1) What is docker compose?

Docker Compose is a tool used for defining and running multi-container Docker
applications. With Compose, you can configure your application’s services, networks, and
volumes in a single YAML file, typically named docker-compose.yml. This makes it easier
to manage and orchestrate multiple containers that work together.

Basic Commands

1. docker-compose up
o Starts the services defined in the docker-compose.yml file. It creates
containers, networks, and volumes as needed. Use -d to run in detached
mode (in the background).
o Example: docker-compose up -d
2. docker-compose down
o Stops and removes the containers, networks, and volumes created by
docker-compose up.
o Example: docker-compose down
3. docker-compose build
o Builds the images defined in the Compose file. Use this command when
you change any Dockerfile or dependencies.
o Example: docker-compose build
4. docker-compose start
o Starts existing containers for the services defined in the Compose file.
o Example: docker-compose start
5. docker-compose stop
o Stops running containers without removing them. You can start them
again later.
o Example: docker-compose stop
6. docker-compose restart
o Stops and then starts the services again.
o Example: docker-compose restart

Service Management

7. docker-compose logs
Displays the logs from the services. You can specify a service name to view
o
logs for just that service.
o Example: docker-compose logs or docker-compose logs web
8. docker-compose exec
o Executes a command in a running container. Useful for running
commands like bash or a database client.
o Example: docker-compose exec web bash
 9. docker-compose ps
o Lists the containers that are part of the Compose application, showing
their status.
o Example: docker-compose ps

Additional Options

11.docker-compose pull
o Pulls the images for the services defined in the Compose file from a
Docker registry.
o Example: docker-compose pull
12.docker-compose push
o Pushes the built images for the services to a Docker registry.
o Example: docker-compose push

Help and Version

13.docker-compose --version
o Displays the installed version of Docker Compose.
o Example: docker-compose --version
14.docker-compose help
o Lists all available commands and their usage.
o Example: docker-compose help

2) Explain types of networking in docker

→ Docker includes a networking system for managing communications between containers,
your Docker host, and the outside world.
→ Docker networks configure communications between neighboring containers and
external services.
→ Containers must be connected to a Docker network to receive any network connectivity.
→ The communication routes available to the container depend on the network connections
it has. Docker network isolates the containers from the internet therefore serves as an
extra layer of security.

Docker comes with built-in network drivers that implement core networking functionality:

1. Bridge –
→ When a container is created without specifying the kind of driver, the container will only
be created in the bridge network, which is the default network.
 → Bridge networks create a software-based bridge between your host and the container.
→ Containers connected to the network can communicate with each other, but they’re
isolated from those outside the network.
→ Each container in the network is assigned its own IP address. Because the network’s
bridged to your host, containers are also able to communicate on the internet.

2. host -
→ Containers will not have any IP address they will be directly created in the system network
which will remove isolation between the docker host and containers.
→ They aren’t allocated their own IP addresses, and port binds will be published directly to
your host’s network interface. This means a container process that listens on port 80 will
bind to <your_host_ip>:80.

3. null –
→ IP addresses won’t be assigned to containers. These containers are not accessible to us
from the outside or from any other container.
→ Null network keeps the container in complete isolation that is they are not connected to
any network or container.
→ This network is generally used to run batch jobs which are scheduled programs that are
assigned to run without any further interaction.

4. overlay –
→ overlay network will enable the connection between multiple Docker demons and make
different Docker swarm services communicate with each other.
→ Overlay networks are distributed networks that span multiple Docker hosts.
→ The network allows all the containers running on any of the hosts to communicate with
each other without requiring OS-level routing support.
→ Overlay networks implement the networking for Docker Swarm clusters, but you can also
use them when you’re running two separate instances of Docker Engine with containers
that must directly contact each other. This allows you to build your own Swarm-like
environments.
Commands:

 docker network ls --> To list the networks

 docker network create <network_name> --> TO create a network
 docker network create <network_name> --subnet <CIDR> --> To create a network with
custon CIDR
 docker run -itd --network <network_name> <image_name> --> To create a conatiner
under a specific network
 docker network connect <network_name> <container_name/container_ID> --> To
connect a container to other network
 docker network disconnect<network_name> <container_name/container_ID> --> To
disconnect a container from network
 docker run --network host <image_name>  No need to publish any port
We can access using container using port which are exposed in docker file
Ex:
docker run -itd --net host jenkins/Jenkins
 docker run -itd --network none <image name> – null network

3) Difference between Entry point and CMD in docker file

 Combination: You can use both together. If you use both ENTRYPOINT and CMD, CMD
provides default arguments to the ENTRYPOINT.
 Behavior:

→ If you define only CMD, you can specify a command when you run the container, and
that command will be executed.
→ If you define only ENTRYPOINT, that command will always run, regardless of what
you specify at runtime.
 4) Explain multi stage build
Multi-stage builds in Docker are a technique that allows you to use multiple FROM
statements in a single Dockerfile. This approach enables you to separate the build
environment from the runtime environment, resulting in smaller and more efficient
Docker images.

