Monday, 30 June 2025

Docker

 Docker file

# Dockerfile Instructions and Their Explanation


# 1. FROM - Specifies base image (required first instruction)

# Example: Start from Ubuntu 20.04 base image

FROM ubuntu:20.04


# 2. RUN - Run shell commands during image build

# Example: Update packages and install curl

RUN apt-get update && apt-get install -y curl


# 3. CMD - Default command executed when container starts

# Example: Run a Python application

CMD ["python", "app.py"]


# 4. ENTRYPOINT - Container executable, command-line args appended

# Example: Run nginx in foreground

ENTRYPOINT ["nginx", "-g", "daemon off;"]


# 5. COPY - Copy files/directories from host to image

# Example: Copy local src directory to /app/src in image

COPY ./src /app/src


# 6. ADD - Like COPY but supports URLs and auto-extract archives

# Example: Download and extract a tarball from URL

ADD https://example.com/file.tar.gz /tmp/


# 7. WORKDIR - Set working directory for RUN, CMD, ENTRYPOINT

# Example: Set working directory to /app

WORKDIR /app


# 8. ENV - Set environment variables in the container

# Example: Set PORT environment variable to 8080

ENV PORT=8080


# 9. EXPOSE - Document which port the container listens on

# Example: Document port 80 for HTTP

EXPOSE 80


# 10. USER - Specify user (and group) to run as

# Example: Run commands as user 'appuser'

USER appuser


# 11. VOLUME - Declare mount points for external storage

# Example: Declare /data as a volume

VOLUME /data


# 12. ARG - Define build-time variables

# Example: Define build argument VERSION with default 1.0

ARG VERSION=1.0


# 13. ONBUILD - Instructions executed when this image is used as base

# Example: Copy current directory contents to /app in child build

ONBUILD COPY . /app


# 14. LABEL - Add metadata to the image as key-value pairs

# Example: Add maintainer label

LABEL maintainer="admin@example.com”



A Dockerfile is made up of a series of instructions that define how to build a Docker image. Here are the most common Dockerfile commands:

  • FROM:
     Specifies the base image to start from. Every Dockerfile must start with a FROM instruction.
     Example: FROM ubuntu:20.04

  • RUN:
     Executes commands in a new layer during build time, usually to install software or configure the image.
     Example: RUN apt-get update && apt-get install -y curl

  • CMD:
     Sets the default command to run when the container starts. Can be overridden by command line args.
     Example: CMD ["python", "app.py"]

  • ENTRYPOINT:
     Sets the main executable for the container, making the container behave like that executable. Arguments passed at runtime are appended.
     Example: ENTRYPOINT ["nginx", "-g", "daemon off;"]

  • COPY:
     Copies files or directories from the build context (local filesystem) into the image.
     Example: COPY ./src /app/src

  • ADD:
     Similar to COPY but supports remote URLs and unpacking compressed files automatically.
     Example: ADD https://example.com/file.tar.gz /tmp/

  • WORKDIR:
     Sets the working directory inside the container for subsequent commands. Creates it if it doesn't exist.
     Example: WORKDIR /app

  • ENV:
     Sets environment variables inside the container.
     Example: ENV PORT=8080

  • EXPOSE:
     Documents the port the container listens on at runtime. Does not publish the port itself.
     Example: EXPOSE 80

  • USER:
     Sets the user (and optionally group) to use when running subsequent commands and container runtime.
     Example: USER appuser

  • VOLUME:
     Declares mount points for external volumes or persistent storage.
     Example: VOLUME /data

  • ARG:
     Defines build-time variables that can be passed during the build process.
     Example: ARG VERSION=1.0

  • ONBUILD:
     Adds instructions that are executed when the image is used as a base for another build.
     Example: ONBUILD COPY . /app

  • LABEL:
     Adds metadata to the image in key-value pairs.
     Example: LABEL maintainer="admin@example.com"

Summary Table

Instruction

Purpose

FROM

Base image

RUN

Run commands at build time

CMD

Default runtime command

ENTRYPOINT

Container executable

COPY

Copy files from host

ADD

Copy files or URLs (with unpack)

WORKDIR

Set working directory

ENV

Environment variables

EXPOSE

Document exposed ports

USER

Specify user

VOLUME

Declare mount points

ARG

Build-time variables

ONBUILD

Instructions for child images

LABEL

Metadata for the image



1. What is Docker and why is it used?

Answer:
 Docker is a platform for developing, shipping, and running applications using containerization. Containers package an application and its dependencies into a single lightweight, portable unit that runs consistently across environments. Docker is used to simplify deployment, increase scalability, and enable microservices architectures.

2. Explain the difference between Docker containers and virtual machines.

Answer:

  • Containers: Share the host OS kernel, are lightweight, start fast, and use less resources. They isolate applications at the process level.

  • Virtual Machines: Include a full guest OS with dedicated resources, heavier, slower to start, and provide stronger isolation.

Containers are more efficient for microservices and development pipelines.

3. What is a Docker image? How is it different from a container?

Answer:

  • A Docker image is a read-only template with instructions to create containers, containing application code, runtime, libraries, and dependencies.

  • A container is a running instance of an image, with writable layers on top. Containers are ephemeral by default.

4. How does Docker layering work?

Answer:
 Docker images are built in layers, each representing a filesystem change (e.g., installing software, adding files). Layers are cached and reused across images, making builds faster and saving storage.

