False. The image will still be available for use by potential containers in the future.To remove the image, run `podman rmi IMAGE`
13. True or False? Running podman restart CONTAINER_NAME kills the main process inside the container and runs it again from scratch
Show answer
False. `podman restart` creates an entirely new container with the same ID while reusing the filesystem and state of the original container.14. Where pulled images are stored?
Show answer
Depends on the container runtime. Docker stores images in `/var/lib/docker/` (overlay2 driver by default). Podman uses `/var/lib/containers/storage/` for root and `~/.local/share/containers/storage/` for rootless. Check with `podman info | grep -i root`.15. True or False? Using the 'latest' tag when pulling an image means, you are pulling the most recently published image
Show answer
False. While this might be true in some cases, it's not guaranteed that you'll pull the latest published image when using the 'latest' tag.For example, in some images, 'edge' tag is used for the most recently published images.
16. How can you access logs from a running container?
Show answer
To access logs from a running container, you can use the docker logs command. Here's an example:```docker logs container_id```
`container_id` is the ID or name of the running container.
This command prints the container's logs to the terminal. The -f option can be added to follow the log output in real-time.
17. In which scenarios would you use containers and in which you would prefer to use VMs?
Show answer
You should choose VMs when:* You need run an application which requires all the resources and functionalities of an OS
* You need full isolation and security
You should choose containers when:
* You need a lightweight solution
* Running multiple versions or instances of a single application
18. What is the significance of the "-d" flag when running a container?
Show answer
The -d flag in the docker run command stands for "detached" mode. When you run a container with this flag, the container runs in the background, and the terminal is immediately returned to you. This allows you to continue using the terminal for other commands while the container runs separately.```docker run -d image_name```
You'll receive the container ID, and the container continues to run in the background. You can use commands like docker logs to view the container's output.
19. How docker image build works?
Show answer
1. Docker spins up a temporary container2. Runs a single instruction in the temporary container
3. Stores the result as a new image layer
4. Remove the temporary container
5. Repeat for every instruction
20. What is a Docker image?
Show answer
A Docker image is a lightweight, standalone, and executable package that includes everything needed to run a piece of software, including the code, runtime, libraries, and system tools. It is a snapshot of a file system and parameters needed for running a container. Docker images are built from a set of instructions called a Dockerfile, and they can be versioned, stored in repositories, and shared with others. Images serve as the blueprint for creating containers, and they encapsulate the application and its dependencies in a consistent and reproducible manner.21. What is a Containerfile/Dockerfile?
Show answer
Different container engines (e.g. Docker, Podman) can build images automatically by reading the instructions from a Containerfile/Dockerfile. A Containerfile/Dockerfile is a text file that contains all the instructions for building an image which containers can use.22. Why after running podman container run ubuntu the output of podman container ls is empty?
Show answer
Because the container immediately exits after running the ubuntu image. This is completely normal and expected as containers designed to run a service or a app and exit when they are done running it. To see the container you can run `podman ps -a`If you want the container to keep running, you can run a command like `sleep 100` which will run for 100 seconds or you can attach to terminal of the container with a command similar: `podman container run -it ubuntu /bin/bash`
23. How to attach your shell to a terminal of a running container?
Show answer
`podman container exec -it [container id/name] bash`This can be done in advance while running the container: `podman container run -it [image:tag] /bin/bash`
24. What is the difference between CMD and RUN in Containerfile/Dockerfile?
Show answer
RUN lets you execute commands inside of your Docker image. These commands get executed once at build time and get written into your Docker image as a new layer.CMD is the command the container executes by default when you launch the built image. A Containerfile/Dockerfile can only have one CMD.
You could say that CMD is a Docker run-time operation, meaning it’s not something that gets executed at build time. It happens when you run an image. A running image is called a container.
25. What's your experience with Docker?
Show answer
I've built images, managed registries, debugged containers, and run large-scale containerized workloads through Kubernetes, Docker CE, and CoreOS environments. I'm comfortable writing Dockerfiles, optimizing layers, and understanding how images, tags, and volumes interact.26. Describe the process of using Docker Compose
Show answer
* Define the services you would like to run together in a docker-compose.yml file* Run `docker compose up` to run the services
27. How to run a container in the background?
Show answer
With the -d flag. It will run in the background and will not attach it to the terminal.`docker container run -d httpd` or `podman container run -d httpd`
28. How do you run a Docker container?
Show answer
To run a Docker container, you use the docker run command. Here's a basic example:```docker run image_name```
* `image_name` is the name of the Docker image you want to run.
