From c3eafb5a31c95baad4e562daabb92d3351172de8 Mon Sep 17 00:00:00 2001 From: lacatoire Date: Sun, 8 Feb 2026 19:01:30 +0100 Subject: [PATCH] Add new questions for Orchestration and Image Creation domains Orchestration (+38 questions): - service_update_rollback.yaml: update/rollback strategies (10) - node_availability.yaml: drain/active/pause states (8) - swarm_autolock.yaml: autolock feature (6) - secrets_and_configs.yaml: Docker secrets and configs (8) - service_healthcheck.yaml: health checks in Swarm (6) Image Creation (+32 questions): - healthcheck_instruction.yaml: HEALTHCHECK in Dockerfile (6) - buildkit_buildx.yaml: BuildKit and buildx (6) - cmd_vs_entrypoint.yaml: CMD vs ENTRYPOINT deep dive (8) - arg_vs_env.yaml: ARG vs ENV instructions (6) - build_cache.yaml: build cache optimization (6) --- README.md | 10 +++ data/1_Orchestration/node_availability.yaml | 72 +++++++++++++++ data/1_Orchestration/secrets_and_configs.yaml | 72 +++++++++++++++ data/1_Orchestration/service_healthcheck.yaml | 54 +++++++++++ .../service_update_rollback.yaml | 90 +++++++++++++++++++ data/1_Orchestration/swarm_autolock.yaml | 54 +++++++++++ .../arg_vs_env.yaml | 54 +++++++++++ .../build_cache.yaml | 54 +++++++++++ .../buildkit_buildx.yaml | 54 +++++++++++ .../cmd_vs_entrypoint.yaml | 72 +++++++++++++++ .../healthcheck_instruction.yaml | 54 +++++++++++ 11 files changed, 640 insertions(+) create mode 100644 data/1_Orchestration/node_availability.yaml create mode 100644 data/1_Orchestration/secrets_and_configs.yaml create mode 100644 data/1_Orchestration/service_healthcheck.yaml create mode 100644 data/1_Orchestration/service_update_rollback.yaml create mode 100644 data/1_Orchestration/swarm_autolock.yaml create mode 100644 data/2_Image_creation_management_registry/arg_vs_env.yaml create mode 100644 data/2_Image_creation_management_registry/build_cache.yaml create mode 100644 data/2_Image_creation_management_registry/buildkit_buildx.yaml create mode 100644 data/2_Image_creation_management_registry/cmd_vs_entrypoint.yaml create mode 100644 data/2_Image_creation_management_registry/healthcheck_instruction.yaml diff --git a/README.md b/README.md index 213bd15..a5dcd03 100644 --- a/README.md +++ b/README.md @@ -41,6 +41,11 @@ The goal is to help candidates: * [Describe how a Dockerized application communicates with legacy systems.](data/1_Orchestration/legacy_communication.yaml) * [Describe how to deploy containerized workloads as Kubernetes pods and deployments.](data/1_Orchestration/k8s_pods_deployments.yaml) * [Describe how to provide configuration to Kubernetes pods using configMaps and secrets.](data/1_Orchestration/k8s_configmap_secret.yaml) +* [Describe service update and rollback strategies.](data/1_Orchestration/service_update_rollback.yaml) +* [Describe node availability (drain, active, pause).](data/1_Orchestration/node_availability.yaml) +* [Describe the Swarm autolock feature.](data/1_Orchestration/swarm_autolock.yaml) +* [Describe Docker secrets and configs in Swarm.](data/1_Orchestration/secrets_and_configs.yaml) +* [Describe service health checks in Swarm.](data/1_Orchestration/service_healthcheck.yaml) ### Domain 2: Image Creation, Management, and Registry (20% of exam) @@ -61,6 +66,11 @@ The goal is to help candidates: * [Push an image to a registry.](data/2_Image_creation_management_registry/push_an_image_to_a_registry.yaml) * [Sign an image in a registry.](data/2_Image_creation_management_registry/sign_an_image_in_a_registry.yaml) * [Pull and delete images from a registry.](data/2_Image_creation_management_registry/pull_delete_images_registry.yaml) +* [Describe the HEALTHCHECK instruction in a Dockerfile.](data/2_Image_creation_management_registry/healthcheck_instruction.yaml) +* [Describe BuildKit and docker buildx.](data/2_Image_creation_management_registry/buildkit_buildx.yaml) +* [Compare CMD vs ENTRYPOINT instructions.](data/2_Image_creation_management_registry/cmd_vs_entrypoint.yaml) +* [Compare ARG vs ENV instructions.](data/2_Image_creation_management_registry/arg_vs_env.yaml) +* [Describe Docker build cache optimization.](data/2_Image_creation_management_registry/build_cache.yaml) ### Domain 3: Installation and Configuration (15% of exam) diff --git a/data/1_Orchestration/node_availability.yaml b/data/1_Orchestration/node_availability.yaml new file mode 100644 index 0000000..5b4a6b4 --- /dev/null +++ b/data/1_Orchestration/node_availability.yaml @@ -0,0 +1,72 @@ +questions: + - uuid: 7427d279-6a03-499d-8db8-8b33f60ec85e + question: Which command sets a Swarm node to drain availability? + answers: + - { value: 'docker node update --availability drain ', correct: true } + - { value: 'docker node drain ', correct: false } + - { value: 'docker swarm update --drain ', correct: false } + - { value: 'docker node set --status drain ', correct: false } + help: 'https://docs.docker.com/reference/cli/docker/node/update/' + + - uuid: f4a6b9b3-8933-4c9c-9ea1-d8345989ea76 + question: What happens to running tasks on a node when its availability is set to drain? + answers: + - { value: 'Tasks are paused until the node is set back to active', correct: false } + - { value: 'Tasks are stopped and rescheduled on other available nodes', correct: true } + - { value: 'Tasks continue running but no new tasks are assigned', correct: false } + - { value: 'Tasks are deleted permanently', correct: false } + help: 'https://docs.docker.com/engine/swarm/swarm-tutorial/drain-node/' + + - uuid: 