Here’s a Dockerfile that uses multi-stage builds:

# Stage 1: Build
FROM maven:3.8.1-openjdk-11 AS builder

# Set the working directory

WORKDIR /app

# Copy the pom.xml and source code

COPY pom.xml .
COPY src ./src

# Package the application

RUN mvn clean package

# Stage 2: Runtime
FROM openjdk:11-jre-slim

# Set the working directory

WORKDIR /app

# Copy the packaged JAR file from the builder stage

COPY --from=builder /app/target/my-java-app-1.0-SNAPSHOT.jar app.jar

# Expose the application port (optional)

EXPOSE 8080

# Run the application

CMD ["java", "-jar", "app.jar"]

Explanation of the Dockerfile

 1. Stage 1: Build
o Base Image: Uses a Maven image with JDK for building the application.
o Working Directory: Sets /app as the working directory.
o Copy Files: Copies pom.xml and the source code to the image.
o Build Command: Runs mvn clean package to build the application and produce a
JAR file.
2. Stage 2: Runtime
o Base Image: Uses a slim OpenJDK image for running the application.
o Working Directory: Sets the working directory to /app.
o Copy JAR: Copies the generated JAR file from the builder stage to the runtime
image.
o Expose Port: Optionally exposes port 8080 for the application.
o Run Command: Specifies the command to run the JAR file.

5) Which are the instructions create image layes in docker file

Creates Layers: FROM, RUN, COPY, ADD, ENV, LABEL, USER, WORKDIR, VOLUME.
Does Not Create Layers: CMD, ENTRYPOINT, EXPOSE, HEALTHCHECK, SHELL.

6) Explain types of volumes in docker

Volumes in Docker are a mechanism for persisting and managing data generated by and
used by Docker containers. They allow data to exist outside of the container’s
filesystem(i.e. created on the host), ensuring that data is not lost when containers are
stopped or removed. This allows sharing data within containers by importing volume
directory in other containers.

Data volumes provide several useful features:

• Data volumes persist even if the container itself is deleted.
• Data volumes can be shared and reused among containers.
• Changes to a data volume can be made directly.
• Volumes can be initialized when a container is created.

→ Docker volumes provide persistent storage for your containers.

→ Docker manages the data in your volumes separately to your containers.
→ Volumes can be attached to multiple containers simultaneously, remain accessible after
the containers they’re mounted to are stopped, and can be centrally managed using the
Docker CLI.
→ Mount a volume whenever your containerized applications need to permanently store
filesystem changes.
→ Data stored in volumes is protected against container failures and restarts, but changes
to any other paths in the container will be lost.
1.Docker Volumes:

→ Volumes are a mechanism for storing data outside containers.

→ All volumes are managed by Docker and stored in a dedicated directory on your host,
usually /var/lib/docker/volumes for Linux systems.
→ Volumes are mounted to filesystem paths in your containers.
→ When containers write to a path beneath a volume mount point, the changes will be
applied to the volume instead of the container’s writable image layer.
→ The written data will still be available if the container stops – as the volume’s stored
separately on your host, it can be remounted to another container or accessed directly
using manual tools.

2. Bind Mounts:
→ Bind mounts are another way to give containers access to files and folders on your host.
→ They directly mount a host directory into your container. Any changes made to the
directory will be reflected on both sides of the mount, whether the modification
originates from the host or within the container.
→ Bind mounts are best used for ad-hoc storage on a short-term basis. They’re convenient
in development workflows.

For example: bind mounting your working directory into a container automatically synchronizes
your source code files, allowing you to immediately test changes without rebuilding your Docker
image. Volumes are a better solution when you’re providing permanent storage to operational
containers. Because they’re managed by Docker, you don’t need to manually maintain
directories on your host. There’s less chance of data being accidentally modified and no
dependency on a particular folder structure. Volume drivers also offer increased performance
and the possibility of writing changes directly to remote locations.

7) What Are Docker Volumes?

 Persistent Storage: Volumes provide a way to store data that persists even after the
container is stopped or deleted. This is crucial for databases and applications that require
data retention.
 Managed by Docker: Docker manages the lifecycle of volumes, which makes it easier to
back up and restore data.

