Some notable drawbacks of Docker are:
Doesn't provide a storage option
Offer a poor monitoring option.
No automatic rescheduling of inactive Nodes
Complicated automatic horizontal scaling set up
What is Docker Engine?
Docker daemon or Docker engine represents the server.
Docker Engine is supported by the following components:
- Docker Engine REST API
- Docker Command-Line Interface (CLI)
- Docker Daemon
Explain the Docker components
Docker Client: This component executes build and run operations to communicate with the Docker Host.
Docker Host: This component holds the Docker Daemon, Docker images, and Docker containers. The daemon sets up a connection to the Docker Registry.
Docker Registry: This component stores Docker images. It can be a public registry, such as Docker Hub or Docker Cloud, or a private registry.
Memory-swap is a
Explain Docker Swarm?
Docker Swarm is native gathering for docker which helps you to a group of Docker hosts into a single and virtual docker host. It offers the standard docker application program interface.
Docker Swarm is native clustering for Docker.It turns a pool of Docker hosts into a single, virtual Docker host.
Docker Swarm is an open-source container orchestration tool that is integrated with the Docker engine and CLI. If you want to use Docker Swarm, you should use the overlay network driver. Using an overlay network enables the Swarm service by connecting multiple docker host daemons together.
What is Dockerhub ?
Docker hub is a cloud-based registry that which helps you to link to code repositories. It allows you to build, test, store your image in Docker cloud.
Explain Docker object labels
Docker object labels is a method for applying metadata todocker objects including, images, containers, volumes, network, swam nodes, and services.
You can use labels to organize your images, record licensing information, annotate relationships between containers, volumes, and networks, or in any way that makes sense for your business or application.
How can you run multiple containers using a single service?
By using docker-compose, you can run multiple containers using a single service. All docker-compose files usesyaml language.
Does Docker offer support for IPV6?
Yes, Docker provides supportIPv6 . IPv6 networking is supported only on Docker daemons runs on Linux hosts.
Can you lose data when the container exits?
No, any data that your application writes to disk get stored incontainer . The file system for the contain persists even after the container halts.
A Docker image can be exported as an archive via the docker save command.
The exported Docker image can then be imported to another Docker host via the docker load command:
What is the default Docker network driver, and how can you change it when running a Docker image?
Docker provides different network drivers like bridge, host, overlay, and macvlan. bridge is the default.
What is a Docker image? What is a Docker image registry?
A Docker image consists of many layers. Each layer corresponds to a command in an image’s Dockerfile. This image provides isolation for an application when you run a Docker image as a container.
A Docker image registry is a storage area for Docker images. You can get images from them instead of building them.
What is Docker
Docker hub is a cloud-based registry that which helps you to link to code repositories. It allows you to build, test, store your image in Docker cloud.
Explain Docker object labels
Docker object labels is a method for applying metadata to
You can use labels to organize your images, record licensing information, annotate relationships between containers, volumes, and networks, or in any way that makes sense for your business or application.
How can you run multiple containers using a single service?
By using docker-compose, you can run multiple containers using a single service. All docker-compose files uses
Does Docker offer support for IPV6?
Yes, Docker provides support
Can you lose data when the container exits?
No, any data that your application writes to disk get stored in
- What is the use of the docker save and docker load commands?
A Docker image can be exported as an archive via the docker save command.
The exported Docker image can then be imported to another Docker host via the docker load command:
What is the default Docker network driver, and how can you change it when running a Docker image?
Docker provides different network drivers like bridge, host, overlay, and macvlan. bridge is the default.
What is a Docker image? What is a Docker image registry?
A Docker image consists of many layers. Each layer corresponds to a command in an image’s Dockerfile. This image provides isolation for an application when you run a Docker image as a container.
A Docker image registry is a storage area for Docker images. You can get images from them instead of building them.
What is a DockerFile?
Docker uses the instructions in the Dockerfile to automatically build images.
Is there any problem with just using the latest tag in a container orchestration environment? What is considered best practice for image tagging?
The problem is if you push a new image with just the latest tag, you lose your old image and your deployments will use the new image.
What is Docker Compose?
Docker Compose is a tool that lets you define multiple containers and their configurations via a YAML or JSON file.
Docker Compose is a YAML file which contains details about the services, networks, and volumes for setting up the Docker application. So, you can use Docker Compose to create separate containers, host them and get them to communicate with each other.
use a JSON file instead of a YAML file for the Docker Compose file.
- What is a Docker Container?
Docker containers include the application and all of its dependencies. It shares the kernel with other containers, running as isolated processes in user space on the host operating system.Docker containers are basically runtime instances of Docker images.
- think of containers as runtime instances of Docker images.
- use the underlying system’s CPU and memory to perform tasks.
- any containerized application can run on any platform regardless of the underlying operating system
Docker containers include the application and all of its dependencies. It shares the kernel with other containers, running as isolated processes in user space on the host operating system
- What are Docker Images?
- Will you lose your data, when a docker container exists?
The file system for the container persists even after the container halts.
What is Docker Machine?
