- What is Docker?

● Docker is an open-source containerization platform.

● To build the containers or to manage the lifecycle of the containers.
● In the interview, you can say that you have used “Docker” to build the docker
images and, write some docker files, run the Docker containers, and push them
into Registries.

- How are the Containers different from Virtual Machines?

● Containers are lightweight because they don’t have a complete Operating

system, but, they have very minimal system dependencies that are required to
run your application.

●
● In the image, you can see that you are installing a Docker platform, on top of it,
we are creating the containers, on the other side, once you install Hypervisor on
top of it you have a “Virtual Machine” which has a guest operating system.
● OS in the Virtual Machine are very heavy and the image size will go very high.

- What is a Docker Lifecycle?

● Users would create a Dockerfile with a set of Instructions or commands that
define a Docker Image. For example, which base image to choose? What
dependencies should be installed for the application to run? Etc.

●
● Docker images act as a set of instructions to build a Docker container. It can be
compared to a snapshot in a VM.

- What are the different Docker components?

●
● So the client is nothing but the docker that you are trying to install is the docker
Client. So using client, what you will do, is when you install docker, right? You
install something called a docker daemon or docker host. So, if you are trying to
install docker on your laptop, you install docker desktop for Windows, docker
desktop for Windows, docker desktop for Linux, or docker desktop for Mac.

● Let's say If you look at this diagram here, there is a client. What is a client? Client
 Is your docker CLI command, as a user, you have executed docker build. What
happens is this request is received by the docker daemon. Okay, so, what is a
docker daemon? The Docker daemon is the heart of Docker.

● Okay. And this master will execute the request that you have sent. For example,
you are running a docker build. So daemon will try to take this action, It will
understand. Ok, this is the docker file, this is the docker, build command that the
user has given me now, I have to perform docker build and create an image.

● Some people might want to have an external docker registry that is very personal
to your organisation, or you want to create your own docker, registry, then you
can create one docker. A container registry is again a container that can you
know essentially be used to pull push your images or pull your images.

- What is the difference between Docker COPY and Docker ADD?

● Docker ADD can copy the files from the URL, unlike Docker COPY which can
only copy files from the host system into the container.
● Let's say you want to copy the source code from your file system, from your
laptop, from your easy to instance, into the container. In such cases. You will use
the docker copy command.
● So, they are fairly different, there is no similarity between them.

- What is the difference between the CMD and Entrypoint in Docker?

● CMD is the default command executed when the container starts, while
ENTRYPOINT defines the executable file and its arguments. In short, CMD
specifies what to run, while ENTRYPOINT specifies how to run it.

- What are the networking types in Docker and what is the default?
● The default networking in the Docker is Bridge.
● However, you can change the default type and configure one of the
1. Bridge
2. Overlay
3. Host
4. MacVlan
● In the Bridge Network, a Virtual Ethernet or V8 or Docker zero network is created
using which a container can access your host network. For Example: If your user
tries to access the application through your host to the application that is inside
the container, the user will try to access your host, and from there using Virtual
Ethernet or Docker zero network, the user will try to access the application that is
inside your container when you do port mapping, this is the default methodology.

- Can you explain how to isolate the networking between the containers?

● To isolate networking between containers, use Docker's network modes. Create

a custom bridge network for your containers to communicate within the network
while keeping them isolated from the host and other networks. Use the following
Docker commands:

1. **Create a Custom Bridge Network:**

- bash
docker network create mynetwork

2. **Run Containers on the Custom Network:**

- bash
docker run --network=mynetwork --name=container1 image1
docker run --network=mynetwork --name=container2 image2
● This ensures that `container1` and `container2` can communicate over the
`mynetwork` bridge network while remaining isolated from external networks and
the host. Adjust container configurations as needed, and utilize container names
or IP addresses for communication within the custom network.

- What is a multistage build in Docker?

● Multistage build allows you to build your docker container in multiple stages
allowing you to copy artifacts from one stage to another. The major advantage of
this is to build the lightweight containers.
● Example : You have a multi-tier application, and the final image will be one jar file
or one ER file, so with front end, you will have dependencies with react or node
etc. you will install the packages depending on the Language you are using, like,
for Java you will install JDK and JRE. The image size will go over 1 GB. In the
multi-stage build, in the last stage, you can simply copy the binaries or the
executable, and in the final stage, just install the Java runtime. Now you can see
the image size reduced dramatically.

- What are distro-less images in Docker?

● Distro-less images in Docker are like lightweight containers built without a full
operating system. Imagine them as stripped-down versions containing only
essential libraries and tools required to run your application. These images
offer several benefits:
● Smaller size: Faster download and deployment due to their minimal size.
● Security: Reduced attack surface due to fewer components.
● Portability: Run consistently across different environments due to minimal
dependencies.
● Think of them as minimal environments focusing purely on running your
application efficiently.
- Real time challenges with Docker?
● Docker is a single daemon process. Which can cause a single point of failure,
If the Docker Daemon goes down for some reason all the applications are
down.
● Docker Daemon runs as a root user. Which is a security threat. Any process
running as a root can have adverse effects. When it is comprised for security
reasons, it can impact other applications or containers on the host.
● Resource constraints : If you’re running too many containers on a single host,
you may experience issues with resource constraints. This can result in slow
performance or crashes.
- What steps would you take to secure containers?
● Use Distroless or Images with not too many packages as your final image in
multi stage build, so that there is less chance of CVE (Common Vulnerabilities
and Exposures) or security issues.
● Ensure that the networking is configured properly. This is one of the most
common reasons for security issues. If required, configure custom bridge
networks and assign them to isolate containers.
● Use utilities like Sync, to scan your container images.