This command will start a new container based on the specified image. Additional options can be used to customize the container's behavior, such as exposing ports, mounting volumes, setting environment variables, and more.
29. Explain the use of the "--env" option in the "docker run" command.
Show answer
The --env option in the docker run command is used to set environment variables within the container. Environment variables are key-value pairs that provide configuration information to applications running inside the container.```docker run --env MYSQL_ROOT_PASSWORD=secret -d mysql:latest```
In this example, the MYSQL_ROOT_PASSWORD environment variable is set to "secret" for a MySQL container. Multiple --env options can be used to set multiple environment variables.
30. How do you build a Docker image?
Show answer
By writing a Dockerfile with instructions (base image, operations like copying files, installing packages, setting entrypoint, etc.) and running docker build . -t name:tag. Docker will execute the Dockerfile steps to produce an image.31. How can you restart a stopped container?
Show answer
To restart a stopped container, you can use the docker start command:```docker start container_id```
`container_id` is the ID or name of the stopped container.
This command restarts the container using its existing configuration and state. If you want to restart a container with different settings, you can use the docker create and docker start combination.
32. Can you explain the layered filesystem concept in Docker images?
Show answer
Docker images are composed of layers. Each instruction in a Dockerfile (like RUN, COPY) creates a new immutable layer. Layers are cached and reused – if two images share some layers, Docker stores those layers only once. When running a container, these image layers are combined with a thin writable layer on top.33. What's the difference between these two forms:
Show answer
The first form is also referred as "Exec form" and the second one is referred as "Shell form".The second one (Shell form) wraps the commands in `/bin/sh -c` hence creates a shell process for it.
While using either Exec form or Shell form might be fine, it's the mixing that can lead to unexpected results.
Consider:
```\nENTRYPOINT ["ls"]\nCMD /tmp\n```
That would results in running `ls /bin/sh -c /tmp`
34. List five different instructions that are available for use in a Containerfile/Dockerfile
Show answer
* WORKDIR: sets the working directory inside the image filesystems for all the instructions following it* EXPOSE: exposes the specified port (it doesn't adds a new layer, rather documented as image metadata)
* ENTRYPOINT: specifies the startup commands to run when a container is started from the image
* ENV: sets an environment variable to the given value
* USER: sets the user (and optionally the user group) to use while running the image
35. How to create a new image using a Containerfile/Dockerfile?
Show answer
The following command is executed from within the directory where Dockefile resides:`docker image build -t some_app:latest .`
`podman image build -t some_app:latest .`
36. Explain container image layers
Show answer
- The layers of an image is where all the content is stored - code, files, etc.- Each layer is independent
- Each layer has an ID that is an hash based on its content
- The layers (as the image) are immutable which means a change to one of the layers can be easily identified
37. Why container images are relatively small?
Show answer
* Most of the images don't contain Kernel. They share and access the one used by the host on which they are running* Containers intended to run specific application in most cases. This means they hold only what the application needs in order to run
38. True or False? Multiple images can share layers
Show answer
True.One evidence for that can be found in pulling images. Sometimes when you pull an image, you'll see a line similar to the following:
`fa20momervif17: already exists`
This is because it recognizes such layer already exists on the host, so there is no need to pull the same layer twice.
39. Describe the process of containerizing an application
Show answer
1. Write a Containerfile/Dockerfile that includes your app (including the commands to run it) and its dependencies2. Build the image using the Containerfile/Dockefile you wrote
3. You might want to push the image to a registry
4. Run the container using the image you've built
40. Which instructions in Containerfile/Dockerfile create image metadata and don't create new layers?
Show answer
Instructions such as ENTRYPOINT, ENV, EXPOSE, create image metadata and they don't create new layers.Remember: FROM, RUN, COPY, ADD create layers. ENV, EXPOSE, CMD create metadata only. Fewer RUN = smaller images.
41. What is the difference between ADD and COPY in Containerfile/Dockerfile?
Show answer
COPY takes in a source and destination. It lets you copy in a file or directory from the build context into the Docker image itself.ADD lets you do the same, but it also supports two other sources. You can use a URL instead of a file or directory from the build context. In addition, you can extract a tar file from the source directly into the destination.
