⏱️5 min read · 1,004 words
As perguntas da entrevista do Docker testam sua compreensão sobre conteinerização, práticas recomendadas do Dockerfile, rede, orquestração e implantação de produção. Este guia cobre as perguntas mais comuns sobre o Docker, desde o nível iniciante até o engenheiro DevOps sênior.
Perguntas básicas do Docker
1. Qual é a diferença entre uma imagem Docker e um contêiner?
- Imagem— modelo somente leitura (blueprint) criado a partir do Dockerfile. Armazenado em registros.
- Recipiente– executando a instância de uma imagem. Possui uma camada gravável na parte superior.
- Uma imagem pode criar muitos contêineres (como uma classe → instâncias)
# Image: static, stored
docker pull nginx:alpine # download image
docker images # list images
docker image inspect nginx:alpine # see image details
# Container: running, dynamic
docker run nginx:alpine # create + start container from image
docker ps # list running containers
docker ps -a # include stopped containers2. Explique os modos de rede do Docker
# bridge (default) — containers on same bridge can communicate by name
docker network create mynet
docker run --network mynet --name api myapp
docker run --network mynet --name db postgres
# api can reach db at hostname "db"
# host — container uses host's network directly (no port mapping needed)
docker run --network host nginx # exposes port 80 directly
# none — no network (isolated)
docker run --network none myapp
# container — share network stack with another container
docker run --network container:myapp nginx3. Qual é a diferença entre CMD e ENTRYPOINT?
# ENTRYPOINT — command that always runs, cannot be overridden
ENTRYPOINT ["python", "app.py"]
# docker run myimage --port 8080 → python app.py --port 8080 (args appended)
# CMD — default command, can be overridden at runtime
CMD ["gunicorn", "app:app"]
# docker run myimage bash → runs bash instead of gunicorn
# Combined (best practice):
ENTRYPOINT ["python"]
CMD ["app.py"] # default: python app.py
# docker run myimage manage.py migrate → python manage.py migrate (override CMD)
# Shell vs Exec form
CMD gunicorn app:app # shell form (runs in /bin/sh -c)
CMD ["gunicorn", "app:app"] # exec form (preferred — faster, proper signal handling)4. O que são volumes Docker e quando você os usa?
# Named volume — managed by Docker, persists across container restarts
docker volume create mydata
docker run -v mydata:/var/lib/postgresql/data postgres
# Bind mount — maps host path to container path (dev workflow)
docker run -v $(pwd):/app node npm start
# Changes on host immediately visible in container
# tmpfs mount — in-memory, not persisted
docker run --tmpfs /tmp:size=100m myapp
# Read-only mount
docker run -v /config:/etc/myapp:ro myapp
# When to use:
# Named volumes: database data, persistent app state
# Bind mounts: development (hot reload), config files
# tmpfs: sensitive temp data that should never persist5. Explique o cache da camada Docker e como otimizá-lo
# WRONG: copy everything first (invalidates cache on any file change)
COPY . .
RUN pip install -r requirements.txt # reinstalls every time ANY file changes!
# CORRECT: copy dependencies first (cached unless requirements change)
COPY requirements.txt .
RUN pip install -r requirements.txt # cached until requirements.txt changes
COPY . .
# Tips:
# - Instructions that change frequently should be at the bottom
# - Combine RUN commands to reduce layers
# - Use .dockerignore to exclude unnecessary files6. Como funciona a verificação de integridade no Docker?
HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 CMD curl -f http://localhost:8000/health || exit 1
# States:
# starting — within start-period
# healthy — health check passes
# unhealthy — health check fails retries times# In compose.yaml
services:
api:
image: myapp
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
interval: 30s
timeout: 10s
retries: 3
depends_on:
db:
condition: service_healthy # wait for DB to be healthy7. O que é Docker BuildKit e por que usá-lo?
# BuildKit — next-gen Docker build (enabled by default in recent Docker)
# Features:
# - Parallel build stages (multi-stage builds are faster)
# - Better cache management
# - Secret mounting (never in image layers)
# - SSH forwarding in builds
# Mount secrets without baking into image
RUN --mount=type=secret,id=mysecret cat /run/secrets/mysecret
# Build with secret
docker build --secret id=mysecret,src=$HOME/.ssh/id_rsa .
# Cache mounts (persist between builds)
RUN --mount=type=cache,target=/root/.cache/pip pip install -r requirements.txt8. Qual é a diferença entre docker run e docker exec?
# docker run — creates a NEW container from an image
docker run myapp python manage.py migrate
# docker exec — runs command in an EXISTING running container
docker exec myapp-container python manage.py migrate
# Common usage
docker exec -it myapp bash # interactive shell in running container
docker exec mydb psql -U postgres # run command in DB container
# docker attach — attach to running container's main process
docker attach myapp-container # see stdout of running process9. Como você reduz o tamanho da imagem do Docker?
# 1. Use minimal base images
FROM python:3.12-slim # vs python:3.12 (300MB smaller!)
# Or: FROM gcr.io/distroless/python3 # even smaller
# 2. Multi-stage builds (common pattern)
FROM python:3.12 AS builder
RUN pip install -r requirements.txt
FROM python:3.12-slim
COPY --from=builder /usr/local/lib/python3.12/site-packages /usr/local/lib/python3.12/site-packages
# 3. Combine RUN commands
RUN apt-get update && apt-get install -y --no-install-recommends curl && rm -rf /var/lib/apt/lists/*
# 4. .dockerignore file
# .git
# __pycache__
# *.pyc
# node_modules
# .env10. Qual é a diferença entre COPY e ADD?
# COPY — simple, predictable, preferred
COPY src/ /app/src/
COPY requirements.txt .
# ADD — additional features (usually avoid in favor of COPY)
# - Can extract tar files automatically
# - Can download URLs (don't use! no caching, security risk)
ADD https://example.com/file.tar.gz /app/ # BAD: no caching!
ADD archive.tar.gz /app/ # Extracts to /app/
# Rule: always prefer COPY unless you specifically need ADD's tar extractionSucesso na entrevista do Docker: entenda a diferença entre imagens e contêineres, conheça os modos de rede, explique o cache de camada para otimização e demonstre conhecimento de segurança de produção (não raiz, somente leitura, segredos). As funções seniores também testam o conhecimento do Kubernetes – consulte nosso Guia para iniciantes do Kubernetes e Guia do Helm para cobertura do próximo nível.
🔗 Share this article
✍️ Leave a Comment