Docker machine is a tool that lets you install Docker Engine on virtual hosts.Docker machine also lets you provision Docker Swarm Clusters.
What’s the difference between virtualization and containerization?
Virtualization helps us run and host multiple operating systems on a single physical server. In virtualization, hypervisors give a virtual machine to the guest operating system. The VMs form an abstraction of the hardware layer so each VM on the host can act as a physical machine.
Containers form an abstraction of the application layer, so each container represents a different application.
Containerization provides us with an isolated environment for running our applications.
- What is the functionality of a hypervisor?
A hypervisor, or virtual machine monitor, is software that helps us create and run virtual machines
Native: Native hypervisors, or bare-metal hypervisors, run directly on the underlying host system. It gives us direct access to the hardware of the host system and doesn’t require a base server operating system.
Hosted: Hosted hypervisors use the underlying host operating system.
A vCPU is a VM thread (see cpu in the “VM Configuration Reference” chapter). These vCPUs appear to a guest just like physical CPUs. A guest's scheduling algorithm can't know that when it is migrating execution between vCPUs it is switching threads, not physical CPUs
This switching between threads can degrade performance of all the guests and the overall system. This is especially common when VMs are configured with more vCPUs than there are physical CPUs on the hardware.
Specifically, if in the hypervisor host there are more threads (including vCPU threads) ready to run than there are physical CPUs available to run them, the hypervisor host scheduler must apply its priority and scheduling policies (round-robin, FIFO, etc.) to decide which threads to run. These scheduling policies may employ preemption and time slicing to manage threads competing for physical CPUs.
Every preemption requires a guest exit, context switch and restore, and a guest entrance (see “Guest exits”). Thus, inversely to what usually occurs with physical CPUs, reducing the number of vCPUs in a VM can improve overall performance: less threads will compete for time on the physical CPUs, so the hypervisor will not be obliged to preempt threads (with the attendant guest exits) as often. In brief, fewer vCPUs in a VM may sometimes yield the best performance.
Virtual CPU’s can be allocated to a virtual machine. The amount of virtual processors available are determined by the number of cores available on the hardware.
It is important not to allow a running container to consume too much of the host machine’s memory. On Linux hosts, if the kernel detects that there is not enough memory to perform important system functions, it throws an OOME, or Out Of Memory Exception, and starts killing processes to free up memory. Any process is subject to killing, including Docker and other important applications. This can effectively bring the entire system down if the wrong process is killed.
By default, Docker does not apply any CPU limitations. Containers can all of the hosts given CPU power.
Virtual machines are considered a suitable choice in a production environment, rather than Docker containers since they run on their own OS without being a threat to the host computer. But if the applications are to be tested then Docker is the choice to go for, as Docker provides different OS platforms for the thorough testing of the software or an application.
- Sharing sockets with docker-compose
Create common volume
Connect the socket position of the container with the socket you want to refer to the common volume
Mount the common volume on the referencing container
The following is an example of connecting a certain API server to MySQL.
a want to run a bunch of applications that inside containers (for security and management reasons), and these applications need to speak to a mysql server (via a unix domain socket – which just appears to be a file on the filesystem.
I also want to run the mysql server inside a container – so the mechanics of getting a socket shared between them are a little non-trivial.
A Unix domain socket or IPC socket (inter-process communication socket) is a data communications endpoint for exchanging data between processes executing on the same host operating system
/var/run/docker.sock is the Unix domain socket . Sockets are used in your favorite Linux distribution, allowing different processes to communicate with each other. Like everything in Unix, sockets are files. In Docker,/var/run/docker.sock is the way to communicate with the main Docker process. Because it is a file, we can share it with other containers.
When you start Docker and share the socket, you give the container permission to manipulate the Docker host. Your container can now start or stop other containers, drag in or create images on the Docker host, and even write to the host file system
X11 applications may fail due to failures in sharing sockets with containers created by the master container. There seems to be no problem sharing sockets between the vnc container and the master, but when the master creates a container and names its volume, the socket is not functional.
Didn’t know that sockets could be mounted.
I’m starting the Jenkins container with the following command
Jenkins is running and “sees” a change in the repository
It thens tries to build and run a docker container by using the binded Docker socket.
/var/run/docker.sock is a Unix domain socket. Sockets are used in your favorite Linux distro to allow different processes to communicate with one another. Like everything in Unix, sockets are files, too. In the case of Docker, /var/run/docker.sock is a way to communicate with the main Docker process and, because it's a file, we can share it with containers.
- Differentiate between COPY and ADD commands that are used in a Dockerfile?
COPY provides just the basic support of copying local files into the container whereas ADD provides additional features like remote URL and tar extraction support
Can a container restart by itself?
it is possible only while using certain docker-defined policies while using the docker run command.
Can you tell the differences between a docker Image and Layer?
Image: This is built up from a series of read-only layers of instructions. An image corresponds to the docker container and is used for speedy operation due to the caching mechanism of each step.
Layer: Each layer corresponds to an instruction of the image’s Dockerfile. In simple words, the layer is also an image but it is the image of the instructions run.