Key Features of Docker Volumes

 1. Isolation: Volumes are stored in a part of the host filesystem that is managed by Docker
(/var/lib/docker/volumes/ on Linux). This provides isolation from the
container's filesystem.
2. Performance: Using volumes generally offers better performance for I/O operations
compared to using bind mounts or copying data into containers.
3. Sharing Data: Volumes can be shared between multiple containers. This is useful for
scenarios where multiple services need access to the same data.
4. Backup and Restore: Volumes can be easily backed up and restored, allowing for data
persistence beyond the lifecycle of a container.
5. Declarative Management: You can define volumes in your Docker Compose files,
making it easier to manage multi-container applications.

Creating and Using Volumes

1. Creating a Volume
docker volume create my_volume
2. Using a Volume in a Container

To use a volume when running a container, you can specify it with the -v or --mount option.

Using -v Option:

docker run -d -v my_volume:/data my_image

Using --mount Option (more explicit and recommended for complex configurations):

docker run -d --mount type=volume,source=my_volume,target=/data

my_image
3. Inspecting a Volume

To get detailed information about a volume, you can use:

docker volume inspect my_volume

4. Listing Volumes

To list all Docker volumes on your host:

docker volume ls
5. Removing a Volume

To remove a volume that is no longer needed:

docker volume rm my_volume

 8) Three key component of using containezation benefits?

The key components of containerization benefits include:

 Portability: Applications can run consistently across different environments.

 Scalability: Easily scale services up or down based on demand.
 Resource Efficiency: Containers share the host OS kernel, leading to lower overhead.
 Isolation: Applications run in isolated environments, minimizing conflicts.

9) What is the difference between -itd , -it and -d?

 -it: Runs the container interactively with a terminal attached (useful for debugging).
 -d: Runs the container in detached mode, allowing it to run in the background.
 -itd: Combines both; the container runs interactively in the background.

10) while running the container the containers is not running error comings how to trouble
shoot it? or
Your workload deployed in docker containers now you noticed one container is
continuously restarting so what will be approach what are the commands you use,how
will you troubleshoot?

If a container fails to run, here are steps to troubleshoot:

 1. Check Container Status:
o Run docker ps -a to list all containers, including stopped ones. Look for the
status of your container.
2. View Logs:
o Use docker logs <container_id> to access the logs of the container.
This can help identify startup errors or other issues.
3. Inspect the Container:
o Run docker inspect <container_id> to get detailed information about
the container’s configuration and environment. Look for any misconfigurations.
4. Check Exit Code:
o After inspecting, check the exit code using docker inspect
<container_id> --format='{{.State.ExitCode}}'. An exit code
of 0 means success; any other code indicates an error.
5. Check Resource Limits:
o Ensure your container has enough resources (CPU, memory) allocated. You may
need to adjust settings in your Docker daemon or Compose file.
6. Validate Docker Compose File:
o If using Docker Compose, run docker-compose config to validate your
docker-compose.yaml file for any syntax errors or misconfigurations.
7. Try to Start Manually:
o If the container is set to restart automatically, try to start it manually with docker
start <container_id> and see if it provides more output.
8. Check for Dependencies:
o If the container relies on other services, ensure those services are running and
accessible.

11) What is dangling images?

Dangling images are layers in Docker that are not associated with any tagged images. They
typically arise during the image build process when intermediate layers are created but not
tagged or when an image is updated and the previous version is left without a tag.

Characteristics of Dangling Images:

 No Tag: They have a <none> tag and are not referenced by any running container or
application.
 Space Consumption: They can consume disk space unnecessarily, as they represent
unused layers.
 Common Cause: Dangling images are often a result of failed builds or repeated builds
that overwrite previous images.

How to Identify and Remove Dangling Images:

 Identify: You can list dangling images using the command:

 docker images -f "dangling=true"

 Remove: To remove all dangling images, you can run:

docker image prune

12) Explain docker system prune

The docker system prune command is a powerful tool for cleaning up unused Docker
resources. It helps to reclaim disk space by removing stopped containers, unused networks,
dangling images, and optionally, unused volumes.

What It Does:

1. Stops and Removes Stopped Containers: Any container that is not currently running will
be removed.
2. Removes Unused Networks: Networks that are not connected to any containers will be
deleted.
3. Cleans Up Dangling Images: It removes images that are not tagged or associated with
any containers.
4. Optional Volume Removal: By default, it does not remove unused volumes, but you can
include this by using the --volumes flag.

Command Syntax:
docker system prune

Cleans up unused data, including stopped containers, unused networks, dangling images, and build cache.

docker system prune

 Options:
o -a, --all: Remove all unused images, not just dangling ones.
o -f, --force: Do not prompt for confirmation.
o --volumes: Remove all unused volumes.

2. Prune Containers

Removes all stopped containers.

docker container prune

 Options:
o -f, --force: Do not prompt for confirmation.

3. Prune Images

Removes dangling images (images not tagged and not referenced by any container).

docker image prune

  Options:
o -a, --all: Remove all unused images, not just dangling ones.
o -f, --force: Do not prompt for confirmation.

