12个基本的Docker面试问题 *

In some projects, you might choose private Docker registries rather than Docker Hub or any cloud provider’s registry. 这可能采取部署Docker注册服务器的形式, 或者像Nexus这样的第三方本地注册服务器.

当您想要连接这些私有注册中心时, your registry should be secured with an SSL certificate in accordance with best practices.

You can also elect to use a private registry insecurely if you want to use self-signed SSL certificates—note, 这应该只用于测试目的. To do this, add your private test registry to an array as the value for the "insecure-registries" key in your daemon.json config file.

Docker镜像可以通过 docker save command. For example:

docker save -o .tar 

The exported Docker image can then be imported to another Docker host via the docker load command:

docker load -i .tar

Note that this does not export data from any containers that were based on the image, just the image itself.

Docker提供了不同的网络驱动程序，比如 bridge, host, overlay, and macvlan. bridge is the default.

Sometimes you might want to use Docker Swarm or connect your containers to your host network directly. 在这些情况下，您需要更改默认的网络驱动程序.

First, you have to create a new network with the new network driver by using the --driver or -d parameter with your docker network create command. 然后，您需要运行Docker映像 --network 参数以使用新创建的网络.

当您必须管理大型动态环境时 docker command alone does not suffice. You will face many problems automating scaling and health checks for containers. In this case, software teams use container orchestration tools like Kubernetes. 这样的软件实现了另一个层次的自动化:

• Deploy or scale your containers easily, securely, and with high availability
• 从容器组提供服务(内部或外部)
• Move your containers from one host to another when there’s a host-specific problem
• 像管理环境变量一样轻松地管理配置数据

Created: If your docker container is newly created, you will see this state for your container. 在此状态下，容器尚未启动.

Restarting: When you restart your docker container—or container restarts itself due to a problem—you will see this state.

Docker有四种不同的重启策略. The default is called no. With this policy, the Docker daemon will never try to restart your container (unless you tell it to manually.)

The second policy is on-failure. With this policy, 如果存在任何问题，Docker守护进程将尝试重新启动容器, that is, 如果任何启动脚本返回非零退出码.

The third policy is always. 使用此策略，Docker守护进程将尝试在以下情况下重启容器:

1. Any problem exists,
2. You stop them manually, or
3. docker守护进程本身已停止并重新启动

The fourth policy is unless-stopped, where the Docker daemon will always try to restart containers unless you stop them manually.

Running运行是容器的主要状态. It means it has started, and there is no problem detected with the container itself.

Paused:如果你暂时停止运行Docker容器通过 docker pause，这是您将看到的，直到您取消暂停.

Exited: If your container has stopped because of a problem or you stopped your container manually, 您将看到处于这种状态的容器, 取决于您的重启策略，如上所述.

A Docker image consists of many layers. 每一层对应于图像Dockerfile中的一个命令. This image provides isolation for an application when you run a Docker image as a container.

您可以从单个Docker映像运行多个容器. Docker镜像可以从Dockerfile中构建.

Docker镜像注册表是Docker镜像的存储区域. 你可以从中获取图像，而不是构建图像.

映像注册表可以是公共的，也可以是私有的. 最著名的公共注册中心是Docker Hub.

Docker企业版提供经过认证的Docker镜像和插件. With this certification, Docker Inc. ensures that the images in question pass security and best-practice checks. 换句话说，它们保证了一定的可靠性基线.

Docker Enterprise Edition also provides Active Directory or LDAP user integration, 持续的漏洞和安全扫描, 以及容器应用程序和图像管理功能.

Docker Swarm is an open-source container orchestration tool that is integrated with the Docker engine and CLI. 如果你想使用Docker Swarm，你应该使用 overlay network driver. Using an overlay network enables the Swarm service by connecting multiple docker host daemons together.

If you’re running your image via the latest tag with a container orchestration environment like Kubernetes, it may cause a problem.

问题是，如果你只使用 latest 标记，您将丢失旧映像，部署将使用新映像. If the new image has any problem, your deployments might fail, resulting in downtime.

当您使用显式的版本号来标记Docker映像时, 您可以轻松地回滚到旧图像. Also, 当您将新映像推送到您的私有注册表时, your deployments will continue to use the old version number due to your tag until you’re ready to switch each of them over.

Docker映像标记的最佳实践是同时使用这两种类型的标记. First, tag your Docker images with latest 和一个版本号，然后分别为每个标签推送两次. For example:

docker tag nginx:latest nginx:0.0.1

docker push nginx:latest
docker push nginx:0.0.1

Docker Compose is a tool that lets you define multiple containers and their configurations via a YAML or JSON file.

The most common use for Docker Compose is when your application has one or more dependencies, e.g., MySQL or Redis. Normally, during development, these dependencies are installed locally—a step that then needs re-doing when moving to a production setup. You can avoid these installation and configuration parts by using Docker Compose.

Once set up, you can bring all of these containers/dependencies up and running with a single docker-compose up command.

The volume parameter syncs a directory in a container with a host directory.

For example:

运行-v nginx-sites:/etc/nginx/sites-available nginx

This command mounts the nginx-sites directory in the host to the /etc/nginx/sites-available directory. In this way, you can sync nginx sites without restarting the container they’re in. Also, you can protect your data that is generated in your container using a directory in the host. Otherwise, if you delete your container, your data that was generated and stored in your container will naturally be deleted.

When you use the volume parameter, you can use the same data that was generated in a previous container using the same command.

使用像vSphere这样的管理程序的标准虚拟化, 每个应用程序都需要一个操作系统. 主机操作系统位于基础结构的底部, 并且必须在您的主机操作系统上安装管理程序. Then on top of the hypervisor, you install operating systems for each of your applications.

With Docker, the Docker daemon sits between your host operating system and your Docker images, in place of a hypervisor. Docker images reuse parts of the host operating system—thus a separate OS is not necessary for each app—but your apps are still isolated like they would be with a standard hypervisor.