25 Most Asked Docker Questions During Interviews
Docker Basics
1. What is Docker and how does it differ from a virtual machine (VM)?
Docker is a platform that allows you to build, package, and run applications in lightweight, portable containers. Unlike virtual machines, containers share the host OS kernel instead of running a full OS for each instance, making them faster and more resource-efficient. VMs provide stronger isolation but require more overhead, while containers offer speed and scalability ideal for microservices.
2. What are containers, and how do they work?
Containers are isolated environments that package an application and its dependencies so it can run consistently across different systems. They use OS-level virtualization to share the host kernel while keeping processes, file systems, and network interfaces separate. This ensures fast startup times and efficient resource usage.
3. What are the main components of Docker? (Docker Engine, CLI, Daemon, Images, Containers, Registry)
Docker’s core components include the Docker Engine (runtime for building and running containers), Docker Daemon (background service managing containers), and the Docker CLI (command-line tool for interaction). Images are templates for containers, containers are running instances of those images, and the Docker Registry (like Docker Hub) stores and distributes images.
4. What is a Docker image, and how is it different from a container?
A Docker image is a read-only blueprint that defines what a container will contain and how it will run. It includes the application code, dependencies, and configuration. A container, on the other hand, is a running instance of that image—mutable and isolated, with its own filesystem and processes.
5. What is a Dockerfile? What are some common instructions used in it?
A Dockerfile is a text file containing instructions to build a Docker image automatically. It defines the base image, environment setup, files to copy, and commands to execute. Common instructions include FROM, RUN, COPY, ADD, EXPOSE, CMD, and ENTRYPOINT.
6. What is the purpose of the ENTRYPOINT and CMD instructions in a Dockerfile?
Both define what command runs when a container starts. ENTRYPOINT sets the main executable that always runs, while CMD provides default arguments that can be overridden at runtime. Together, they give flexibility—for example, ENTRYPOINT ["python3"] and CMD ["app.py"] will execute python3 app.py by default.
7. What is the difference between COPY and ADD in a Dockerfile?
COPY simply copies files or directories from the host into the image, while ADD can also fetch remote URLs and automatically extract compressed files (like .tar archives). Since COPY is more predictable, it’s preferred unless you specifically need ADD’s extra functionality.
8. How do you check running containers and list all containers? (docker ps, docker ps -a)
Use docker ps to list currently running containers, showing their IDs, names, and status. To see all containers, including stopped ones, use docker ps -a.
9. How do you remove unused images and containers? (docker system prune, etc.)
You can use docker system prune to remove all stopped containers, unused networks, and dangling images. To remove only specific resources, use docker rm (containers) and docker rmi (images). Adding the -a flag to prune also removes unused images.
10. What is the difference between a Docker image tag and an image ID?
A tag is a human-readable alias (like nginx:latest) that points to a specific image version, while the image ID is a unique SHA256 hash. Multiple tags can reference the same image ID.
Docker Architecture & Networking
11. How does Docker’s client-server architecture work?
Docker uses a client-server model where the Docker client (CLI) communicates with the Docker daemon (dockerd) using a REST API. The daemon manages images, containers, networks, and volumes.
12. What are Docker networks, and what types are available?
Docker networks enable communication between containers and the host. Types include:
• bridge
• host
• none
• overlay
• macvlan
13. How do containers communicate with each other?
Containers on the same network can communicate via their container names as hostnames. Docker’s embedded DNS automatically resolves these names.
14. How do you expose and map ports between the container and host?
Use docker run -p 8080:80 nginx to map ports. EXPOSE is only documentation.
15. What is the role of docker0 bridge?
It is Docker’s default virtual network that allows containers to communicate with each other and the host.
Docker Compose & Multi-Container Apps
16. What is Docker Compose, and why is it useful?
Docker Compose is a tool for defining and running multi-container applications using a single YAML file.
17. What does a typical docker-compose.yml file look like?
It defines services, networks, and volumes.
18. How do you scale services in Docker Compose?
Use docker-compose up --scale web=3.
19. How do you manage environment variables in Docker Compose?
Use environment: field or a .env file.
Storage, Volumes & Persistence
20. What are Docker volumes, and how do they differ from bind mounts?
Volumes are managed by Docker and stored under /var/lib/docker/volumes. Bind mounts directly map a host directory.
21. How do you persist data in Docker containers?
Use a volume: docker run -v mydata:/app/data.
22. How can you share data between containers?
Attach the same volume to multiple containers.
Advanced / DevOps Topics
23. How do you optimize Docker image size? (Multi-stage builds, .dockerignore, minimal base images)
Use multi-stage builds, small base images like alpine, and .dockerignore to remove unwanted files.
24. What are best practices for securing Docker containers? (Least privilege, rootless mode, scanning images, etc.)
Run containers as non-root, use rootless mode, scan images, update Docker regularly, and restrict container capabilities.
25. What’s the difference between Docker Swarm and Kubernetes?
Docker Swarm is simple and tightly integrated with Docker. Kubernetes is more advanced, widely adopted, and supports large-scale production deployments.
Final Thoughts
These 25 Docker interview questions cover all essential topics including Docker basics, architecture, networking, Docker Compose, volumes, and advanced DevOps concepts. This guide will help beginners, DevOps engineers, and cloud engineers prepare for interviews with confidence.
If you want more Docker or DevOps interview question guides, comment or message me!