6d2a3fc6-f24e-4252-8e6b-1a7917f91a6e + question: What are the three possible availability states for a Docker Swarm node? + answers: + - { value: 'active, pause, drain', correct: true } + - { value: 'running, stopped, paused', correct: false } + - { value: 'active, inactive, drain', correct: false } + - { value: 'ready, standby, offline', correct: false } + help: 'https://docs.docker.com/reference/cli/docker/node/update/' + + - uuid: 70d6f4a7-8e5c-4b1d-a3f9-4c0e7d2b5a38 + question: What is the effect of setting a node to "pause" availability? + answers: + - { value: 'All running tasks are stopped immediately', correct: false } + - { value: 'The node leaves the Swarm cluster', correct: false } + - { value: 'The node does not receive new tasks but existing tasks continue running', correct: true } + - { value: 'The node becomes a manager node', correct: false } + help: 'https://docs.docker.com/engine/swarm/swarm-tutorial/drain-node/' + + - uuid: 81e7a5b8-9f6d-4c2e-b4a0-5d1f8e3c6b49 + question: Can a manager node be drained in Docker Swarm? + answers: + - { value: 'No, manager nodes cannot be drained', correct: false } + - { value: 'Yes, but it loses its manager status', correct: false } + - { value: 'Yes, it stops running tasks but retains its manager role', correct: true } + - { value: 'Yes, but only if there is a single manager in the cluster', correct: false } + help: 'https://docs.docker.com/engine/swarm/swarm-tutorial/drain-node/' + + - uuid: 71b27922-45ab-4e23-822e-692c78185b05 + question: After draining a node and performing maintenance, which command makes the node available for tasks again? + answers: + - { value: 'docker node update --availability active ', correct: true } + - { value: 'docker node activate ', correct: false } + - { value: 'docker node update --status ready ', correct: false } + - { value: 'docker node resume ', correct: false } + help: 'https://docs.docker.com/reference/cli/docker/node/update/' + + - uuid: cde811d8-6da1-4771-8737-849ef4fab487 + question: When a drained node is set back to active, do previously running tasks automatically move back to it? + answers: + - { value: 'Yes, all tasks return to their original node', correct: false } + - { value: 'Yes, but only global service tasks return', correct: false } + - { value: 'No, existing tasks stay where they are; the node only receives new or rebalanced tasks', correct: true } + - { value: 'No, the node must rejoin the Swarm to receive tasks', correct: false } + help: 'https://docs.docker.com/engine/swarm/swarm-tutorial/drain-node/' + + - uuid: f19b3d4c-c3dd-433a-9f25-3ec41f55aba0 + question: Which command can you use to verify the current availability status of all Swarm nodes? + answers: + - { value: 'docker swarm status', correct: false } + - { value: 'docker node ls', correct: true } + - { value: 'docker info --nodes', correct: false } + - { value: 'docker service ps --all', correct: false } + help: 'https://docs.docker.com/reference/cli/docker/node/ls/' diff --git a/data/1_Orchestration/secrets_and_configs.yaml b/data/1_Orchestration/secrets_and_configs.yaml new file mode 100644 index 0000000..d378c56 --- /dev/null +++ b/data/1_Orchestration/secrets_and_configs.yaml @@ -0,0 +1,72 @@ +questions: + - uuid: f5adb06a-f283-4072-8330-e8a12a751a4e + question: Which command creates a Docker secret from a file? + answers: + - { value: 'docker secret add my_secret ./secret.txt', correct: false } + - { value: 'docker secret create my_secret ./secret.txt', correct: true } + - { value: 'docker service secret --add my_secret ./secret.txt', correct: false } + - { value: 'docker config create --secret my_secret ./secret.txt', correct: false } + help: 'https://docs.docker.com/reference/cli/docker/secret/create/' + + - uuid: d2d8f6a9-0e7b-4b3c-a5f1-6c2e9d4b7a50 + question: Where are Docker secrets mounted inside a service container by default? + answers: + - { value: '/etc/secrets/', correct: false } + - { value: '/var/run/secrets/', correct: false } + - { value: '/run/secrets/', correct: true } + - { value: '/tmp/secrets/', correct: false } + help: 'https://docs.docker.com/engine/swarm/secrets/#how-docker-manages-secrets' + + - uuid: e3e9a7b0-1f8c-4c4d-b6a2-7d3f0e5c8b61 + question: Which command creates a Docker config from a file? + answers: + - { value: 'docker config create my_config ./config.txt', correct: true } + - { value: 'docker config add my_config ./config.txt', correct: false } + - { value: 'docker service config --add my_config ./config.txt', correct: false } + - { value: 'docker create config my_config ./config.txt', correct: false } + help: 'https://docs.docker.com/reference/cli/docker/config/create/' + + - uuid: 17a35533-1048-467a-bf3f-3cf2511e60a5 + question: What is a key difference between Docker secrets and Docker configs? + answers: + - { value: 'Secrets are stored in Raft log encrypted; configs are not encrypted at rest', correct: true } + - { value: 'Configs can only be used with global services', correct: false } + - { value: 'Secrets are mounted as volumes; configs are set as environment variables', correct: false } + - { value: 'Configs are limited to 100KB; secrets have no size limit', correct: false } + help: 'https://docs.docker.com/engine/swarm/configs/' + + - uuid: 62f66a6c-b332-4f77-ba3f-f0bc8417c8ab + question: How do you grant a running service access to an existing secret? + answers: + - { value: 'docker