Docker FAQ #

  • Q: What is the use of EXPOSE 8080 command in Dockerfile?
    • Documents that the container listens on port 8080, but does NOT publish the port.
    • You still need to map the port using -p or --publish
  • Q: How can you run commands in a container?
    • This gives you an interactive shell inside the container: docker exec -it <container-name> /bin/bash
  • Q: How can I build images without using cached layers?
    • Forces Docker to re-execute all layers without using the cache: docker build --no-cache -t my-image .
  • Q: How do you remove all stopped containers, unused networks, volumes, and images?
    • Use it with caution docker system prune -a
  • Q: How can you profile resource usage (CPU, memory) of containers?
    • Start with docker stats. (For deeper insights, integrate with Prometheus/Grafana)
  • Q: Why is my container exiting immediately?
    • Because Docker containers run a single main process. If that process ends, the container exits.
      • Main process defined in the CMD or ENTRYPOINT in the Dockerfile
      • If the main process is NOT a long-running process, the container would exit immediately (Ex: python script.py)
    • Common causes:
      • Your CMD runs a short-lived script (e.g., python script.py)
      • You’re using a minimal base image (like alpine) without an interactive shell
      • CMD or ENTRYPOINT is misconfigured
      • πŸ”§ Tip: Use docker run -it ubuntu /bin/bash to keep the container running and interact with it.

Give Examples of Minimal Docker Base Images #

Image Type Size Shell? Detailed Description Use Case
scratch 0 MB ❌ No An empty base image with nothing at all. You must add everything, including libraries. Ultra-minimal containers with statically compiled apps - necessary library code is included directly within the executable at build time (e.g., Go, Rust)
busybox ~1 MB Yes Minimalist Linux distribution with basic Unix utilities. Often used for simple containers or base tools. Tiny containers for scripting, testing
alpine ~5 MB Yes Lightweight Linux distro with apk package manager. Very popular for size-conscious apps. Lightweight containers in development and production (Java, Node.js, Python)
distroless ~10–30 MB ❌ No Maintained by Google. Contains only application runtime dependencies β€” NO shell, NO package manager, minimal footprint. Secure, hardened production deployments (Go, Java, .NET, Node.js)
debian-slim ~22 MB Yes Slimmed-down version of the standard Debian image. For teams familiar with Debian needing troubleshooting or compatibility

How would you troubleshoot a container if it is not running? #

  • Check for Missing or Incorrect Environment Variables: The container may fail if essential environment variables are not set or incorrectly defined
  • Review the Container's Command or Entrypoint: A misconfigured CMD or ENTRYPOINT can cause the container to exit immediately.
  • Diagnose Volume Mount Issues: Permissions errors or missing volume paths may prevent the container from starting
  • Inspect Container Logs: Inspect logs to identify runtime errors or crash messages:
    docker logs <container_id>
  • Inspect Container Configuration: Examine environment variables, mounted volumes, and networking settings:
    docker inspect <container_id>
  • Check Real-Time Events: Monitor low-level container lifecycle events for issues during startup
    docker events --filter container=<container_id> --since 2m
  • Verify Resource Usage and Limits: Ensure the container is not constrained by CPU, memory, or I/O limits
    docker stats <container_id>
  • Examine Docker Engine Logs: Look for system-level or daemon-related failures affecting container behavior
    # works on most modern Linux distributions
# Ubuntu, CentOS, Debian
journalctl -u docker.service

How Do Namespaces and Control Groups Enable Container Isolation? #

Namespaces β€” What You Can See and Access

  • Namespaces: Namespaces are a Linux kernel feature that provides process-level isolation.
    • This is what makes containers appear as separate environments, even though they share the same kernel.
  • Process View: Namespaces ensure each container only sees its own processes by isolating process IDs
  • Network Separation: Namespaces provide each container with its own network interfaces, IP addresses, and ports
  • File System Independence: Namespaces give containers their own view of file system mount points
  • Hostname and Domain: Namespaces isolate hostname and domain name settings for each container
  • Inter-process Communication (IPC): Namespaces control how processes communicate within each container
  • User and Group IDs: Namespaces set separate user and group identities for security and management

Control Groups (CGroups) β€” What You Can Use

  • CGroups: Control Groups allow the kernel to limit, measure, and control resource usage per container
    • Without CGroups, a single container could consume all system resources and affect other containers or the host.
  • Key Capabilities of CGroups:
    • CPU Limits β€” Restrict CPU shares or quota per container
    • Memory Limits β€” Prevent a container from exhausting system RAM
    • Disk I/O Limits β€” Control read/write throughput
    • Process Limits β€” Cap the number of processes (PIDs)
    • Network Bandwidth β€” Limit container-level bandwidth

Summary

  • Lightweight Virtualization: Combining Namespaces and CGroups creates isolated environments similar to virtual machines but with less system overhead

How can you run Containers in the Cloud? #

Deployment Method Description AWS Azure Google Cloud
Self-Managed on VMs (IaaS) Install Docker manually on VMs and run containers directly EC2 with Docker Azure Virtual Machines Compute Engine with Docker
Serverless Containers Run containers without managing servers; billed per request or execution AWS Fargate (via ECS/EKS) Azure Container Instances (ACI) Cloud Run
Platform as a Service (PaaS) Deploy by pushing code or images ⚠️ Elastic Beanstalk (Docker support) ⚠️ Azure App Service (Containers) ⚠️ App Engine
Managed Container Orchestration Run containers at scale using Kubernetes (or ECS) Amazon EKS (Kubernetes)
Amazon ECS (Fargate or EC2)		 Azure Kubernetes Service (AKS) Google Kubernetes Engine (GKE)
Container Registry Store and Manage Your Container Images ECR (Elastic Container Registry) ACR (Azure Container Registry) Artifact Registry (Recommended) / Container Registry