4. Prune Networks

Removes unused networks.

docker network prune

 Options:
o -f, --force: Do not prompt for confirmation.

5. Prune Volumes

Removes all unused volumes.

docker volume prune

 Options:
o -f, --force: Do not prompt for confirmation.

13) Where did from dangling images accumulated?

Dangling images accumulate primarily in the following situations:

1. Image Builds: When you build an image, intermediate layers are created. If the build is
interrupted or a new build is done, old, untagged layers become dangling.
2. Image Updates: Pulling a new version of an image may leave behind layers that are no
longer tagged, turning them into dangling images.
3. Failed Builds: If a build fails after some layers are created, those layers can become
dangling because they aren’t part of a successful image.
4. Image Deletion: Removing a tagged image can leave behind layers that are no longer
referenced, causing them to become dangling.

Storage Location

Dangling images are stored in Docker's storage directory, usually at:

 Linux: /var/lib/docker
 Windows: C:\ProgramData\Docker
 macOS: Managed through Docker Desktop.

Cleanup

To remove dangling images, you can run:

docker image prune

For a broader cleanup of all unused images, use:

docker system prune -a

14) Can we download images without having tags?

Yes, you can download images without specifying a tag. If you pull an image without a tag,
Docker defaults to the latest tag.

docker pull ubuntu

This command will pull the ubuntu:latest image.

Important Notes:

 Using Tags: It’s generally best practice to specify a tag to ensure you get the exact
version you need (e.g., ubuntu:20.04), as using latest may lead to unexpected
changes if the image is updated.
 No Tagged Version: If the image doesn’t have a latest tag or if you try to pull an
image that doesn’t exist, Docker will return an error.

15) What is donot have file name docker-compose.yaml and what is use docker-
service.yaml or docker-api request.yaml?

If you don't have a file named docker-compose.yaml, you can still use Docker Compose
with alternative YAML file names, such as docker-service.yaml or docker-api-
request.yaml. However, you need to specify the file when running Docker Compose
commands.

Usage:

To use a different YAML file, you can use the -f option followed by the file name. For
example:

docker-compose -f docker-service.yaml up

This command tells Docker Compose to use docker-service.yaml instead of the default
docker-compose.yaml.

Purpose of Alternative YAML Files:

 docker-service.yaml: This file might be used to define specific services in your

application, similar to a typical docker-compose.yaml.
 docker-api-request.yaml: This file could be designed to manage API-related
services or configurations, serving a specific purpose based on your application’s
architecture.
Using custom-named YAML files can help organize your configurations based on different
environments, services, or use cases. Just remember to specify the correct file name when
running commands.

16) i have compose file i have three services those are dependent spinning the service 1
before service2 and spinning the srervice 2 before service 3?

To manage service dependencies in your Docker Compose file so that Service 1 starts before
Service 2, and Service 2 starts before Service 3, you can use the depends_on keyword in
your docker-compose.yaml file.
version: '3.8' # or the version you are using

services:
service1:
image: your_service1_image
# Additional configuration for service1

service2:
image: your_service2_image
depends_on:
- service1 # Ensures service1 starts before service2

service3:
image: your_service3_image
depends_on:
- service2 # Ensures service2 starts before service3

17) i have work load on docker i do not want to secrete hard code i am not show secrete in
docker file how to handle this?

Environment variables can be set in Docker in several ways. Here’s how to do it:

1. In docker-compose.yaml

You can define environment variables directly in your Docker Compose file:

yaml
Copy code
version: '3.8'
services:
myservice:
 image: your_image
environment:
- MY_ENV_VAR=value
- ANOTHER_VAR=${ANOTHER_VAR} # Referencing an external
variable
2. Using a .env File

You can create a .env file in the same directory as your docker-compose.yaml. This file
can store environment variables:

MY_ENV_VAR=value
ANOTHER_VAR=another_value

Then, reference these variables in your docker-compose.yaml:

yaml
Copy code
version: '3.8'
services:
myservice:
image: your_image
environment:
- MY_ENV_VAR
- ANOTHER_VAR
3. Using the Command Line

You can also set environment variables when running a container with the docker run
command:

bash
Copy code
docker run -e MY_ENV_VAR=value your_image

Advantages of Using Environment Variables

1. Configuration Management: They allow you to easily change configuration settings

without modifying the code or Dockerfile. This is especially useful for different
environments (development, testing, production).
2. Security: Sensitive information (like API keys or passwords) can be kept out of your
codebase, reducing the risk of accidental exposure.
3. Flexibility: You can pass different values at runtime, making your containers more
adaptable to different scenarios.
4. Simplifies Builds: By using environment variables, you can keep your Dockerfile clean
and avoid hardcoding values, making it easier to maintain.
5. Separation of Concerns: They help separate application code from configuration,
adhering to best practices in application development.
 18) How to versioning in docker images?

versioning in Docker is maintained through the use of tags and a few best practices. Here’s how
it works:

1. Image Tags

 Each Docker image can have one or more tags that identify its version.
 Tags are assigned when you build or push an image. For example:

docker build -t my_image:1.0 .