secret attach my_secret myservice', correct: false } + - { value: 'docker service update --secret-add my_secret myservice', correct: true } + - { value: 'docker service update --mount secret=my_secret myservice', correct: false } + - { value: 'docker secret grant my_secret myservice', correct: false } + help: 'https://docs.docker.com/reference/cli/docker/service/update/' + + - uuid: fe43e84a-19ae-40e3-83f1-8e0c89d627cc + question: Can you update or change the content of an existing Docker secret? + answers: + - { value: 'Yes, using docker secret update', correct: false } + - { value: 'Yes, by overwriting it with docker secret create --force', correct: false } + - { value: 'No, secrets are immutable; you must create a new secret and update the service', correct: true } + - { value: 'Yes, but only if no service is using it', correct: false } + help: 'https://docs.docker.com/engine/swarm/secrets/#example-rotate-a-secret' + + - uuid: c59fa65c-9ee6-4989-95c0-4b4e45148d8a + question: Where are Docker configs mounted inside a container by default? + answers: + - { value: '/run/configs/', correct: false } + - { value: '/', correct: true } + - { value: '/etc/configs/', correct: false } + - { value: '/var/config/', correct: false } + help: 'https://docs.docker.com/engine/swarm/configs/#how-docker-manages-configs' + + - uuid: d8d4f2a5-6e3b-4b9c-a1f7-2c8e5d0a3b16 + question: Which Docker feature requires Swarm mode to function? + answers: + - { value: 'Volumes', correct: false } + - { value: 'Bridge networks', correct: false } + - { value: 'Secrets', correct: true } + - { value: 'Bind mounts', correct: false } + help: 'https://docs.docker.com/engine/swarm/secrets/' diff --git a/data/1_Orchestration/service_healthcheck.yaml b/data/1_Orchestration/service_healthcheck.yaml new file mode 100644 index 0000000..a66f458 --- /dev/null +++ b/data/1_Orchestration/service_healthcheck.yaml @@ -0,0 +1,54 @@ +questions: + - uuid: e9e5a3b6-7f4d-4c0e-b2a8-3d9f6e1b4c27 + question: Which flag defines a health check command when creating a Docker Swarm service? + answers: + - { value: '--health-test', correct: false } + - { value: '--healthcheck', correct: false } + - { value: '--health-cmd', correct: true } + - { value: '--check-health', correct: false } + help: 'https://docs.docker.com/reference/cli/docker/service/create/#health-cmd' + + - uuid: 44213b9c-edb1-490e-b6d7-8b83c6e61051 + question: What are the three possible health states of a container with a health check configured? + answers: + - { value: 'healthy, unhealthy, unknown', correct: false } + - { value: 'starting, healthy, unhealthy', correct: true } + - { value: 'running, stopped, failed', correct: false } + - { value: 'passing, warning, critical', correct: false } + help: 'https://docs.docker.com/reference/dockerfile/#healthcheck' + + - uuid: 780e95d2-b8f5-428e-9ed7-2b2cd01147d7 + question: What does the --health-retries flag specify? + answers: + - { value: 'The number of times to retry a failed service deployment', correct: false } + - { value: 'The number of consecutive health check failures needed to report unhealthy', correct: true } + - { value: 'The number of health checks to run in parallel', correct: false } + - { value: 'The number of nodes to check health on', correct: false } + help: 'https://docs.docker.com/reference/cli/docker/service/create/#health-retries' + + - uuid: 7ca92d5f-1075-4c7e-af6a-3ade80273bd3 + question: What does the --health-start-period flag control? + answers: + - { value: 'The time to wait before the first health check runs', correct: false } + - { value: 'The grace period during which health check failures are not counted toward the maximum retries', correct: true } + - { value: 'The interval between health checks at service startup', correct: false } + - { value: 'The maximum time allowed for the service to start', correct: false } + help: 'https://docs.docker.com/reference/cli/docker/service/create/#health-start-period' + + - uuid: 96f70b46-c101-4d79-a032-d0fd10dc4297 + question: What happens to a Swarm service task when its container is reported as unhealthy? + answers: + - { value: 'The task is paused and an alert is sent', correct: false } + - { value: 'Nothing happens; the task continues running', correct: false } + - { value: 'The task is stopped and a new task is scheduled to replace it', correct: true } + - { value: 'The task is moved to a different node', correct: false } + help: 'https://docs.docker.com/engine/swarm/how-swarm-mode-works/services/' + + - uuid: d4d0f8a1-2e9c-4b5d-a7f3-8c4e1d6a9b72 + question: What is the default interval between health checks if --health-interval is not specified? + answers: + - { value: '10s', correct: false } + - { value: '30s', correct: true } + - { value: '1m', correct: false } + - { value: '5s', correct: false } + help: 'https://docs.docker.com/reference/dockerfile/#healthcheck' diff --git a/data/1_Orchestration/service_update_rollback.yaml b/data/1_Orchestration/service_update_rollback.yaml new file mode 100644 index 0000000..f1b2c1a --- /dev/null +++ b/data/1_Orchestration/service_update_rollback.yaml @@ -0,0 +1,90 @@ +questions: + - uuid: a3c7e1b4-9f2d-4e8a-b5c6-1d3f7a9e2b04 + question: Which command updates the image of an existing Docker Swarm service named "web" to nginx:1.25? + answers: + - { value: 'docker service update --image nginx:1.25 web', correct: true } + - { value: 'docker service create --image nginx:1.25 