A focused set of Docker interview questions with concise, correct answers, covering images vs containers, the Dockerfile, volumes, networking, Compose, and best practices. Useful for interview prep or screening candidates.
What is Docker? A platform for packaging applications and their dependencies into portable containers that run consistently across environments.
Container vs virtual machine? A VM virtualizes hardware and runs a full guest OS (heavy, minutes to boot). A container shares the host kernel and isolates only the process/filesystem (lightweight, starts in milliseconds).
Image vs container? An image is an immutable, layered template. A container is a running (or stopped) instance of an image, you can start many containers from one image.
What is the Docker daemon?
dockerd, the background service that builds, runs, and manages containers. The docker CLI talks to it over an API.
What are image layers? Each Dockerfile instruction creates a read-only layer. Layers are cached and shared between images, making builds and pulls efficient. The container adds a thin writable layer on top.
Explain a basic Dockerfile.
FROM node:20-alpine # base image
WORKDIR /app
COPY package*.json ./
RUN npm ci # install deps (cached layer)
COPY . .
EXPOSE 3000
CMD ["node", "server.js"] # default processCMD vs ENTRYPOINT?
ENTRYPOINT sets the fixed executable; CMD provides default arguments (overridable at docker run). Use ENTRYPOINT for the binary, CMD for default args.
COPY vs ADD?
COPY just copies files. ADD also unpacks local tarballs and fetches URLs, prefer COPY unless you need those extras.
Why order Dockerfile instructions carefully? Layer caching: put rarely-changing steps (dependency installs) before frequently-changing ones (source copy) so cache is reused and rebuilds are fast.
What is a multi-stage build?
Using multiple FROM stages to build in one image and copy only the artifacts into a small final image, drastically reduces image size.
FROM golang:1.22 AS build
RUN go build -o app
FROM alpine
COPY --from=build /app /appHow do you persist data?
With volumes. Container filesystems are ephemeral; named volumes (-v data:/path) and bind mounts survive container removal.
Volume vs bind mount? Volumes are managed by Docker (portable, preferred for data). Bind mounts map a host directory directly (handy for development).
What are the Docker network types?
- bridge, default, isolated network on the host.
- host, shares the host's network stack (no isolation).
- none, no networking.
- overlay, multi-host networking (Swarm/Compose).
How do containers talk to each other? On a user-defined bridge or Compose network, containers reach each other by service/container name via Docker's built-in DNS.
What is Docker Compose?
A tool to define and run multi-container apps with a single docker-compose.yml and docker compose up.
Docker vs Kubernetes? Docker builds and runs containers on one host; Kubernetes orchestrates containers across a cluster (scaling, self-healing, service discovery). They're complementary.
How do you reduce image size?
Use small base images (alpine/distroless), multi-stage builds, combine RUN steps, and add a .dockerignore.
Why not run as root in a container?
Security, a container breakout as root maps to host root. Add a non-root USER.
What is the difference between docker stop and docker kill?
stop sends SIGTERM then SIGKILL after a grace period (clean shutdown); kill sends SIGKILL immediately.
Are containers stateless? By design they should be, store state in volumes or external services so containers stay disposable and replaceable.
| Topic | Can they explain… |
|---|---|
| Image vs container | template vs instance |
| Layers & caching | Dockerfile ordering |
| CMD vs ENTRYPOINT | binary vs args |
| Multi-stage builds | smaller images |
| Volumes | persistence |
| Networking | bridge/host/overlay + DNS |
Maintained by the team at EchoGlobal. Hiring Docker talent? See our curated lists of Top Docker Developers, Top Kubernetes Developers, and Top DevOps Engineers on GitHub, or hire pre-vetted engineers in days.