 You can also have a latest tag for the most recent version, but it's important to use
specific version tags for clarity.

2. Semantic Versioning

 Follow a versioning scheme like Semantic Versioning (SemVer), which uses the format
major.minor.patch:
o Major: Introduces breaking changes.
o Minor: Adds features in a backward-compatible manner.
o Patch: Includes backward-compatible bug fixes.

19) why we not use root user as user? why we use ?how it do it?
1. Security Risks

 Privilege Escalation: If a container running as root is compromised, an attacker may gain

root access to the host system, especially if the container has certain permissions or is
running in privileged mode.
 Isolation: Docker containers are isolated, but running as root can lead to unintentional
actions affecting other containers or the host.

2. Best Practices

 Principle of Least Privilege: It's a best practice in security to run applications with the
least amount of privilege necessary to function. This reduces the potential impact of a
security breach.

20) Complications in Migrating from Monolithic to Microservices

1. Decomposition Complexity:
o Breaking the monolith into services is difficult and requires careful planning.
2. Data Management:
 o Each service may need its own database, which can lead to data consistency
issues.
3. Communication Overhead:
o Services need to communicate over a network, which can introduce latency and
requires reliable APIs.
4. Deployment Challenges:
o Managing multiple services complicates deployment and often requires
orchestration tools like Kubernetes.
5. Monitoring and Logging:
o Tracking performance and logs across many services can be complex.
6. Cultural Resistance:
o Shifting to microservices often requires changes in team structure and practices,
which can meet resistance.
7. Testing Complexity:
o Testing interactions between services is more complicated than testing a single
application.

21) What is the basic difference between legacy monolithic and microservices
architecture what are disadvantages and advantages?

The basic difference between legacy monolithic architecture and microservices architecture lies in how
applications are structured and deployed.

Monolithic Architecture

Definition: A monolithic application is built as a single, unified unit. All components, including the user
interface, business logic, and data access, are tightly coupled and deployed together.

Advantages:

1. Simplicity: Easier to develop, test, and deploy initially since everything is in one place.
2. Performance: Lower latency in inter-component communication since all components are in the same process.
3. Ease of Deployment: Only one artifact to manage, simplifying the deployment process.

Disadvantages:

1. Scalability Issues: Scaling requires duplicating the entire application, which can lead to inefficiencies.
2. Tight Coupling: Changes in one part can affect the entire system, making updates risky and time-consuming.
3. Technology Lock-in: Difficult to adopt new technologies since everything is integrated.
4. Maintenance Challenges: As the application grows, the codebase can become complex and harder to manage.
Microservices Architecture

Definition: Microservices architecture breaks applications into smaller, independent services that communicate
over APIs. Each service focuses on a specific business capability and can be developed, deployed, and scaled
independently.

Advantages:

1. Scalability: Individual services can be scaled independently based on demand.

2. Flexibility in Technology: Teams can choose different technologies for different services, allowing for more
innovation.
3. Improved Fault Isolation: Failures in one service do not directly affect others, increasing overall system
resilience.
4. Faster Time to Market: Smaller teams can develop, test, and deploy services independently, speeding up
delivery.

Disadvantages:

1. Complexity: Increased complexity in managing multiple services, including deployment, monitoring, and inter-
service communication.
2. Data Management: Managing data consistency across services can be challenging, especially in distributed
systems.
3. Network Latency: Communication over the network introduces latency and can complicate debugging.
4. Operational Overhead: Requires sophisticated DevOps practices, including orchestration and management of
multiple services.

22) why everybody moving to microservices than monolithic?

Organizations are moving to microservices over monolithic architectures for several reasons:

1. Scalability: Microservices can be scaled independently, optimizing resource use.

2. Technology Flexibility: Different services can use different technologies best suited for their tasks.
3. Faster Deployment: Teams can deploy services independently, speeding up release cycles.
4. Fault Isolation: Failures in one service don’t affect the entire application.
5. Team Autonomy: Smaller, focused teams can work independently on services.
6. Easier Maintenance: Incremental updates are simpler, reducing risk.
7. Alignment with DevOps: Supports CI/CD practices effectively.
8. Cloud Compatibility: Well-suited for cloud environments and container orchestration.

23) why docker containers are called immutable?what does it mean?