42. What instruction exists in every Containerfile/Dockefile and what does it do?
Show answer
In every Containerfile/Dockerfile, you can find the instruction `FROMIt specifies the base layer of the image to be used. Every other instruction is a layer on top of that base image.
43. What ways are there for creating new images?
Show answer
1. Create a Containerfile/Dockerfile and build an image out of it2. Using `podman commit` on a running container after making changes to it
44. True or False? Changing the content of any of the image layers will cause the hash content of the image to change
Show answer
True. These hashes are content based and since images (and their layers) are immutable, any change will cause the hashes to change.45. Do containers run their own kernel?
Show answer
No. Containers share the host kernel. This is fundamentally different from VMs. A container escape is a kernel or runtime vulnerability, not a VM boundary problem.Under the hood: this is the fundamental difference from VMs. Because containers share the host kernel, a kernel exploit in one container affects all. This is why container runtimes add seccomp, AppArmor, and capabilities restrictions.
46. How do you scale resources horizontally and vertically to meet increasing demand?
Show answer
• Vertical Scaling: Vertical scaling involves increasing the capacity of individual servers by adding more CPU, RAM, or storage. This is suitable for applications that benefit from increased resources on a single server. • Horizontal Scaling: Horizontal scaling involves adding more servers to distribute the workload. This is effective for applications designed to run in a distributed environment, and it improves redundancy and fault tolerance.47. Discuss your experience with containerization technologies such as Docker or Kubernetes.
Show answer
• Experience with Docker: I have extensive experience with Docker, including containerizing applications, creating Docker images, and managing containerized environments. • Container Orchestration with Kubernetes: I am proficient in Kubernetes for container orchestration, managing containerized applications at scale, and automating deployment, scaling, and operations. • Microservices Architecture: I have implemented microservices architectures using Docker containers, enabling modular and scalable application development.🔴 Hard (23)¶
1. How can you pass environment variables to a Docker container?
Show answer
Environment variables can be passed to a Docker container using the -e (or --env) option in the docker run command.Example:
```docker run -e MY_VARIABLE=value my_image```
This command sets the environment variable MY_VARIABLE with the value value inside the running container.
Alternatively, you can use a file containing environment variables and pass it to the container using the --env-file option:
```docker run --env-file my_env_file my_image```
This is useful for managing multiple environment variables in a file. The file should contain variable assignments, one per line.
Passing environment variables to containers is crucial for configuring applications and services within the containerized environment.
2. What is the significance of Docker Compose in the context of orchestration?
Show answer
Docker Compose is a tool for defining and running multi-container Docker applications. While Docker Compose is not a full orchestration solution like Docker Swarm or Kubernetes, it plays a crucial role in simplifying the definition and deployment of multi-container applications, especially in development and testing environments.**The significance of Docker Compose includes:**
3. Describe the lifecycle of a Docker container.
Show answer
The lifecycle of a Docker container involves several stages:* Creation: A container is created from a Docker image using the docker run command. The image is pulled from a registry if not available locally.
* Execution: The container is started, and the application inside the container begins to run. The container runs in isolation with its own filesystem, network, and processes.
* Monitoring and Logging: Docker provides tools for monitoring container logs and resource usage.
4. Explain the significance of the "--rm" option when running a container.
Show answer
The --rm option in the docker run command is used to automatically remove the container when it exits. By default, when a container stops, it remains on the host machine, and you need to explicitly remove it using the docker rm command. However, if you use the --rm option, the container is automatically removed upon termination, saving disk space and simplifying container management.Example:
```docker run --rm image_name```
This is particularly useful for short-lived or disposable containers, such as those used for testing or one-time tasks.
5. How are Docker images different from Docker containers?
Show answer
Docker images and containers are related but distinct concepts:* Docker Image: It is a static, immutable snapshot of a file system and application configuration. It serves as a template for creating containers. Images are created using Dockerfiles and can be versioned and stored in repositories like Docker Hub.
* Docker Container: It is a running instance of a Docker image. Containers are dynamic and can be started, stopped, and moved between different environments. They encapsulate the application and its dependencies, providing a lightweight and portable execution environment.
In summary, an image is a blueprint, and a container is an instantiated and running execution of that blueprint.
6. Explain the concept of layers in a Docker image.
Show answer
Docker images are composed of multiple layers, and each layer represents a set of filesystem changes or instructions in the Dockerfile. Layers are created during the image build process, and they contribute to the final image. The layering concept provides several benefits:* Caching: Docker caches layers, so if a layer hasn't changed, it can be reused in subsequent builds. This improves build efficiency by only rebuilding the changed layers.
