⏱️4 min read · 763 words
تختبر أسئلة مقابلة Docker مدى فهمك للنقل بالحاويات وأفضل ممارسات Dockerfile والشبكات والتنسيق ونشر الإنتاج. يغطي هذا الدليل أسئلة Docker الأكثر شيوعًا بدءًا من مستوى المبتدئين وحتى مستوى مهندسي DevOps الأقدم.
أسئلة دوكر الأساسية
1. ما الفرق بين صورة Docker والحاوية؟
- صورة– قالب للقراءة فقط (مخطط) تم إنشاؤه من Dockerfile. مخزنة في السجلات.
- حاوية– تشغيل مثيل للصورة. لديه طبقة قابلة للكتابة في الأعلى.
- يمكن لصورة واحدة إنشاء العديد من الحاويات (مثل فئة → مثيلات)
# Image: static, stored
docker pull nginx:alpine # download image
docker images # list images
docker image inspect nginx:alpine # see image details
# Container: running, dynamic
docker run nginx:alpine # create + start container from image
docker ps # list running containers
docker ps -a # include stopped containers2. شرح أوضاع شبكة Docker
# bridge (default) — containers on same bridge can communicate by name
docker network create mynet
docker run --network mynet --name api myapp
docker run --network mynet --name db postgres
# api can reach db at hostname "db"
# host — container uses host's network directly (no port mapping needed)
docker run --network host nginx # exposes port 80 directly
# none — no network (isolated)
docker run --network none myapp
# container — share network stack with another container
docker run --network container:myapp nginx3. ما هو الفرق بين CMD و ENTRYPOINT؟
# ENTRYPOINT — command that always runs, cannot be overridden
ENTRYPOINT ["python", "app.py"]
# docker run myimage --port 8080 → python app.py --port 8080 (args appended)
# CMD — default command, can be overridden at runtime
CMD ["gunicorn", "app:app"]
# docker run myimage bash → runs bash instead of gunicorn
# Combined (best practice):
ENTRYPOINT ["python"]
CMD ["app.py"] # default: python app.py
# docker run myimage manage.py migrate → python manage.py migrate (override CMD)
# Shell vs Exec form
CMD gunicorn app:app # shell form (runs in /bin/sh -c)
CMD ["gunicorn", "app:app"] # exec form (preferred — faster, proper signal handling)4. ما هي وحدات تخزين Docker ومتى تستخدمها؟
# Named volume — managed by Docker, persists across container restarts
docker volume create mydata
docker run -v mydata:/var/lib/postgresql/data postgres
# Bind mount — maps host path to container path (dev workflow)
docker run -v $(pwd):/app node npm start
# Changes on host immediately visible in container
# tmpfs mount — in-memory, not persisted
docker run --tmpfs /tmp:size=100m myapp
# Read-only mount
docker run -v /config:/etc/myapp:ro myapp
# When to use:
# Named volumes: database data, persistent app state
# Bind mounts: development (hot reload), config files
# tmpfs: sensitive temp data that should never persist5. اشرح التخزين المؤقت لطبقة Docker وكيفية تحسينه
# WRONG: copy everything first (invalidates cache on any file change)
COPY . .
RUN pip install -r requirements.txt # reinstalls every time ANY file changes!
# CORRECT: copy dependencies first (cached unless requirements change)
COPY requirements.txt .
RUN pip install -r requirements.txt # cached until requirements.txt changes
COPY . .
# Tips:
# - Instructions that change frequently should be at the bottom
# - Combine RUN commands to reduce layers
# - Use .dockerignore to exclude unnecessary files6. كيف يعمل الفحص الصحي في Docker؟
HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 CMD curl -f http://localhost:8000/health || exit 1
# States:
# starting — within start-period
# healthy — health check passes
# unhealthy — health check fails retries times# In compose.yaml
services:
api:
image: myapp
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
interval: 30s
timeout: 10s
retries: 3
depends_on:
db:
condition: service_healthy # wait for DB to be healthy7. ما هو Docker BuildKit ولماذا نستخدمه؟
# BuildKit — next-gen Docker build (enabled by default in recent Docker)
# Features:
# - Parallel build stages (multi-stage builds are faster)
# - Better cache management
# - Secret mounting (never in image layers)
# - SSH forwarding in builds
# Mount secrets without baking into image
RUN --mount=type=secret,id=mysecret cat /run/secrets/mysecret
# Build with secret
docker build --secret id=mysecret,src=$HOME/.ssh/id_rsa .
# Cache mounts (persist between builds)
RUN --mount=type=cache,target=/root/.cache/pip pip install -r requirements.txt8. ما الفرق بين docker run وdocker exec؟
# docker run — creates a NEW container from an image
docker run myapp python manage.py migrate
# docker exec — runs command in an EXISTING running container
docker exec myapp-container python manage.py migrate
# Common usage
docker exec -it myapp bash # interactive shell in running container
docker exec mydb psql -U postgres # run command in DB container
# docker attach — attach to running container's main process
docker attach myapp-container # see stdout of running process9. كيف يمكنك تقليل حجم صورة Docker؟
# 1. Use minimal base images
FROM python:3.12-slim # vs python:3.12 (300MB smaller!)
# Or: FROM gcr.io/distroless/python3 # even smaller
# 2. Multi-stage builds (common pattern)
FROM python:3.12 AS builder
RUN pip install -r requirements.txt
FROM python:3.12-slim
COPY --from=builder /usr/local/lib/python3.12/site-packages /usr/local/lib/python3.12/site-packages
# 3. Combine RUN commands
RUN apt-get update && apt-get install -y --no-install-recommends curl && rm -rf /var/lib/apt/lists/*
# 4. .dockerignore file
# .git
# __pycache__
# *.pyc
# node_modules
# .env10. ما الفرق بين COPY و ADD؟
# COPY — simple, predictable, preferred
COPY src/ /app/src/
COPY requirements.txt .
# ADD — additional features (usually avoid in favor of COPY)
# - Can extract tar files automatically
# - Can download URLs (don't use! no caching, security risk)
ADD https://example.com/file.tar.gz /app/ # BAD: no caching!
ADD archive.tar.gz /app/ # Extracts to /app/
# Rule: always prefer COPY unless you specifically need ADD's tar extractionنجاح مقابلة Docker: فهم الفرق بين الصور والحاويات، ومعرفة أوضاع الشبكات، وشرح التخزين المؤقت للطبقة من أجل التحسين، وإظهار المعرفة بأمان الإنتاج (الأسرار غير الجذرية، للقراءة فقط). تختبر الأدوار العليا أيضًا معرفة Kubernetes – راجع دليل Kubernetes للمبتدئين ودليل Helm لتغطية المستوى التالي.
🔗 Share this article
✍️ Leave a Comment