Docker containers are called immutable because they are designed to be unchangeable once created. This
means:

1. Stateless: Changes made to a running container aren't saved back to the image.
2. Consistency: Every new container starts from the same base image, ensuring a consistent environment.
3. Deployment Ease: Updates require creating new images instead of modifying existing containers.
4. Scalability: Containers can be easily replicated without concerns about their state.
5. Rollback Simplicity: Reverting to a previous version is easy by redeploying an older image.
 24) You are using docker ,how do you ensure your container using immutable images
what is the setup that ensures that?

To ensure your Docker containers use immutable images, follow these practices:

1. Versioned Images: Tag images with specific version numbers instead of using latest.
2. Use Dockerfile: Build images using a Dockerfile for consistency.
3. Immutable Infrastructure: Avoid modifying existing containers; deploy new images for updates.
4. CI/CD Pipelines: Implement automated CI/CD processes for building and deploying images.
5. Image Scanning: Use tools to scan images for vulnerabilities before deployment.
6. Container Orchestration: Use tools like Kubernetes or Docker Swarm to manage and enforce policies.
7. External Configuration: Keep configuration data outside the container.
8. Private Registry: Use a private Docker registry to manage and store approved images.

25) You have 30 to 40 containers,In your docker setup it is not possible to come and check
status by docker ps -a,so,is there any way that you can implement something in your
setup, basically can we check health check for your containers?

To monitor the health of your Docker containers, you can:

1. Use Docker Health Checks: Add a HEALTHCHECK instruction in your Dockerfile to define health
checks.

Dockerfile
Copy code
HEALTHCHECK --interval=30s CMD curl -f http://localhost/ || exit 1

2. Check Status: Use docker ps to see the health status (e.g., healthy, unhealthy).
3. Container Orchestration: Use tools like Kubernetes (readinessProbe, livenessProbe) or Docker
Swarm for built-in health checks.
4. Monitoring Tools: Integrate solutions like Prometheus or Grafana for tracking and alerts.
5. Log Aggregation: Use tools like the ELK Stack for real-time log monitoring.

26) What do you mean one server for one service?

The phrase "one server for one service" refers to a deployment strategy in microservices architecture where each
microservice runs on its own dedicated server (or container)

27) I have my docker containers,and my instance as certain limit of memory and I noticed
my memory utilization is 80,90 percent now how will you investigate what is
happening?

To investigate high memory utilization in your Docker containers:

1. Check Overall Usage: Use docker stats to see memory usage for all containers.
2. Inspect Individual Containers: Use docker inspect <container_id> for detailed info on specific
containers.
3. Check Logs: Review logs with docker logs <container_id> for errors or unusual behavior.
4. Analyze Processes: Enter the container using docker exec -it <container_id> /bin/bash and
check memory usage with tools like top or htop.
5. Review Application Code: Look for memory leaks or inefficiencies in the application.
6. Set Resource Limits: Consider adding memory limits to containers using --memory.
 7. Monitor Swapping: Check swap usage with free -m to see if it's impacting performance.
8. Review Host Memory: Check the host's overall memory usage using free -m or top.

28) Can you tell me how scaling works in docker?

Scaling in Docker involves increasing or decreasing the number of running container instances
for a service. This can be achieved using Docker Compose or Docker Swarm.

 Docker Compose: You can specify the number of replicas of a service using the scale
option in your docker-compose.yml file.
 Docker Swarm: You can manage multiple Docker hosts as a single virtual host. Using
docker service scale, you can adjust the number of replicas for a service.

29) Is there any command to manually scaling,is there any way to automate?

Manual Scaling

 Using Docker Compose:

docker-compose up --scale <service_name>=<number>

Example:

docker-compose up --scale web=5

 Using Docker Swarm:

docker service scale <service_name>=<number>

Example:

docker service scale my_service=5

Automation

 Using Orchestration Tools: Tools like Kubernetes or Docker Swarm can automate scaling
based on resource utilization, traffic load, or other metrics.
 Monitoring Tools: Integrate monitoring solutions (like Prometheus, Grafana) with auto-
scaling policies to adjust the number of container replicas automatically based on
metrics.

30) best practices you suggest why configuring docker network?

 Use User-Defined Networks: Create custom networks for better isolation and control over
communication between containers.
 Limit Container Communication: Restrict inter-container communication only to those that
need to communicate.
 Use Overlay Networks for Multi-host: In Docker Swarm, use overlay networks to enable
containers on different hosts to communicate.
 Maintain Network Security: Use firewall rules and proper network configurations to limit
access to containers.

 Document Network Configurations: Keep clear documentation of your network

architecture for troubleshooting and management.

31) what happens when I set docker network to null?