web', correct: false } + - { value: 'docker service scale --image nginx:1.25 web', correct: false } + - { value: 'docker update --image nginx:1.25 web', correct: false } + help: 'https://docs.docker.com/reference/cli/docker/service/update/' + + - uuid: b8d4f2a5-6e3c-4b9d-a1f7-2c8e5d0a3b16 + question: What does the --update-delay flag control during a service update? + answers: + - { value: 'The time to wait before starting the update', correct: false } + - { value: 'The time to wait between updating each group of tasks', correct: true } + - { value: 'The maximum time a single task update can take', correct: false } + - { value: 'The time to wait before rolling back on failure', correct: false } + help: 'https://docs.docker.com/engine/swarm/services/#configure-a-services-update-behavior' + + - uuid: c9e5a3b6-7f4d-4c0e-b2a8-3d9f6e1b4c27 + question: What does --update-parallelism 3 mean when updating a service? + answers: + - { value: 'Three services are updated at the same time', correct: false } + - { value: 'The update runs on three nodes simultaneously', correct: false } + - { value: 'Three tasks are updated at a time during the rolling update', correct: true } + - { value: 'The update retries three times on failure', correct: false } + help: 'https://docs.docker.com/engine/swarm/services/#configure-a-services-update-behavior' + + - uuid: 39b5ce22-cbe0-465e-a39a-551f9775a62c + question: What is the default value for --update-failure-action in Docker Swarm? + answers: + - { value: 'rollback', correct: false } + - { value: 'continue', correct: false } + - { value: 'pause', correct: true } + - { value: 'stop', correct: false } + help: 'https://docs.docker.com/engine/swarm/services/#configure-a-services-update-behavior' + + - uuid: 216987ff-de4a-44e0-a854-38d136f311e9 + question: Which command manually triggers a rollback of a Docker Swarm service? + answers: + - { value: 'docker service revert myservice', correct: false } + - { value: 'docker service update --undo myservice', correct: false } + - { value: 'docker service rollback myservice', correct: true } + - { value: 'docker service update --previous myservice', correct: false } + help: 'https://docs.docker.com/reference/cli/docker/service/rollback/' + + - uuid: 42faf48b-afa1-46cd-b294-27d1b86f26ae + question: What does the --update-order start-first option do during a service update? + answers: + - { value: 'It starts the new task before stopping the old task', correct: true } + - { value: 'It stops the old task before starting the new task', correct: false } + - { value: 'It starts the update on the first node in the cluster', correct: false } + - { value: 'It prioritizes manager nodes during the update', correct: false } + help: 'https://docs.docker.com/engine/swarm/services/#configure-a-services-update-behavior' + + - uuid: 9c3cb4aa-daa3-4e0a-b80b-9ae8757d2ee6 + question: What is the default update order for Docker Swarm service updates? + answers: + - { value: 'start-first', correct: false } + - { value: 'stop-first', correct: true } + - { value: 'parallel', correct: false } + - { value: 'round-robin', correct: false } + help: 'https://docs.docker.com/engine/swarm/services/#configure-a-services-update-behavior' + + - uuid: 14d0f8a1-2e9c-4b5d-a7f3-8c4e1d6a9b72 + question: Which flag sets the maximum time a single task has to update before it is considered failed? + answers: + - { value: '--update-delay', correct: false } + - { value: '--update-timeout', correct: false } + - { value: '--update-monitor', correct: true } + - { value: '--update-max-time', correct: false } + help: 'https://docs.docker.com/engine/swarm/services/#configure-a-services-update-behavior' + + - uuid: 25e1a9b2-3f0d-4c6e-b8a4-9d5f2e7b0c83 + question: How do you configure a service so that it automatically rolls back if an update fails? + answers: + - { value: '--update-failure-action rollback', correct: true } + - { value: '--rollback-on-failure true', correct: false } + - { value: '--update-auto-rollback', correct: false } + - { value: '--update-failure-action revert', correct: false } + help: 'https://docs.docker.com/engine/swarm/services/#configure-a-services-update-behavior' + + - uuid: 372fc663-77c2-4bcf-aa95-cc365ffac6f0 + question: Which flag configures the delay between task rollbacks during an automatic rollback? + answers: + - { value: '--update-delay', correct: false } + - { value: '--rollback-delay', correct: true } + - { value: '--rollback-interval', correct: false } + - { value: '--rollback-wait', correct: false } + help: 'https://docs.docker.com/engine/swarm/services/#roll-back-to-the-previous-version-of-a-service' diff --git a/data/1_Orchestration/swarm_autolock.yaml b/data/1_Orchestration/swarm_autolock.yaml new file mode 100644 index 0000000..40e5efa --- /dev/null +++ b/data/1_Orchestration/swarm_autolock.yaml @@ -0,0 +1,54 @@ +questions: + - uuid: cadff67e-01cf-44f1-8209-b743fb8ebd05 + question: What does the --autolock flag do when initializing a Docker Swarm? + answers: + - { value: 'It locks the Swarm so no new nodes can join', correct: false } + - { value: 'It encrypts the Raft logs and TLS keys at rest, requiring an unlock key when a manager restarts', correct: true } + - { value: 'It prevents any service updates without a password', correct: false } + - { value: 'It automatically locks containers after a timeout', correct: false } + help: 'https://docs.docker.com/engine/swarm/swarm_manager_locking/' + + - uuid: d6d2f0a3-4e1c-4b7d-a9f5-0c6e3d8b1a94 + question: Which command is used to unlock a locked Swarm manager after it restarts? + answers: + - { value: 'docker swarm unlock-key', correct: false } + - { value: 'docker swarm init --unlock', correct: false } + - { value: 'docker swarm unlock', correct: true } + - { value: 'docker node unlock', correct: false } + help: 'https://docs.docker.com/reference/cli/docker/swarm/unlock/' + + - uuid: e7e3a1b4-5f2d-4c8e-b0a6-1d7f4e9c2b05 + question: How do you retrieve the current unlock key for a Docker Swarm? + answers: + - { value: 'docker swarm inspect --unlock-key', correct: false } + - { value: 'docker swarm unlock --show', correct: false } + - { value: 'docker swarm unlock-key', correct: true } + - { value: 'docker info --swarm-key', correct: false } + help: 'https://docs.docker.com/reference/cli/docker/swarm/unlock-key/' + + - uuid: c7acd054-17ca-4ac7-8dc4-be0209999ae9 + question: How do you enable autolock on an existing Swarm that was initialized without it? + answers: + - { value: 'docker swarm init --autolock', correct: false } + - { value: 'docker swarm update --autolock=true', correct: true } + - { value: 'docker swarm lock --enable', correct: false } + - { value: 'docker node update --autolock manager', correct: false } + help: 'https://docs.docker.com/engine/swarm/swarm_manager_locking/#enable-or-disable-autolock-on-an-existing-swarm' + + - uuid: a258e38b-0da0-48f4-8eee-2f29918b1815 + question: How do you rotate the unlock key for a Docker Swarm? + answers: + - { value: 'docker swarm unlock-key --rotate', correct: true } + - { value: 'docker swarm rotate-key', correct: false } + - { value: 'docker swarm update --new-key', correct: false } + - { value: 'docker swarm unlock --regenerate', correct: false } + help: 'https://docs.docker.com/reference/cli/docker/swarm/unlock-key/#--rotate' + + - uuid: 59e724dd-1839-4a99-8afb-c9b99cceeb79 + question: What happens if a locked Swarm manager restarts and is not unlocked? + answers: + - { value: 'It automatically leaves the Swarm', correct: false } + - { value: 'It continues to operate normally as a manager', correct: false } + - { value: 'It starts as a manager but cannot decrypt the Raft log or access cluster data until unlocked', correct: true } + - { value: 'It demotes itself to a worker node', correct: false } + help: 'https://docs.docker.com/engine/swarm/swarm_manager_locking/' diff --git a/data/2_Image_creation_management_registry/arg_vs_env.yaml b/data/2_Image_creation_management_registry/arg_vs_env.yaml new file mode 100644 index 0000000..33c6947 --- /dev/null +++ b/data/2_Image_creation_management_registry/arg_vs_env.yaml @@ -0,0 +1,54 @@ +questions: + - uuid: 9057af62-62e6-4e3a-9fbe-e07fbe0ef09c + question: What is the key difference between ARG and ENV in a Dockerfile? + answers: + - { value: 'ARG values persist in the running container, while ENV values do not', correct: false } + - { value: 'ARG is only available during the build process, while ENV persists in the running container', correct: true } + - { value: 'ENV can only be set at build time, while ARG can be changed at runtime', correct: false } + - { value: 'There is no difference; both behave the same way', correct: false } + help: https://docs.docker.com/engine/reference/builder/#arg + + - uuid: bcaab5e0-aa29-4965-94fa-a4a7241de8b6 + question: What happens to an ARG defined before the FROM instruction in a Dockerfile? + answers: + - { value: 'It is available throughout the entire Dockerfile', correct: false } + - { value: 'It can only be used in the FROM instruction itself and is not available after FROM', correct: true } + - { value: 'It overrides any ENV with the same name', correct: false } + - { value: 'It is ignored completely by the Docker builder', correct: false } + help: https://docs.docker.com/engine/reference/builder/#understand-how-arg-and-from-interact + + - uuid: 0c93c67a-c7bd-4245-8a86-6a8242b35ec8 + question: How do you pass a build-time variable to a Dockerfile when running docker build? + answers: + - { value: 'docker build --env MY_VAR=value .', correct: false } + - { value: 'docker build --build-arg MY_VAR=value .', correct: true } + - { value: 'docker build --arg MY_VAR=value .', correct: false } + - { value: 'docker build --set MY_VAR=value .', correct: false } + help: https://docs.docker.com/engine/reference/commandline/build/#build-arg + + - uuid: 11113d53-caba-4a96-a7d0-842e6fdd7c6c + question: Which of the following is a predefined ARG that Docker makes available without needing an ARG instruction in the Dockerfile? + answers: + - { value: 'DOCKER_HOST', correct: false } + - { value: 'HTTP_PROXY', correct: true } + - { value: 'CONTAINER_NAME', correct: false } + - { value: 'BUILD_DATE', correct: false } + help: https://docs.docker.com/engine/reference/builder/#predefined-args + + - uuid: c1959e7d-90eb-47f6-9cd1-40c290377a50 + question: If an ARG and an ENV instruction define the same variable name, which value takes precedence in subsequent instructions? + answers: + - { value: 'The ARG value always takes precedence', correct: false } + - { value: 'The ENV value always takes precedence over the ARG value', correct: true } + - { value: 'Docker throws an error due to the naming conflict', correct: false } + - { value: 'The value depends on the order they appear; the last one wins', correct: false } + help: https://docs.docker.com/engine/reference/builder/#using-arg-variables + + - uuid: 5a257daa-dc10-4547-aceb-f1796c62c104 + question: Why should sensitive data such as passwords not be passed using ARG instructions? + answers: + - { value: 'Because ARG values are encrypted in the image layers', correct: false } + - { value: 'Because ARG values are visible in the image history and build logs', correct: true } + - { value: 'Because ARG values are automatically published to Docker Hub', correct: false } + - { value: 'Because ARG values cannot contain special characters', correct: false } + help: https://docs.docker.com/engine/reference/builder/#arg diff --git a/data/2_Image_creation_management_registry/build_cache.yaml b/data/2_Image_creation_management_registry/build_cache.yaml new file mode 100644 index 0000000..83ac393 --- /dev/null +++ b/data/2_Image_creation_management_registry/build_cache.yaml @@ -0,0 +1,54 @@ +questions: + - uuid: 1c2d3e4f-5a6b-4c7d-8e9f-0a1b2c3d4e5f + question: How does Docker determine whether a layer can be reused from the build cache? + answers: + - { value: 'It compares the image size before and after each instruction', correct: false } + - { value: 'It checks whether the instruction string and the content of referenced files have changed', correct: true } + - { value: 'It always rebuilds every layer to ensure consistency', correct: false } + - { value: 'It checks the timestamp of the Dockerfile only', correct: false } + help: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#leverage-build-cache + + - uuid: 2d3e4f5a-6b7c-4d8e-9f0a-1b2c3d4e5f6a + question: What happens to the build cache for all subsequent layers when an earlier layer is invalidated? + answers: + - { value: 'Only the invalidated layer is rebuilt; subsequent layers are reused', correct: false } + - { value: 'All subsequent layers after the invalidated layer are also rebuilt', correct: true } + - { value: 'Docker skips the invalidated layer and continues with the cache', correct: false } + - { value: 'Docker prompts the user to decide which layers to rebuild', correct: false } + help: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#leverage-build-cache + + - uuid: 36e1ab90-15eb-4779-93d0-c3406eb44964 + question: Why is it a best practice to place COPY instructions for frequently changing files toward the end of a Dockerfile? + answers: + - { value: 'Because COPY instructions at the end run faster', correct: false } + - { value: 'Because Docker requires COPY to be the last instruction', correct: false } + - { value: 'To maximize cache reuse by keeping stable layers early and volatile layers late', correct: true } + - { value: 'Because files copied later take up less disk space in the image', correct: false } + help: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#leverage-build-cache + + - uuid: da7281c1-e78f-4ebf-b976-0f78d57a7b0f + question: What does the --no-cache flag do when running docker build? + answers: + - { value: 'It prevents the final image from being stored on disk', correct: false } + - { value: 'It forces Docker to rebuild all layers without using any existing cache', correct: true } + - { value: 'It disables caching for only the last layer in the build', correct: false } + - { value: 'It removes all previously cached images from the system', correct: false } + help: https://docs.docker.com/engine/reference/commandline/build/#options + + - uuid: 5c802a7f-404a-4c72-9787-2529a04524f2 + question: How does cache invalidation differ between COPY and ADD when referencing local files? + answers: + - { value: 'ADD always invalidates the cache, while COPY never does', correct: false } + - { value: 'COPY checks file checksums for cache validity, while ADD also invalidates the cache when referencing remote URLs', correct: true } + - { value: 'Both COPY and ADD ignore the cache entirely', correct: false } + - { value: 'COPY invalidates the cache based on filename only, while ADD uses file size', correct: false } + help: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#add-or-copy + + - uuid: 30154ecc-0769-4e76-b520-3e53bacdab68 + question: What is a cache mount in the context of BuildKit (RUN --mount=type=cache)? + answers: + - { value: 'A read-only volume that stores the final image layers', correct: false } + - { value: 'A persistent cache directory that survives across builds, useful for package manager caches', correct: true } + - { value: 'A network mount that downloads dependencies from a remote server', correct: false } + - { value: 'A temporary file system used only during the current RUN instruction', correct: false } + help: https://docs.docker.com/build/guide/mounts/ diff --git a/data/2_Image_creation_management_registry/buildkit_buildx.yaml b/data/2_Image_creation_management_registry/buildkit_buildx.yaml new file mode 100644 index 0000000..83a00e7 --- /dev/null +++ b/data/2_Image_creation_management_registry/buildkit_buildx.yaml @@ -0,0 +1,54 @@ +questions: + - uuid: 1a2b3c4d-5e6f-4a7b-8c9d-0e1f2a3b4c5d + question: How do you enable BuildKit for a Docker build using an environment variable? + answers: + - { value: 'DOCKER_BUILDKIT=0 docker build .', correct: false } + - { value: 'DOCKER_BUILDKIT=1 docker build .', correct: true } + - { value: 'BUILDKIT_ENABLED=true docker build .', correct: false } + - { value: 'DOCKER_BUILD_MODE=buildkit docker build .', correct: false } + help: https://docs.docker.com/build/buildkit/ + + - uuid: 