What is the purpose of the volume parameter in a docker run command?
docker run -v /data/app:usr/src/app myapp
mounts the directory /data/app in the host to the usr/src/app directory.
The volume parameter is used for syncing a directory of a container with any of the host directories
sync the container with the data files from the host without having the need to restart it
ensures data security in cases of container deletion
even if the container is deleted, the data of the container exists in the volume mapped host location making it the easiest way to store the container data.
Where are docker volumes stored in docker?
Volumes are created and managed by Docker and cannot be accessed by non-docker entities.
Can you differentiate between Daemon Logging and Container Logging?
Daemon Level: This kind of logging has four levels- Debug, Info, Error, and Fatal.
Container Level:
docker logs <container_id>
What is the best way of deleting a container?
- docker stop <container_id>
- docker rm <container_id>
- Can you tell the difference between CMD and ENTRYPOINT?
CMD command provides executable defaults for an executing container.
ENTRYPOINT specifies that the instruction within it will always be run when the container starts.
This command provides an option to configure the parameters and the executables
If the DockerFile does not have this command, then it would still get inherited from the base image mentioned in the FROM instruction
- Docker Layer Caching (DLC) can reduce Docker image build times on CircleCI.
Docker Layer Caching (DLC) is a great feature to use if building Docker images is a regular part of your CI/CD process. DLC will save image layers created within your jobs, rather than impact the actual container used to run your job.
DLC caches the individual layers of any Docker images built during your CircleCI jobs, and then reuses unchanged image layers on subsequent CircleCI runs, rather than rebuilding the entire image every time. In short, the less your Dockerfiles change from commit to commit, the faster your image-building steps will run.
As Docker is processing your Dockerfile to determine whether a particular image layer is already cached it looks at two things: the instruction being executed and the parent image.
Docker will scan all of the children of the parent image and looks for one whose command matches the current instruction. If a match is found, docker skips to the next instruction and repeats the process.
If a matching image is not found in the cache, a new image is created
Since the cache relies on both the instruction being executed and the image generated from the previous instruction it should come as no surprise that changing any instruction in the Dockerfile will invalidate the cache for all of the instructions that follow it. Invalidating an image also invalidates all the children of that image.
How to reduce the size of Docker Images
Use a .dockerignore file to remove unnecessary content from the build context
Try to avoid installing unnecessary packages and dependencies
Keep the layers in the image to a minimum
Use alpine images wherever possible
Use Multi-Stage Builds, which I am going to talk about in this article.
The multi-stage build is the dividing of Dockerfile into multiple stages to pass the required artifact from one stage to another and eventually deliver the final artifact in the last stage.
Previously, when we didn’t have the multi-stage builds feature, it was very difficult to minimize the image size. We used to clean up every artifact (which isn’t required) before moving to the next instruction as every instruction in Dockerfile adds the layer to the image. We also used to write bash/shell scripts and apply hacks to remove the unnecessary artifacts.
https://blog.logrocket.com/reduce-docker-image-sizes-using-multi-stage-builds/
https://circleci.com/docs/2.0/docker-layer-caching/
https://www.ctl.io/developers/blog/post/caching-docker-images
https://www.edureka.co/blog/interview-questions/docker-interview-questions/#DockerAdvancedQuestionshttps://www.toptal.com/docker/interview-questions
https://www.guru99.com/docker-interview-questions.html
https://www.educative.io/blog/top-40-docker-interview-questions
https://www.interviewbit.com/docker-interview-questions/
https://raw.githubusercontent.com/kubernetes/website/master/content/en/examples/application/nginx-app.yaml
https://www.interviewbit.com/docker-interview-questions/
https://raw.githubusercontent.com/kubernetes/website/master/content/en/examples/application/nginx-app.yaml
https://www.ctl.io/developers/blog/post/tutorial-understanding-the-security-risks-of-running-docker-containers
https://forums.docker.com/t/using-docker-in-a-dockerized-jenkins-container/322/9
https://nps.edu/web/c3o/support1
https://blog.fearcat.in/a?ID=01000-18e50b57-7ac9-4466-83ce-e3904cca07bc
https://en.wikipedia.org/wiki/Unix_domain_socket
http://bobtfish.github.io/blog/2013/10/06/read-only-bind-mounts-and-docker/
https://titanwolf.org/Network/Articles/Article?AID=33d13422-4d43-4955-9610-c0461ea53678
https://cloudacademy.com/blog/docker-vs-virtual-machines-differences-you-should-know/
https://docs.docker.com/config/containers/resource_constraints/
https://www.fastvue.co/tmgreporter/blog/understanding-hyper-v-cpu-usage-physical-and-virtual/
https://www.qnx.com/developers/docs/7.0.0/#com.qnx.doc.hypervisor.user/topic/perform/vcpu.html
https://stackoverflow.com/questions/41582969/how-does-docker-images-and-layers-work
https://www.edureka.co/blog/interview-questions/docker-interview-questions/
Thanks for posting. Its an Important topic to be read.
ReplyDeleteKubernetes Online Training
Docker Online Training
Docker Training in Hyderabad
Kubernetes Training in Hyderabad