* Reusability: Layers are shared among images.
7. How are containers different from virtual machines (VMs)?
Show answer
The primary difference between containers and VMs is that containers allow you to virtualizemultiple workloads on a single operating system while in the case of VMs, the hardware is being virtualized to run multiple machines each with its own guest OS.
You can also think about it as containers are for OS-level virtualization while VMs are for hardware virtualization.
8. How do you stop and remove a Docker container?
Show answer
To stop a running container, you use the docker stop command:```docker stop container_id\n```
`container_id` is the ID or name of the running container.
To remove a stopped container, you use the docker rm command:
```docker rm container_id```
`container_id` is the ID or name of the stopped container.
You can combine these commands into a single line to stop and remove a container:
```docker rm -f container_id```
The -f flag forcefully removes the container, even if it's still running.
9. Explain the purpose of Docker Compose.
Show answer
Docker Compose is a tool for defining and running multi-container Docker applications. It allows users to define an entire application stack, including services, networks, and volumes, in a single file called docker-compose.yml. This file specifies the configuration for each service, their dependencies, and how they should interact. Docker Compose simplifies the process of managing complex applications with multiple interconnected containers. It facilitates the orchestration of containers, making it easier to start, stop, and scale multi-container applications with a single command. Docker Compose is particularly useful for development and testing environments where multiple services need to work together.10. What is a container and how does it differ from a virtual machine?
Show answer
This can be tricky to answer since there are many ways to create a containers:- Docker
- systemd-nspawn
- LXC
If to focus on OCI (Open Container Initiative) based containers, it offers the following [definition](https://github.com/opencontainers/runtime-spec/blob/master/glossary.md#container): "An environment for executing processes with configurable isolation and resource limitations. For example, namespaces, resource limits, and mounts are all part of the container environment."
11. Explain what is Docker compose and what is it used for
Show answer
Compose is a tool for defining and running multi-container Docker applications. With Compose, you use a YAML file to configure your application’s services. Then, with a single command, you create and start all the services from your configuration.For example, you can use it to set up ELK stack where the services are: elasticsearch, logstash and kibana. Each running in its own container.
In general, it's useful for running applications which composed out of several different services. It let's you manage it as one deployed app, instead of different multiple separate services.
12. Explain the difference between COPY and ADD commands in a Dockerfile.
Show answer
Both COPY and ADD commands in a Dockerfile are used to copy files from the host machine into the container, but there are differences:**COPY:**
Syntax: ```COPY
* Copies files or directories from the host to the container.'
* Designed for copying local files, and it does not extract compressed files.
* Recommended for copying only essential files during image building.
**ADD:**
Syntax: ```ADD
* Similar to COPY but with additional features.
13. What is a Dockerfile, and how is it used in creating images?
Show answer
A Dockerfile is a script that contains a set of instructions for building a Docker image. It specifies the base image, sets up the environment, installs dependencies, and defines how the application should run. Dockerfiles are used to automate the process of creating reproducible and consistent images.**Key components of a Dockerfile include:**
* Base Image: Specifies the base image on which the new image will be built.
14. How do you attach and detach from a running container?
Show answer
To attach to a running container and interact with its console, you can use the docker attach command:```docker attach container_id```
`container_id` is the ID or name of the running container.
To detach from the container without stopping it, press Ctrl + P followed by Ctrl + Q. This allows you to return to the host terminal while leaving the container running.
Alternatively, you can use the docker exec command to execute commands inside a running container without attaching to its console:
```docker exec -it container_id /bin/bash```
This opens a new shell session within the running container. To exit the session without stopping the container, use the exit command.
15. What is the difference between a Docker image and a container?
Show answer
An image is a read-only template containing application code, runtime,libraries, and dependencies. A container is a running instance of an image.
Image:
- Immutable, versioned, shareable
- Built from Dockerfile
- Stored in registries (Docker Hub, ECR, etc.)
