Interview Kubernetes, Docker, Helm & Podman

What is a container, and how is it different from a virtual machine?

Kubernetes, Docker, Helm & Podman · Intermediate level

Answer

A container packages a process with its filesystem and runtime isolation using kernel primitives. A virtual machine virtualizes hardware and runs a full guest OS, while containers share the host kernel and are usually lighter and faster to start.

Technical explanation

Containers are not a security boundary equivalent to a VM; they share the host kernel and need runtime hardening.

Their value is packaging consistency, fast startup, resource efficiency, and portable deployment workflows.

Container image quality affects supply chain, startup time, vulnerability surface, rollout reliability, and debugging workflows.

Prefer reproducible builds: pinned dependencies, small build context, deterministic Dockerfile order, non-root runtime, and immutable image references.

Understand the runtime boundary: an image is not a VM, and container isolation depends on kernel, namespaces, cgroups, capabilities, seccomp, and mounts.

Hands-on example

1. Create a tiny sample app and Dockerfile for this exercise: run the same app in a container and a VM-like environment and compare startup/isolation.

2. Build and inspect it with docker build or podman build, docker history, image inspect, and a vulnerability or size scan if available.

3. Run it locally with explicit env vars, ports, user, volumes, and signal tests depending on the question.

4. Convert the final runtime assumptions into Kubernetes fields such as image, command, args, ports, securityContext, probes, and volumeMounts.

Preparing for an interview?

Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.

More Kubernetes, Docker, Helm & Podman interview questions

← All Kubernetes, Docker, Helm & Podman questions