If you set a Docker container’s network to null, the container will not be connected to any
network. Here’s what happens:

 Isolation: The container will be isolated from all other containers and will not have
access to the external network, including the host network.
 Inaccessibility: Any services running within the container will not be accessible from
outside the container. You won't be able to communicate with it via IP addresses.
 Default Network: If no network is specified and it defaults to null, Docker usually
connects the container to the default bridge network, but explicitly setting it to null
might lead to undefined behavior.

32) what are batch and schedule jobs which null network uses?

With a null network, you can run the following types of batch and scheduled jobs:

Batch Jobs

1. Data Processing Jobs: Analyze or transform data stored locally (e.g., CSV files).
2. Image Processing: Apply filters or transformations to local images.
3. Log Analysis: Process and analyze log files stored on the local filesystem.
4. File Backup: Create backups of local files without needing network access.

Scheduled Jobs

1. Automated Cleanup: Periodically delete temporary files or archives.

2. Data Export: Generate and save reports or summaries at scheduled intervals.
3. Local Monitoring: Run scripts that check system health or resource usage.
4. Batch Data Imports: Schedule local data imports from files into databases without
network dependencies.
 33) how 2 containers will communicate in same network?

Two containers on the same Docker network can communicate by:

1. Using Container Names: They can resolve each other's names automatically. For
example:

curl http://containerB:port

2. Using IP Addresses: They can use each other's IP addresses directly:

curl http://172.18.0.2:port

34) what makes container is different from EC2 with respect to data

Containers and EC2 instances differ in data management as follows:

1. Ephemeral vs. Persistent:

o Containers: Generally ephemeral; data is lost when containers stop unless external
storage is used.
o EC2: Can have persistent storage (e.g., EBS volumes) that retains data even if the
instance stops.
2. Data Management:
o Containers: Usually rely on external databases or object storage for data.
o EC2: Can manage local data directly on the instance.
3. Scaling and Consistency:
o Containers: Scaling can complicate data consistency since containers are stateless.
o EC2: Easier to maintain state with local storage.
4. Networking:
o Containers: Often use APIs for data sharing between containers.
o EC2: Can share data through mounted file systems or shared drives.

35) their are 2 conatiners if you delete container1 and stop container to what
happens to of containers how to retrieve

Effects

1. Container1 Deletion:
oIf you delete Container1, its filesystem and any data stored within it (unless it was
using a Docker volume) are permanently lost.
2. Stopping Container2:
o Stopping Container2 simply halts its execution. The container can be restarted
later, and its filesystem will remain intact unless deleted.
Data Retrieval

 If Container1 Used Volumes:

o If Container1 used a Docker volume to store data, the data in the volume will still
be available. You can create a new container and attach the same volume to access
the data.
 If No Volumes Were Used:
o If Container1 did not use volumes and was using its ephemeral filesystem, the data
is irretrievable once the container is deleted.

36) What is the command to check container logs?

docker logs <container_name_or_id>

37) How to check specific container resource utilization?

docker stats <container_name_or_id>

38) Difference between docker stats and docker inspect command.

Answer:

 docker stats: This command provides real-time statistics about the resource usage
of running containers, including CPU, memory, network I/O, and disk I/O.
 docker inspect: This command returns detailed information about a container (or
image), such as its configuration, network settings, mounts, and state. It provides a
comprehensive view but not real-time resource usage.

39) how woud you publish same container with two ports

Expose conatainer ports in dockerfile

docker run -d -p 80:80 -p 8080:8080 --name my-container my-image

40) what is the use of tagging image

Tagging a Docker image is important for:

1. Version Control: Identifies different versions (e.g., myapp:1.0).

2. Environment Differentiation: Distinguishes between environments (e.g.,
myapp:production).
3. Clarity: Provides context about the image's purpose.
4. Rollback Capability: Enables easy rollback to previous versions.
5. CI/CD Integration: Helps manage builds and deployments in automated pipelines.
.

41) Think that you have 2 containers a and b you want to connect each securely
how to do

To securely connect two containers (A and B), you can follow these steps:

1. Use a User-Defined Network

Create a user-defined bridge network. This ensures that the containers can communicate
securely and privately.

docker network create my-secure-network

2. Run Containers on the Same Network

Start both containers and connect them to the created network:

docker run -d --name containerA --network my-secure-network my-

imageA
docker run -d --name containerB --network my-secure-network my-
imageB

3. Use Secure Communication Protocols

 Use HTTPS or SSL/TLS: If your applications support it, configure them to use HTTPS
or SSL/TLS for secure communication between the containers.

4. Implement Firewall Rules

Consider using Docker's built-in features or external tools to set up firewall rules to limit traffic
between containers and to control which services can be accessed.

