Docker Interview Questions and Answer Part – 14

What is the function of this command?
docker search apache/ubuntu

  • It will search your local Docker client environment for images related to either apache or ubuntu.
  • It will search Docker Hub for images related to both apache and ubuntu. (Ans)
  • It will search your local Docker client environment for images related to both apache and ubuntu.
  • It will search Docker Hub for images related to either apache or ubuntu.

For security, the Docker website uses encryption certificates to ________.

  • secure the computers of local Docker clients
  • ensure that all images uploaded to Docker Hub are free of malware
  • ensure that all “docker run” operations are valid
  • secure connections between the website and clients (Ans)

What is the role of apache2ctl in this command?
docker run -d -p 80:80 webserver /usr/sbin/apache2ctl -D FOREGROUND

  • apache2ctl will launch a new Docker container as a backend server to your main container.
  • apache2tcl will run the Apache webserver software package when the container boots. (Ans)
  • apache2ctl will check to make sure the Apache webserve software package is properly installed on a container.
  • apache2ctl is the name of a Docker image.

Which of these commands will associate a network interface with a Docker container?

  • docker attach network newnet
  • docker network connect newnet newname (Ans)
  • docker network connect newname newnet
  • docker net connect newname newnet

How do you configure a repository in DTR to allow it to be signed by one or more UCP users?

  • Using the DTR Web UI: select ‘Content Trust’ for the repo and add the UCP users who can sign.
  • Using the Docker client: initialize the snapshot, rotate the root key, add delegation imports.
  • Using the Notary client: initialize the repo, make the snapshot key user-managed, add delegation targets. (Ans)

For a repo with content trust delegations configured, how do you sign an image?

  • Set DOCKER_CONTENT_TRUST=TRUE on the client, then docker sign and enter your UCP key passphrase.
  • Run docker push to upload the image, then upload your private key in the DTR Web UI to sign it.
  • Set DOCKER_CONTENT_TRUST=1 on the client, then docker push and enter your UCP key passphrase. (Ans)

What is the difference between a ‘service’ and an ‘application’ in UCP?

  • A service runs as a single task on each node in the cluster; an application can run as one or more tasks spread throughout the cluster.
  • A service has one or more tasks created from a single image; an application is a distributed solution with containers created from many images. (Ans)
  • A service is a system-level component, like the UCP agent or the DTR Notary server; an application is a user-level component created through the Web UI.

How are global services and replicated services different?

  • Global services are restricted so only UCP administrators can see and manage them, replicated services can be secured using role-based access control.
  • Global services are workloads which run on the UCP servers but are not containers, they are application processes which Docker doesn’t manage.
  • Global services run a single task on each UCP node, replicated services run one or more tasks spread across all nodes. (Ans)

How do you deploy an distributed application in UCP?

  • You can build an installer into a Docker image and upload it to DTR, then run a container from the image in UCP.
  • You can copy a Docker Compose file into the Web UI and UCP will deploy all the resources.
  • You can create networks and volumes manually, then start containers in the correct dependency order. (Ans)

Can you install Docker Datacenter with the free, open-source Docker engine?

  • No, DDC requires the commercially supported engine, which is licensed with DDC. (Ans)
  • Yes, but you need to add Docker’s CA cert into your host’s certificate store.
  • Yes, provided you are using version 1.12 of the open-source engine.

How do you install UCP and DTR once you have the commercially-supported Docker engine installed?

  • The installers are images on the Docker Hub; to install just run containers from docker/ucp and docker/dtr. (Ans)
  • Packaged installers are available for all major Linux distros; in debian just run apt-get install docker-ddc.
  • Download an installer from Docker’s website, which is an image archive, then uncompress and run as a container.

What’s the difference between Docker repositories and Docker registries?

  • A repository can only store images built for one OS, a registry can store images for many OSes
  • A repository stores many versions of an image, a registry stores many repositories (Ans)
  • A registry is a store for images, a repository is a store for containers running on a host

What does Docker Datacenter provide that you don’t get from the free open-source Docker ecosystem?

  • Scalable, secure, and supported platforms for managing images and container workloads (Ans)
  • Licensing which lets you run Docker on Windows servers as well as Linux servers
  • A locked-down container environment, where you can only manage Docker if you have SSH access to the hosts

How does Docker Trusted Registry provide high availability and high scale?

  • Replica nodes can be added to provide HA, and a cloud storage service can be used for scalable storage. (Ans)
  • You can host DTR behind a load balancer, so the LB provides high availability and scale.
  • DTR runs on DDC as a replicated service, so you can increase scale by adding replicas in UCP.

How do organizations and teams in DTR let you capture permissions for multi-user access to a repository?

  • Repos are created at team level, teams are members of organizations in UCP, users inherit organization permissions
  • Repos are created at organization level, access is granted to teams in the organization, users inherit team access (Ans)
  • Repos are created at organization level, organizations are owned by a UCP team, users inherit team permissions

How do you add new UCP controllers to the cluster, to make UCP highly available?

  • Run docker swarm join –as-manager with the swarm token, and the new node will join as a controller.
  • Run docker swarm join using the manager token, and the new node will be configured as a controller. (Ans)
  • Run docker swarm join to join as a node, and then run the docker/ucp installer image to become a controller.

If you need to install an OS patch on one of the UCP nodes, how can you do it?

  • Put the node into drain mode which kills all containers and exits the swarm, apply the patch and rejoin.
  • Stop any services and applications which have tasks running on the node, then apply the patch and restart.
  • Put the node into drain mode to stop all container workloads, leave the swarm, apply the patch and rejoin. (Ans)

How do you push an image from your local Docker engine to a remote Docker Trusted Registry?

  • Set your default registry to be DTR using docker config and then just push as normal.
  • Tag your image with your DTR user name, then run docker push specifying the DTR URL.
  • Run docker save to archive the image, then log in to DTR using the Web UI and upload the archive.
  • Tag your image with the DTR domain name, run docker login to authenticate to DTR, and then docker push . (Ans)

Which component of the Docker network stack implements specific network topologies such as overlay networking or bridge networking?

  • libcontainer
  • Libnetwork
  • The driver layer (Ans)
  • The CNM

Which of the following commands would you use if you were logged onto a Docker host and needed to look at detailed information about a network called prod-fe?

  • docker network inspect prod-fe (Ans)
  • docker network ls prod-fe
  • docker network show prod-fe
  • docker network ls prod-fe –verbose
Rajesh Kumar