- Composed of layered filesystem
Container:
- Running process isolated from host
- Has writable layer on top of image
- Ephemeral by default (data lost when removed)
- Can have multiple containers from same image
Analogy:
- Image = Class definition
- Container = Object instance
Commands:
- `docker build` → creates image
- `docker run` → creates container from image
- `docker images` → list images
- `docker ps` → list running containers
16. How do you create a Docker image?
Show answer
To create a Docker image, you typically follow these steps:* Create a Dockerfile:
Write a Dockerfile, which is a plain text file containing instructions for building the image. The Dockerfile specifies the base image, adds dependencies, defines environment variables, and sets up the application.
* Build the Image:
Use the docker build command to build the image based on the Dockerfile. Provide the path to the directory containing the Dockerfile.
```docker build -t image_name:tag path/to/dockerfile_directory```
* Verify the Image:
Once the build is complete, you can use the docker images command to verify that the new image is listed.
17. What is the difference between ENTRYPOINT and CMD in a Dockerfile?
Show answer
Both specify what runs when a container starts, but they behave differently:CMD:
- Provides default command and/or arguments
- Easily overridden by `docker run` arguments
- Only the last CMD takes effect
ENTRYPOINT:
- Defines the executable that always runs
- Arguments from `docker run` are appended to it
- Harder to override (requires --entrypoint flag)
Combination patterns:
1. CMD only (flexible):
CMD ["python", "app.py"]
# docker run myimage → runs python app.py
# docker run myimage bash → runs bash instead
2. ENTRYPOINT only (fixed command):
ENTRYPOINT ["python", "app.py"]
# docker run myimage → runs python app.py
# docker run myimage --debug → runs python app.py --debug
3. Both (best practice for CLI tools):
ENTRYPOINT ["python", "app.py"]
CMD ["--help"]
# docker run myimage → runs python app.py --help
# docker run myimage --version → runs python app.py --version
18. Explain the difference between "docker run" and "docker create."
Show answer
**docker run:**
* Combines the creation and start of a container in a single command.
* Syntax: docker run [options] image_name [command] [args]
* Creates a new container from the specified image and starts it.
* Example: ```docker run -d -p 8080:80 my_web_app```
**docker create:**
* Creates a new container but does not start it.
* Syntax: docker create [options] image_name [command] [args]
* Returns the container ID but doesn't run the specified command.
* Example: docker create -v /data my_data_container
Once you use docker create to create a container, you can start it later using docker start and stop it with docker stop.
19. What are Docker image layers and how do they work?
Show answer
A Docker image is built up from a series of layers. Each layer represents an instruction in the image’s Containerfile/Dockerfile. Each layer except the very last one is read-only.Each layer is only a set of differences from the layer before it. The layers are stacked on top of each other. When you create a new container, you add a new writable layer on top of the underlying layers. This layer is often called the “container layer”.
20. What is the purpose of the ENTRYPOINT and CMD directives in a Dockerfile?
Show answer
Both ENTRYPOINT and CMD are instructions in a Dockerfile used to define the default command that will be executed when a container starts:**ENTRYPOINT:**
Specifies the executable that will run when the container starts. It is often used for defining the primary application or process within the container.
Example: ENTRYPOINT ["nginx", "-g", "daemon off;"]
**CMD:**
Defines default arguments for the ENTRYPOINT or sets the default command when the container starts if no ENTRYPOINT is specified.
CMD can be overridden at
21. What is Docker, and how does it differ from traditional virtualization?
Show answer
Docker is a containerization platform that enables developers to package applications and their dependencies into standardized units called containers. These containers can run consistently across various environments, providing a lightweight and portable solution. Unlike traditional virtualization, where each application runs on a separate operating system (OS) with its own kernel, Docker containers share the host OS kernel, making them more efficient and faster to deploy. Virtualization involves running multiple virtual machines (VMs) on a hypervisor, each with its own OS instance, which can consume more resources compared to Docker containers.22. Why containers are needed? What is their goal?
Show answer
OCI provides a good [explanation](https://github.com/opencontainers/runtime-spec/blob/master/principles.md#the-5-principles-of-standard-containers): "Define a unit of software delivery called a Standard Container. The goal of a Standard Container is to encapsulate a software component and all its dependencies in a format that is self-describing and portable, so that any compliant runtime can run it without extra dependencies, regardless of the underlying machine and the contents of the container."23. You are interested in running a container with snake game application. How can you search for such image and check if it exists?
Show answer
`podman search snake-game` queries configured registries for matching images. Add `--limit 10` to control result count. Results show INDEX, NAME, DESCRIPTION, and STARS columns.Gotcha: search only queries registries in `registries.search` config — private registries need explicit configuration.