Docker is an open platform for developing, shipping, and running applications. It enables you to separate your applications from your infrastructure using containers, so you can deliver software quickly.
What is the difference between a Docker image and a Docker container?
Explanation
A Docker image is a read-only template used to create containers. A container is a running (or stopped) instance of an image. Multiple containers can be created from the same image.
Which Dockerfile instruction sets the base image for subsequent instructions?
Explanation
The FROM instruction initialises a new build stage and sets the base image. Every valid Dockerfile must start with a FROM instruction (except for ARG instructions that precede it).
Which command is used to build a Docker image from a Dockerfile?
Explanation
'docker build' reads the Dockerfile and builds an image. Example: 'docker build -t my-app:1.0 .' builds an image tagged 'my-app:1.0' using the Dockerfile in the current directory.
What does the EXPOSE instruction in a Dockerfile do?
Explanation
EXPOSE is a documentation instruction — it informs Docker that the container listens on the specified port at runtime but does NOT actually publish the port. To publish a port you use -p with 'docker run'.
Which command lists all running Docker containers?
Explanation
'docker ps' lists all currently running containers. To see all containers (including stopped ones), use 'docker ps -a'.
What is the purpose of the .dockerignore file?
Explanation
A .dockerignore file works like .gitignore — it excludes files and directories from the build context. This reduces the context size, speeds up builds, and prevents sensitive files (like .env or node_modules) from being copied into the image.
What is the difference between the COPY and ADD instructions in a Dockerfile?
Explanation
COPY copies local files/directories into the image. ADD does everything COPY does plus it can fetch files from URLs and automatically extract compressed archives (tar, gzip). Best practice is to use COPY unless you specifically need ADD's extra features.
What is the difference between ENTRYPOINT and CMD in a Dockerfile?
Explanation
ENTRYPOINT defines the command that always runs when the container starts. CMD provides default arguments to ENTRYPOINT (or the default command if no ENTRYPOINT is set). CMD arguments can be overridden by passing arguments to 'docker run', while ENTRYPOINT cannot easily be overridden without --entrypoint.
Which command runs a command inside a running container?
Explanation
'docker exec' runs a new command in a running container. For example, 'docker exec -it mycontainer bash' opens an interactive bash shell inside the container.
What does the -d flag do when running 'docker run -d nginx'?
Explanation
The -d (or --detach) flag runs the container in the background and prints the container ID. Without -d, the container runs in the foreground and you see its output directly in the terminal.
What is a Docker volume?
Explanation
Docker volumes provide persistent storage that survives container restarts and removal. Volumes are managed by Docker, stored in a part of the host filesystem (/var/lib/docker/volumes/), and are the preferred way to persist data.
What is the difference between a Docker named volume and a bind mount?
Explanation
Named volumes are created and managed by Docker in /var/lib/docker/volumes/. Bind mounts map any host directory or file directly into the container. Named volumes are recommended for production as they are portable and easier to back up.
Which Docker network driver creates an isolated network on a single host and is the default for user-defined networks?
Explanation
The bridge network driver is the default for user-defined networks on a single host. Containers on the same bridge network can communicate with each other. The 'host' driver shares the host's network stack, and 'overlay' connects containers across multiple Docker hosts.
What does docker stop do differently from docker kill?
Explanation
'docker stop' sends SIGTERM to the main process, giving it time to shut down gracefully (default 10-second timeout), then sends SIGKILL. 'docker kill' sends SIGKILL (or a specified signal) immediately without waiting for graceful shutdown.
Which command removes all stopped containers, unused networks, dangling images, and build cache?
Explanation
'docker system prune' reclaims disk space by removing all stopped containers, networks not used by any container, dangling images (untagged), and the build cache. Add -a to also remove all unused images (not just dangling ones).
What is a multi-stage Docker build?
Explanation
Multi-stage builds use multiple FROM instructions in one Dockerfile. Each stage can copy artifacts from previous stages. This lets you use a large build environment (e.g., with compilers and build tools) and copy only the final binary into a small runtime image, dramatically reducing image size.
What is Docker Compose used for?
Explanation
Docker Compose uses a docker-compose.yml (or compose.yaml) file to define services, networks, and volumes for a multi-container application. 'docker compose up' starts all services defined in the file.
Which Docker Compose command starts all services defined in docker-compose.yml in detached mode?
Explanation
'docker compose up -d' builds (if needed), creates, starts, and attaches to all containers defined in the compose file. The -d flag runs everything in detached/background mode.
What does the RUN instruction do in a Dockerfile?
Explanation
RUN executes commands during the image build process. Each RUN instruction creates a new layer. For example, 'RUN apt-get update && apt-get install -y curl' installs curl into the image. CMD and ENTRYPOINT define runtime commands, not build-time commands.
How do you map port 8080 on the host to port 80 inside a container?
Explanation
The -p flag maps host:container ports. 'docker run -p 8080:80 nginx' maps host port 8080 to container port 80. So requests to localhost:8080 on the host are forwarded to port 80 inside the container.
What does docker images show?
Explanation
'docker images' (or 'docker image ls') lists all Docker images stored locally on the host, showing repository, tag, image ID, creation date, and size.
What is a dangling Docker image?
Explanation
Dangling images are layers that have no relationship to any tagged image — they appear as '<none>:<none>' in 'docker images'. They accumulate when you rebuild images and the old layers become orphaned. Remove them with 'docker image prune'.
Which Dockerfile instruction sets environment variables that are available both during build and at container runtime?
Explanation
ENV sets environment variables that persist in the image and are available when the container runs. ARG is similar but only available during the build process (not in the running container). Use ENV for runtime config, ARG for build-time parameters.
What is the purpose of the WORKDIR instruction in a Dockerfile?
Explanation
WORKDIR sets the working directory inside the container for RUN, CMD, ENTRYPOINT, COPY, and ADD instructions that follow it. If the directory doesn't exist, it's created automatically. It's equivalent to 'cd' + 'mkdir -p'.
How do you view the logs of a container named 'webserver'?
Explanation
'docker logs webserver' displays the stdout/stderr output of the container. Use -f to follow live logs, --tail N to see the last N lines, and --since to filter by time (e.g., --since 1h for the last hour).
What restart policy should you set to make a container always restart unless explicitly stopped?
Explanation
--restart unless-stopped restarts the container on failure or after Docker restarts, but NOT if it was manually stopped with 'docker stop'. Use --restart always to restart even if it was manually stopped. 'on-failure' restarts only on non-zero exit codes.
What does 'docker inspect <container>' return?
Explanation
'docker inspect' returns a detailed JSON object with low-level information about a container or image — including its configuration, networking settings, mount points, environment variables, and state. Use --format to extract specific fields.
What is a Docker registry?
Explanation
A Docker registry is a storage and distribution system for Docker images. Docker Hub is the default public registry. You can also run a private registry using the official 'registry' image. 'docker push' uploads images to a registry; 'docker pull' downloads them.
Which instruction in a Dockerfile defines the user that the container runs as?
Explanation
The USER instruction sets the user name (or UID) and optionally the group to use when running the image and for any subsequent RUN, CMD, and ENTRYPOINT instructions. Running containers as non-root is a security best practice.
What is the correct way to set a HEALTHCHECK in a Dockerfile?
Explanation
HEALTHCHECK tells Docker how to test whether the container is still working. The CMD form runs the command inside the container. If the command returns a non-zero exit code, the container is marked as unhealthy. Options include --interval, --timeout, --start-period, and --retries.