Docker Assignment– 7

Docker Best Practices

Basic Questions

  1. Create a new user and run a container as a non-root user.
  2. Run an image scan using docker scan and list vulnerabilities.
  3. Enable AppArmor for a container and inspect the applied profile.
  4. Run a container with a custom seccomp profile.
  5. Create a .dockerignore file and exclude unnecessary files from the build context.
  6. Build an image using Alpine as the base instead of Ubuntu.
  7. Build an image and verify layer caching by running two builds in sequence.
  8. Remove unused layers and dangling images using docker image prune.
  9. Run cAdvisor in a container and access its web UI.
  10. Run Prometheus in a container and configure it to scrape cAdvisor.
  11. Run Grafana in a container and add Prometheus as a data source.
  12. View container CPU and memory metrics in Grafana dashboards.
  13. Configure a container to log to a JSON file.
  14. Configure a container to log to syslog.
  15. Use docker logs to filter logs by timestamp.
  16. Compare docker logs with the JSON logging driver.
  17. Install Podman and run a container using it.
  18. Install Buildah and build an image without Docker.
  19. Install CRI-O and run a basic container workload.
  20. Write a short note on the differences between Docker, Podman, and CRI-O.

Intermediate Questions

  1. Run a container with limited privileges using the –cap-drop option.
  2. Configure Docker Content Trust (DCT) and pull only signed images.
  3. Build a multistage Dockerfile that compiles a Go app and produces a minimal runtime image.
  4. Use build cache mounts (–mount=type=cache) to speed up builds.
  5. Use cAdvisor to monitor disk usage of containers.
  6. Configure Prometheus to scrape metrics from multiple Docker hosts.
  7. Run Grafana and import a pre-built Docker monitoring dashboard.
  8. Configure a container to log to Fluentd and forward logs to Elasticsearch.
  9. Configure a container to log to AWS CloudWatch using a logging driver.
  10. Compare resource usage (CPU/memory) of the same app running on Docker vs Podman.
  11. Run a container with read-only filesystem enabled.
  12. Run a container with memory limit set to 256MB and verify behavior under stress.
  13. Enable restart policy on-failure with 3 retries for a critical container.
  14. Configure ulimits for a container and test its effect.
  15. Run an image scan with Trivy (alternative to docker scan).
  16. Create a Buildah script to build and push an image to Docker Hub.
  17. Run a microservice with Podman and compare commands with Docker.
  18. Create a Docker Compose file that includes Prometheus and Grafana services.
  19. Run a logging stack with Elasticsearch, Logstash, and Kibana (ELK) using Compose.
  20. Document best practices for optimizing and securing Docker images in a Markdown file.

Advanced Questions

  1. Build a CI/CD pipeline in Jenkins that builds a Docker image, scans it, and pushes it to a registry.
  2. Extend the pipeline to deploy the image as part of a Docker Compose stack.
  3. Add automated security scanning with Trivy or Clair in the CI/CD pipeline.
  4. Enable Content Trust in the pipeline to only push signed images.
  5. Deploy a microservice app (Frontend + Backend + Database) using Docker Swarm.
  6. Configure Prometheus and Grafana to monitor the microservice app.
  7. Configure Fluentd to collect logs from all services and forward them to Elasticsearch.
  8. Run a blue-green deployment of the backend service using Docker Swarm.
  9. Implement rolling updates for the frontend service using Swarm.
  10. Deliver a final project:
    • Build a multi-container microservice app with Dockerfiles.
    • Push images to a registry via CI/CD.
    • Deploy stack using Compose and Swarm.
    • Enable monitoring (cAdvisor + Prometheus + Grafana).
    • Enable logging (Fluentd or ELK).
    • Demonstrate security best practices (non-root, scans, signed images).