⏱️5 min read · 944 words
Fragen im Docker-Interview testen Ihr Verständnis von Containerisierung, Dockerfile-Best Practices, Netzwerken, Orchestrierung und Produktionsbereitstellung. This guide covers the most commonly asked Docker questions from beginner to senior DevOps engineer level.
Kernfragen zu Docker
1. Was ist der Unterschied zwischen einem Docker-Image und einem Container?
- Bild– schreibgeschützte Vorlage (Blueprint), erstellt aus Dockerfile. In Registern gespeichert.
- Container– laufende Instanz eines Bildes. Hat oben eine beschreibbare Schicht.
- Ein Bild kann viele Container erstellen (wie eine Klasse → Instanzen)
# Image: static, stored
docker pull nginx:alpine # download image
docker images # list images
docker image inspect nginx:alpine # see image details
# Container: running, dynamic
docker run nginx:alpine # create + start container from image
docker ps # list running containers
docker ps -a # include stopped containers2. Erklären Sie die Docker-Netzwerkmodi
# bridge (default) — containers on same bridge can communicate by name
docker network create mynet
docker run --network mynet --name api myapp
docker run --network mynet --name db postgres
# api can reach db at hostname "db"
# host — container uses host's network directly (no port mapping needed)
docker run --network host nginx # exposes port 80 directly
# none — no network (isolated)
docker run --network none myapp
# container — share network stack with another container
docker run --network container:myapp nginx3. Was ist der Unterschied zwischen CMD und ENTRYPOINT?
# ENTRYPOINT — command that always runs, cannot be overridden
ENTRYPOINT ["python", "app.py"]
# docker run myimage --port 8080 → python app.py --port 8080 (args appended)
# CMD — default command, can be overridden at runtime
CMD ["gunicorn", "app:app"]
# docker run myimage bash → runs bash instead of gunicorn
# Combined (best practice):
ENTRYPOINT ["python"]
CMD ["app.py"] # default: python app.py
# docker run myimage manage.py migrate → python manage.py migrate (override CMD)
# Shell vs Exec form
CMD gunicorn app:app # shell form (runs in /bin/sh -c)
CMD ["gunicorn", "app:app"] # exec form (preferred — faster, proper signal handling)4. Was sind Docker-Volumes und wann werden sie verwendet?
# Named volume — managed by Docker, persists across container restarts
docker volume create mydata
docker run -v mydata:/var/lib/postgresql/data postgres
# Bind mount — maps host path to container path (dev workflow)
docker run -v $(pwd):/app node npm start
# Changes on host immediately visible in container
# tmpfs mount — in-memory, not persisted
docker run --tmpfs /tmp:size=100m myapp
# Read-only mount
docker run -v /config:/etc/myapp:ro myapp
# When to use:
# Named volumes: database data, persistent app state
# Bind mounts: development (hot reload), config files
# tmpfs: sensitive temp data that should never persist5. Erklären Sie das Docker-Layer-Caching und wie Sie es optimieren können
# WRONG: copy everything first (invalidates cache on any file change)
COPY . .
RUN pip install -r requirements.txt # reinstalls every time ANY file changes!
# CORRECT: copy dependencies first (cached unless requirements change)
COPY requirements.txt .
RUN pip install -r requirements.txt # cached until requirements.txt changes
COPY . .
# Tips:
# - Instructions that change frequently should be at the bottom
# - Combine RUN commands to reduce layers
# - Use .dockerignore to exclude unnecessary files6. Wie funktioniert die Gesundheitsprüfung in Docker?
HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 CMD curl -f http://localhost:8000/health || exit 1
# States:
# starting — within start-period
# healthy — health check passes
# unhealthy — health check fails retries times# In compose.yaml
services:
api:
image: myapp
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
interval: 30s
timeout: 10s
retries: 3
depends_on:
db:
condition: service_healthy # wait for DB to be healthy7. Was ist Docker BuildKit und warum wird es verwendet?
# BuildKit — next-gen Docker build (enabled by default in recent Docker)
# Features:
# - Parallel build stages (multi-stage builds are faster)
# - Better cache management
# - Secret mounting (never in image layers)
# - SSH forwarding in builds
# Mount secrets without baking into image
RUN --mount=type=secret,id=mysecret cat /run/secrets/mysecret
# Build with secret
docker build --secret id=mysecret,src=$HOME/.ssh/id_rsa .
# Cache mounts (persist between builds)
RUN --mount=type=cache,target=/root/.cache/pip pip install -r requirements.txt8. Was ist der Unterschied zwischen Docker Run und Docker Exec?
# docker run — creates a NEW container from an image
docker run myapp python manage.py migrate
# docker exec — runs command in an EXISTING running container
docker exec myapp-container python manage.py migrate
# Common usage
docker exec -it myapp bash # interactive shell in running container
docker exec mydb psql -U postgres # run command in DB container
# docker attach — attach to running container's main process
docker attach myapp-container # see stdout of running process9. Wie reduziert man die Größe des Docker-Images?
# 1. Use minimal base images
FROM python:3.12-slim # vs python:3.12 (300MB smaller!)
# Or: FROM gcr.io/distroless/python3 # even smaller
# 2. Multi-stage builds (common pattern)
FROM python:3.12 AS builder
RUN pip install -r requirements.txt
FROM python:3.12-slim
COPY --from=builder /usr/local/lib/python3.12/site-packages /usr/local/lib/python3.12/site-packages
# 3. Combine RUN commands
RUN apt-get update && apt-get install -y --no-install-recommends curl && rm -rf /var/lib/apt/lists/*
# 4. .dockerignore file
# .git
# __pycache__
# *.pyc
# node_modules
# .env10. Was ist der Unterschied zwischen COPY und ADD?
# COPY — simple, predictable, preferred
COPY src/ /app/src/
COPY requirements.txt .
# ADD — additional features (usually avoid in favor of COPY)
# - Can extract tar files automatically
# - Can download URLs (don't use! no caching, security risk)
ADD https://example.com/file.tar.gz /app/ # BAD: no caching!
ADD archive.tar.gz /app/ # Extracts to /app/
# Rule: always prefer COPY unless you specifically need ADD's tar extractionErfolg im Docker-Interview: Verstehen Sie den Unterschied zwischen Bildern und Containern, kennen Sie Netzwerkmodi, erklären Sie Layer-Caching zur Optimierung und demonstrieren Sie Kenntnisse über Produktionssicherheit (nicht root, schreibgeschützt, Geheimnisse). Senior-Rollen testen auch Kubernetes-Kenntnisse – Informationen zum nächsten Level finden Sie in unserem Kubernetes-Anfängerleitfaden und im Helm-Leitfaden.
🔗 Share this article
✍️ Leave a Comment