2b3c4d5e-6f7a-4b8c-9d0e-1f2a3b4c5d6e + question: Which command is used to build images for multiple platforms simultaneously? + answers: + - { value: 'docker build --multi-platform', correct: false } + - { value: 'docker compose build --platform all', correct: false } + - { value: 'docker buildx build --platform linux/amd64,linux/arm64', correct: true } + - { value: 'docker image build --arch amd64,arm64', correct: false } + help: https://docs.docker.com/build/building/multi-platform/ + + - uuid: c9cb5ebb-21e1-41b6-bf42-a07ee93b219f + question: What is the purpose of the docker buildx create command? + answers: + - { value: 'To create a new Docker image from scratch', correct: false } + - { value: 'To create a new builder instance that can be used for building images', correct: true } + - { value: 'To create a new Dockerfile template', correct: false } + - { value: 'To initialize a new Docker registry', correct: false } + help: https://docs.docker.com/engine/reference/commandline/buildx_create/ + + - uuid: 64c3f27c-1e21-434a-ae67-150af7c3b95c + question: Which advantage does BuildKit provide over the legacy Docker build engine? + answers: + - { value: 'It removes the need for a Dockerfile', correct: false } + - { value: 'It automatically pushes images to a registry after build', correct: false } + - { value: 'It enables parallel execution of independent build stages and better caching', correct: true } + - { value: 'It requires less disk space for storing final images', correct: false } + help: https://docs.docker.com/build/buildkit/ + + - uuid: 0cca5e54-53d1-40c5-b02a-93a9ff0fc318 + question: What does the --platform flag specify when used with docker buildx build? + answers: + - { value: 'The operating system of the host machine performing the build', correct: false } + - { value: 'The target platform(s) for the resulting image, such as linux/amd64 or linux/arm64', correct: true } + - { value: 'The Docker Engine version to use during the build', correct: false } + - { value: 'The cloud provider platform where the image will be deployed', correct: false } + help: https://docs.docker.com/build/building/multi-platform/ + + - uuid: 3254542e-ae41-48ad-831c-2394526fd73b + question: How do you switch to a specific builder instance created with docker buildx? + answers: + - { value: 'docker buildx switch ', correct: false } + - { value: 'docker buildx set ', correct: false } + - { value: 'docker buildx use ', correct: true } + - { value: 'docker buildx activate ', correct: false } + help: https://docs.docker.com/engine/reference/commandline/buildx_use/ diff --git a/data/2_Image_creation_management_registry/cmd_vs_entrypoint.yaml b/data/2_Image_creation_management_registry/cmd_vs_entrypoint.yaml new file mode 100644 index 0000000..a2a1960 --- /dev/null +++ b/data/2_Image_creation_management_registry/cmd_vs_entrypoint.yaml @@ -0,0 +1,72 @@ +questions: + - uuid: 04033ba6-479f-4e10-9bbd-9b7409b8f141 + question: What is the primary difference between CMD and ENTRYPOINT in a Dockerfile? + answers: + - { value: 'CMD defines the main executable and ENTRYPOINT provides default arguments', correct: false } + - { value: 'ENTRYPOINT defines the main executable that always runs, while CMD provides default arguments that can be overridden', correct: true } + - { value: 'CMD runs at build time and ENTRYPOINT runs at container start', correct: false } + - { value: 'There is no difference; they are interchangeable instructions', correct: false } + help: https://docs.docker.com/engine/reference/builder/#understand-how-cmd-and-entrypoint-interact + + - uuid: fb222053-2b41-454f-bbe4-c1b2d1eb8326 + question: What is the exec form of the CMD instruction? + answers: + - { value: 'CMD command param1 param2', correct: false } + - { value: 'CMD ["command", "param1", "param2"]', correct: true } + - { value: 'CMD {command, param1, param2}', correct: false } + - { value: 'CMD (command param1 param2)', correct: false } + help: https://docs.docker.com/engine/reference/builder/#cmd + + - uuid: 66d3f744-48ec-4f43-80e3-ee6661d277ec + question: What happens when you specify a command at the end of docker run if a CMD instruction exists in the Dockerfile? + answers: + - { value: 'The command in docker run is appended to the CMD instruction', correct: false } + - { value: 'Docker throws an error because CMD cannot be overridden', correct: false } + - { value: 'The command specified in docker run replaces the CMD instruction entirely', correct: true } + - { value: 'Both commands execute sequentially inside the container', correct: false } + help: https://docs.docker.com/engine/reference/builder/#cmd + + - uuid: 26631241-368d-452b-b3f3-3131a0e74c43 + question: When ENTRYPOINT is set in exec form and CMD is also defined, what does CMD provide? + answers: + - { value: 'An alternative command that runs if ENTRYPOINT fails', correct: false } + - { value: 'Default arguments that are appended to the ENTRYPOINT command', correct: true } + - { value: 'A health check command for the container', correct: false } + - { value: 'Environment variables for the ENTRYPOINT process', correct: false } + help: https://docs.docker.com/engine/reference/builder/#understand-how-cmd-and-entrypoint-interact + + - uuid: 1e2f3a4b-5c6d-4e7f-8a9b-0c1d2e3f4a5b + question: How do you override the ENTRYPOINT at runtime when starting a container? + answers: + - { value: 'docker run --cmd ', correct: false } + - { value: 'docker