Skip to content

Docker Interview Questions - Intermediate

How to use these interview questions

๐Ÿง  Read each question carefully.

Try answering it yourself before expanding the answer to compare with the ideal response.

Level: Intermediate

๐ŸŸก Practical Applications & Troubleshooting.

Focus on real-world scenarios, debugging, optimization, and deeper configuration.

What is Docker Compose and why is it used?

Docker Compose is a tool for defining and running multi-container Docker applications. It uses a YAML file (docker-compose.yml) to configure the application's services.

Key benefits: - Define your entire application stack in a single file. - Spin up the entire environment with a single command (docker-compose up). - Isolates environments (Project name support). - Preserves volume data when containers are created.

Explain the difference between docker run and docker start.
  • docker run: Creates a new container from an image and starts it. It creates a writeable container layer over the specified image and then starts it using the specified command.
  • docker start: Starts one or more stopped containers. It does not create a new container.
What are Docker Volumes and why are they preferred over Bind Mounts?

Docker Volumes are the preferred mechanism for persisting data generated by and used by Docker containers.

Why Volumes over Bind Mounts: - Volumes are easier to back up or migrate. - You can manage volumes using Docker CLI commands or the Docker API. - Volumes work on both Linux and Windows containers. - Volumes can be more safely shared among multiple containers. - Volume drivers let you store volumes on remote hosts or cloud providers.

How does Docker networking work? Explain the default network drivers.

Docker uses a pluggable networking architecture. The default drivers are: - Bridge (default): The default network driver. Containers on the same bridge network can communicate. Used for standalone containers. - Host: Removes network isolation between the container and the Docker host. The container shares the host's networking namespace. - None: Disables all networking for the container. - Overlay: Enables swarm services to communicate with each other across multiple Docker daemons (hosts). - Macvlan: Allows you to assign a MAC address to a container, making it appear as a physical device on your network.

How can you check the logs of a container that stopped unexpectedly?

You can use the docker logs command.

docker logs <container_id_or_name>

To see the timestamps: 

docker logs -t <container_id_or_name>

What is a dangling image and how do you remove it?

A dangling image is an image that is not tagged and is not referenced by any container. They often appear as <none>:<none> when you list images. They are typically intermediate layers from old builds.

To remove them: 

docker image prune

How do you restart a Docker container automatically?

You can use the --restart flag with the docker run command.

Restart policies: - no: Do not automatically restart the container. (Default) - on-failure: Restart only if the container exits with a non-zero exit status. - always: Always restart the container regardless of the exit status. - unless-stopped: Always restart the container unless it was arbitrarily stopped (by docker stop).

What is the purpose of .dockerignore file?

The .dockerignore file allows you to exclude files and directories from the build context. This helps to: - Reduce the image size (by not copying unnecessary files like .git, node_modules, temporary files). - Speed up the build process (less data to send to the Docker daemon). - Improve security (avoid including secrets or sensitive files).

Explain the difference between COPY and ADD in a Dockerfile.
  • COPY: Copies new files or directories from <src> and adds them to the filesystem of the container at the path <dest>. It is preferred for mostly all use cases where you just need to move local files into the image.
  • ADD: Similar to COPY, but has extra features:
    • It allows <src> to be a URL.
    • It automatically extracts tar files (.tar, .tar.gz, .tgz, .zip, etc.) into the destination.

Best Practice: Use COPY unless you specifically need the extra functionality of ADD.

How to limit memory and CPU for a container?

You can specify resource limits during docker run.

Memory limit: 

docker run -d --memory="512m" nginx

CPU limit: 

docker run -d --cpus="1.5" nginx
(This limits the container to use at most 1.5 CPUs).

What is a Docker Registry?

A Docker Registry is a storage and distribution system for named Docker images. The same image might have multiple different versions, identified by their tags.

  • Docker Hub is the default public registry.
  • You can run your own private registry using the registry image.
How do you login to a private Docker registry? 
docker login [registry_url]

You will be prompted for username and password. To run non-interactively (e.g., in CI/CD): 

docker login -u [username] -p [password] [registry_url]
(Note: Using -p on CLI is insecure; use --password-stdin for better security).

Whats the difference between EXPOSE and PUBLISH?
  • EXPOSE (Dockerfile Instruction): Docs documentation. It keeps the image author intent that the container listens on specific ports. It strictly does not publish the port.
  • PUBLISH (-p or -P in docker run): Actually maps the container port to the host port, making it accessible from outside.
How to optimize Docker Image size?
  • Use smaller base images (e.g., alpine).
  • Use Multi-stage builds.
  • Combine RUN commands to reduce layers.
  • Use .dockerignore files.
  • Clean up apt/yum caches after installing packages in the same RUN instruction.
  • Remove unnecessary tools/files.
What happens to data in a container when the container ceases to exist?

By default, any data written to the container's writable layer is deleted when the container is removed (docker rm). To persist data, you must use Volumes or Bind Mounts.

๐Ÿ“ฌ DevopsPilot Weekly โ€” Learn DevOps, Cloud & Gen AI the simple way.
๐Ÿ‘‰ Subscribe here

How do you view the logs of a container?

docker logs <container_id>

How do you restart a container?

docker restart <container_id>

How do you rename a container?

docker rename <old_name> <new_name>

How do you remove unused objects (prune)?

docker system prune

What is the command to login to a registry?

docker login [server] (default is Docker Hub).

How do you copy files between host and container?

docker cp <src> <dest>

How do you inspect container details (JSON)?

docker inspect <container_id>