5. What is a Dockerfile? Give an example of a basic Dockerfile.

Answer:
 A Dockerfile is a text file with instructions to build a Docker image.

Example:

dockerfile


FROM python:3.9-slim

WORKDIR /app

COPY requirements.txt .

RUN pip install -r requirements.txt

COPY . .

CMD ["python", "app.py"]


6. How do you persist data in Docker containers?

Answer:
 By using volumes or bind mounts:

  • Volumes: Managed by Docker, stored outside the container filesystem, portable.

  • Bind mounts: Directly mount host directories/files into containers.

Volumes are preferred for portability and backup.

7. What is the difference between Docker volume and bind mount?

Answer:

  • Volumes: Managed by Docker, isolated from host file system, can be shared and backed up easily.

  • Bind mounts: Directly map host files/folders into containers, more dependent on host OS paths.

8. Explain how Docker networking works.

Answer:
 Docker provides several network drivers:

  • Bridge: Default network for standalone containers on a single host, provides internal IP and DNS resolution.

  • Host: Containers share the host’s network namespace (no isolation).

  • Overlay: For multi-host networking used in Swarm mode.

  • Macvlan: Assigns containers unique MAC addresses on physical networks.

9. What is Docker Compose?

Answer:
 Docker Compose is a tool to define and manage multi-container Docker applications using a YAML file (docker-compose.yml). It automates container orchestration for development environments.

10. How do you limit resources (CPU/memory) in Docker?

Answer:
 Docker allows resource limits via CLI flags or in Compose:

  • --memory limits max RAM.

  • --cpus limits CPU shares/quota.

  • --memory-swap sets swap limit.

Example:

bash

CopyEdit

docker run --memory=512m --cpus=1.0 myapp


11. How do you debug a running Docker container?

Answer:

  • Use docker logs <container> to see stdout/stderr.

  • Use docker exec -it <container> /bin/bash (or shell) to get an interactive terminal inside the container.

  • Inspect container metadata with docker inspect.

12. What is the Docker Registry?

Answer:
 A Docker Registry is a repository for Docker images. Docker Hub is the default public registry, but private registries can be hosted using Docker Registry or other services (e.g., AWS ECR, Azure ACR).

13. How do you create a private Docker registry?

Answer:
 Run the Docker registry container:

bash

CopyEdit

docker run -d -p 5000:5000 --name registry registry:2


Push images to localhost:5000/myimage. For production, secure it with TLS and authentication.

14. Explain Docker container lifecycle.

Answer:
 States include:

  • Created: Container created but not started.

  • Running: Container is executing.

  • Paused: Container paused.

  • Stopped/Exited: Container stopped but can be restarted.

  • Removed: Container deleted.

15. How do you upgrade a running Docker container?

Answer:
 Containers are immutable. Upgrade by building a new image and redeploying containers based on it. Use blue-green or rolling update strategies to minimize downtime.

16. How does Docker handle security? What are some best practices?

Answer:
 Docker isolates containers using namespaces and cgroups but shares the host kernel. Best practices include:

  • Run containers with least privilege (--user flag).

  • Use read-only root filesystem (--read-only).

  • Avoid running containers as root user.

  • Scan images for vulnerabilities.

  • Limit container capabilities.

  • Use Docker Content Trust for image signing.

17. What are Docker namespaces?

Answer:
 Namespaces provide isolation for containers, including:

  • PID: Process IDs inside container.

  • Network: Network interfaces and IPs.

  • Mount: Filesystem mount points.

  • IPC: Inter-process communication.

  • UTS: Hostname and domain.

18. What is a Docker Swarm?

Answer:
 Docker Swarm is Docker’s native clustering and orchestration tool to manage multiple Docker hosts and deploy containers at scale.

19. What is the difference between CMD and ENTRYPOINT in Dockerfile?

Answer:

  • CMD: Specifies default command arguments, can be overridden at runtime.

  • ENTRYPOINT: Defines executable to run, command-line arguments passed after ENTRYPOINT.

20. How do you handle logging in Docker?

Answer:
 Docker captures container stdout and stderr streams. Logs can be accessed with docker logs. Docker supports different logging drivers (e.g., json-file, syslog, fluentd) for forwarding logs.

21. How do you build a Docker image efficiently?

Answer:

  • Use small base images (alpine vs ubuntu).

  • Leverage layer caching by ordering Dockerfile instructions from least to most frequently changing.

  • Use multi-stage builds to reduce final image size.

  • Avoid installing unnecessary packages.

22. What is a multi-stage Docker build?

Answer:
 A multi-stage build uses multiple FROM statements in a Dockerfile to build intermediate images and copy only the needed artifacts into the final image. This minimizes the final image size.

23. What is the difference between docker run and docker exec?

Answer:

  • docker run creates and starts a new container.

  • docker exec runs a command in an existing running container.

24. How do you update environment variables in a running container?

Answer:
 You cannot update environment variables in a running container directly. Instead, update the environment variables in the Dockerfile or Compose file and redeploy the container.

25. How do you handle container orchestration beyond Docker?

Answer:
 While Docker provides basic container runtime and Swarm, many organizations use Kubernetes for advanced orchestration: scheduling, scaling, self-healing, service discovery, and configuration management.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)