5. Use Environment Variables for Secrets

Pass sensitive information (like passwords) through environment variables securely:

docker run -d --name containerA --network my-secure-network -e

DB_PASSWORD=mysecretpassword my-imageA

42) Diff between application server and web server

1. Definition

 Web Server: Serves static content (HTML, CSS, JavaScript, images) and handles HTTP
requests from clients (browsers).
 Application Server: Hosts and executes dynamic web applications, managing business
logic and database interactions.

2. Content Served

 Web Server: Primarily serves static content directly to users.

 Application Server: Generates dynamic content by executing server-side scripts or
applications.

3. Functionality

 Web Server: Primarily focuses on HTTP requests and responses, often acting as a
reverse proxy to application servers.
 Application Server: Provides additional services such as transaction management,
messaging, and security for running applications.

4. Examples

 Web Server: Apache HTTP Server, Nginx.

 Application Server: Tomcat, JBoss, WebLogic.

5. Communication

 Web Server: Communicates directly with clients using HTTP.

 Application Server: Often communicates with web servers (or directly with clients) and
may use additional protocols (like RMI, JMS).

44)How are you going to connect database and webserver securely in docker
network?
to securely connect a database and a web server in a Docker network, follow these steps:

1. Create a User-Defined Network

Use a user-defined bridge network to allow secure communication between the containers.

docker network create my-secure-network

2. Run the Database Container

Start your database container on the secure network. Use environment variables to pass
sensitive information.

docker run -d --name my-database --network my-secure-network -e

MYSQL_ROOT_PASSWORD=mysecretpassword mysql

3. Run the Web Server Container

Start your web server container on the same network, ensuring it can communicate with the
database.

docker run -d --name my-webserver --network my-secure-network

my-webserver-image

4. Use Environment Variables for Credentials

Pass the database credentials to the web server as environment variables, keeping them out of
the source code.

docker run -d --name my-webserver --network my-secure-network -e

DB_HOST=my-database -e DB_USER=root -e
DB_PASSWORD=mysecretpassword my-webserver-image

5. Use Secure Communication Protocols

If your database supports it, enable SSL/TLS for database connections to encrypt data in transit.

6. Limit Access with Firewall Rules

Consider using firewall rules or Docker’s built-in features to restrict access to the database
container only to the web server.

7. Regular Security Audits

Regularly review your security configurations and update passwords and access controls.
 45) Think that there are some traffic spikes ,you are doing manually increasing
containers,how will you scale the containers?
Ans- docker swam,to set replicas

46) Think that you have hosted 5 containers out of which some are failing?what is the
reason?
Ans- check logs

47)How you secure docker containers?

to secure Docker containers, follow these practices:

1. Use Official Images: Start with trusted images from reliable sources.
2. Regularly Update Images: Keep images up to date with security patches.
3. Minimize Image Size: Use minimal base images to reduce the attack surface.
4. Implement User Namespaces: Enable user namespaces for added isolation.
5. Set Resource Limits: Use --memory and --cpus to limit resource usage.
6. Use Docker Secrets: Manage sensitive data securely.
7. Network Security: Isolate containers and restrict access with firewalls.
8. Scan for Vulnerabilities: Use tools like Trivy to identify vulnerabilities.
9. Enable Logging and Monitoring: Track container activity with logging solutions.
10. Secure the Docker Daemon: Limit access with TLS and authorized users.
11. Avoid Running as Root: Run applications as non-root users.
12. Use Security Benchmarks: Follow benchmarks like CIS Docker for best practices.

48)Drawbacks of docker compose?

Here are the drawbacks of using Docker Compose:

1. Limited to Local Development: Best for local testing, not ideal for production without orchestration
tools.
2. Complexity with Large Apps: Can become unwieldy for very large applications.
3. Single Host Limitation: Runs on a single host, not suitable for distributed systems.
4. Lacks Advanced Resource Management: No automatic scaling or load balancing features.
5. Dependency Management Issues: Handling complex service dependencies can be challenging.
6. Networking Constraints: May complicate integration with external services.
7. Limited Monitoring and Logging: Requires external tools for observability.
8. Performance Overhead: Running many services can impact performance.

49)How you going to monitor all docker containers?

To monitor all Docker containers, use the following approaches:

1. Docker Stats: Use docker stats for real-time resource metrics.

2. Centralized Logging: Implement logging solutions like the ELK Stack or Fluentd for aggregated logs.
3. Monitoring Tools: Utilize tools like Prometheus (for metrics) and Grafana (for visualization), or cloud
solutions like Datadog.
4. Orchestration Tools: Leverage monitoring features in Kubernetes or Docker Swarm.
5. Alerts: Set up alerts for key metrics (CPU, memory usage).
6. Health Checks: Implement Docker health checks to ensure containers are running properly.
7. Network Monitoring: Use tools like cAdvisor or Weave Scope to monitor network interactions.