run --override ', correct: false } + - { value: 'docker run --entrypoint ', correct: true } + - { value: 'docker run --exec ', correct: false } + help: https://docs.docker.com/engine/reference/run/#entrypoint-default-command-to-execute-at-runtime + + - uuid: 2f3a4b5c-6d7e-4f8a-9b0c-1d2e3f4a5b6c + question: What happens when CMD is written in shell form (CMD command param1)? + answers: + - { value: 'The command is executed directly without any shell', correct: false } + - { value: 'The command is executed as /bin/sh -c "command param1"', correct: true } + - { value: 'Docker wraps the command in a PowerShell process', correct: false } + - { value: 'The command is ignored if ENTRYPOINT is also defined', correct: false } + help: https://docs.docker.com/engine/reference/builder/#cmd + + - uuid: 8432bcb7-4c09-457b-82eb-b93d0084d337 + question: If a Dockerfile contains ENTRYPOINT in shell form, what happens to CMD arguments? + answers: + - { value: 'CMD arguments are appended to the ENTRYPOINT command', correct: false } + - { value: 'CMD arguments are passed as environment variables', correct: false } + - { value: 'CMD arguments are ignored because the shell form does not pass additional arguments', correct: true } + - { value: 'CMD arguments replace the ENTRYPOINT command', correct: false } + help: https://docs.docker.com/engine/reference/builder/#understand-how-cmd-and-entrypoint-interact + + - uuid: dd3c02f5-c181-4a2f-8ab3-84d95babf8b3 + question: Which combination correctly uses ENTRYPOINT with CMD to run "python app.py --verbose" by default while allowing the arguments to be overridden? + answers: + - { value: 'ENTRYPOINT ["python", "app.py", "--verbose"]', correct: false } + - { value: 'CMD ["python", "app.py", "--verbose"]', correct: false } + - { value: 'ENTRYPOINT ["python", "app.py"] and CMD ["--verbose"]', correct: true } + - { value: 'ENTRYPOINT python and CMD app.py --verbose', correct: false } + help: https://docs.docker.com/engine/reference/builder/#understand-how-cmd-and-entrypoint-interact diff --git a/data/2_Image_creation_management_registry/healthcheck_instruction.yaml b/data/2_Image_creation_management_registry/healthcheck_instruction.yaml new file mode 100644 index 0000000..aa1d58f --- /dev/null +++ b/data/2_Image_creation_management_registry/healthcheck_instruction.yaml @@ -0,0 +1,54 @@ +questions: + - uuid: a1f4e7b2-8c3d-4e6a-b9f1-2d5a8c3e7f01 + question: What is the purpose of the HEALTHCHECK instruction in a Dockerfile? + answers: + - { value: 'To restart the container automatically when it crashes', correct: false } + - { value: 'To tell Docker how to test whether the container is still working correctly', correct: true } + - { value: 'To monitor host system resource usage for the container', correct: false } + - { value: 'To validate the Dockerfile syntax before building', correct: false } + help: https://docs.docker.com/engine/reference/builder/#healthcheck + + - uuid: ad862055-0033-4ebc-94c4-3efdc473d257 + question: Which flag sets the time between running the health check command in a HEALTHCHECK instruction? + answers: + - { value: '--timeout', correct: false } + - { value: '--retries', correct: false } + - { value: '--interval', correct: true } + - { value: '--start-period', correct: false } + help: https://docs.docker.com/engine/reference/builder/#healthcheck + + - uuid: d61f7734-f997-4989-b3c1-07ea35e5ccfe + question: What does the --start-period flag do in a HEALTHCHECK instruction? + answers: + - { value: 'It sets the time to wait before the first health check is run, giving the container time to bootstrap', correct: true } + - { value: 'It defines the interval between subsequent health checks', correct: false } + - { value: 'It specifies the maximum time the container can remain unhealthy', correct: false } + - { value: 'It sets how long to wait before killing an unhealthy container', correct: false } + help: https://docs.docker.com/engine/reference/builder/#healthcheck + + - uuid: 46d7b70a-d1fe-4c9d-8942-028ff0f85fd5 + question: How do you disable any health check inherited from a base image? + answers: + - { value: 'HEALTHCHECK --disable', correct: false } + - { value: 'HEALTHCHECK OFF', correct: false } + - { value: 'HEALTHCHECK NONE', correct: true } + - { value: 'RUN rm /healthcheck', correct: false } + help: https://docs.docker.com/engine/reference/builder/#healthcheck + + - uuid: 5fa4f009-33ad-4828-9fc2-81ce1721668f + question: What is the default value of the --retries flag in a HEALTHCHECK instruction? + answers: + - { value: '1', correct: false } + - { value: '5', correct: false } + - { value: '3', correct: true } + - { value: '10', correct: false } + help: https://docs.docker.com/engine/reference/builder/#healthcheck + + - uuid: f6c9d2a7-db8c-4dbf-a4e6-7c0f3b8d2e56 + question: What is the difference between the CMD and CMD-SHELL forms in a HEALTHCHECK instruction? + answers: + - { value: 'CMD runs the command directly without a shell, while CMD-SHELL runs the command inside a shell', correct: false } + - { value: 'CMD-SHELL runs the command inside the default shell (/bin/sh -c), while CMD runs the command directly as an exec array', correct: true } + - { value: 'CMD-SHELL is used on Windows only, while CMD is used on Linux', correct: false } + - { value: 'There is no difference; both forms behave identically', correct: false } + help: https://docs.docker.com/engine/reference/builder/#healthcheck