Prepare for your Kubernetes interview with this comprehensive guide featuring 30 essential questions and answers. Covering basic, intermediate, and advanced topics, these questions are designed for freshers, candidates with 1-3 years of experience, and professionals with 3-6 years in container orchestration. Each answer provides clear, practical insights into Kubernetes concepts, troubleshooting, and best practices.
Basic Kubernetes Interview Questions (1-10)
1. What is Kubernetes and why is it popular?
Kubernetes is an open-source platform for automating deployment, scaling, and management of containerized applications. Its popularity stems from features like self-healing, automatic rollouts/rollbacks, service discovery, load balancing, and horizontal scaling across clusters of hosts.[1][2]
2. Describe the core components of Kubernetes architecture.
The Kubernetes architecture consists of a Control Plane and Worker Nodes. Control Plane components include API Server (entry point for all commands), etcd (key-value store for cluster state), Scheduler (assigns pods to nodes), and Controller Manager (handles replication). Worker Nodes have Kubelet (manages pods), Container Runtime (runs containers), and Kube Proxy (handles networking).[1][5]
3. What is a Pod in Kubernetes?
A Pod is the smallest deployable unit in Kubernetes, consisting of one or more containers that share storage, network, and lifecycle. Pods are ephemeral and get unique IPs for communication within the cluster.[2][5]
4. What is the role of etcd in Kubernetes?
etcd is a distributed key-value store that serves as the single source of truth for all cluster data. It stores the desired and actual state of the cluster, ensuring consistency across components.[1][5]
5. What are Kubernetes Services and their types?
Kubernetes Services provide stable endpoints for accessing a set of pods. Types include ClusterIP (internal access), NodePort (external via node port), LoadBalancer (external load balancer), and Headless (direct pod access via DNS).[2]
6. What is a Namespace in Kubernetes?
A Namespace is a virtual cluster within a physical cluster, used to divide resources between multiple users or teams. It provides scope for names and helps organize objects like pods and services.[2]
7. Explain Deployments in Kubernetes.
Deployments manage ReplicaSets and provide declarative updates for pods. They handle scaling, rolling updates, and rollbacks by maintaining the desired number of pod replicas.[3]
8. What is a ReplicaSet?
A ReplicaSet ensures a specified number of pod replicas are running at any time. It is typically managed by Deployments and handles pod failures by creating replacements.[3]
9. What are ConfigMaps and Secrets?
ConfigMaps store non-sensitive configuration data as key-value pairs, injectable into pods. Secrets store sensitive data like passwords or tokens, encoded in base64, also mountable as volumes or environment variables.[2]
10. How do you backup Kubernetes cluster state?
Backup etcd regularly using snapshots, as it holds all cluster state. For application data, backup Persistent Volumes. Tools like Velero can snapshot both resources and volumes for complete recovery.[5]
Intermediate Kubernetes Interview Questions (11-20)
11. What are Liveness and Readiness Probes?
Liveness probes check if a pod is running; failure triggers restart. Readiness probes check if a pod is ready to receive traffic; failure removes it from service endpoints.[3]
12. Explain Horizontal Pod Autoscaler (HPA).
HPA automatically scales the number of pods in a Deployment based on observed metrics like CPU utilization. It ensures scalability by adding/removing replicas dynamically.[3]
13. What are Kubernetes Network Policies?
Network Policies define rules to control traffic flow between pods, similar to firewalls. They restrict pod-to-pod communication based on labels, namespaces, or IP blocks.[1][2]
14. How does Kubernetes handle storage with Persistent Volumes?
Persistent Volumes (PV) represent storage resources, while Persistent Volume Claims (PVC) are requests for storage by users. StorageClasses define storage types and dynamic provisioning.[3]
15. What is Role-Based Access Control (RBAC) in Kubernetes?
RBAC controls access to Kubernetes resources using Roles (namespace-scoped) and ClusterRoles (cluster-wide), bound to users or service accounts via RoleBindings and ClusterRoleBindings.[1]
16. Explain Taints and Tolerations.
Taints repel pods from nodes unless pods have matching tolerations. Used for node scheduling control, like dedicating nodes for specific workloads at companies like Atlassian.[1]
17. What is a StatefulSet?
StatefulSet manages stateful applications requiring stable network identities and persistent storage. Unlike Deployments, pods get predictable names and ordered deployment/scaling.[2]
18. How do you expose applications externally in Kubernetes?
Use Services (NodePort/LoadBalancer) for basic exposure or Ingress controllers for HTTP/HTTPS routing with path-based rules and TLS termination.[2]
19. What are Pod Security Standards?
Pod Security Standards enforce security best practices like running as non-root, restricting capabilities, and preventing privileged containers via admission controllers.[1]
20. How do you monitor resource usage in Kubernetes?
Use kubectl top pods --sort-by=cpu or kubectl top pods --sort-by=memory to view resource consumption and identify resource-intensive pods.[2]
Advanced Kubernetes Interview Questions (21-30)
21. How would you troubleshoot a pod stuck in Pending state?
Check events with kubectl describe pod <pod-name> for scheduling issues, insufficient resources, or taints. Verify node capacity and image pull errors.[1]
22. What causes CrashLoopBackOff and how to debug it?
CrashLoopBackOff occurs when a container crashes repeatedly. Debug with kubectl logs <pod-name>, kubectl describe pod for events, and check resource limits or probe failures.[1][2]
23. How do you resolve DNS issues in a Kubernetes cluster?
Verify CoreDNS pods are running, check pod DNS config, test with nslookup inside pods, and ensure service cluster IPs resolve correctly.[1]
24. A pod is running but not reachable from its Service. What steps do you take?
Check Service selectors match pod labels, verify endpoint objects with kubectl get endpoints, test pod-to-pod connectivity, and review network policies.[1][2]
25. Why might a Deployment not scale as expected?
Check HPA configuration, metrics server availability, resource requests/limits, pod disruption budgets, and if the ReplicaSet can schedule new pods due to node constraints.[1]
26. How do you implement high availability in Kubernetes control plane?
Use multi-node control planes with etcd clustering, load balancers for API server access, and Pod Anti-Affinity to spread components across nodes.[1]
27. Explain Kubernetes admission controllers.
Admission controllers intercept API requests before persistence, validating or mutating objects. Used for security (PodSecurity), quotas, and injecting sidecars like at Paytm-scale deployments.[2]
28. How do you secure container images in Kubernetes?
Scan images with tools like Trivy, enforce image policies via admission controllers, use trusted registries, and apply Pod Security Contexts for non-root execution.[1]
29. What is Pod Anti-Affinity and when to use it?
Pod Anti-Affinity prevents scheduling pods on the same node/topology, ensuring high availability. Useful for distributing replicas across failure domains in production at companies like Salesforce.[1]
30. How do you handle secrets management at scale?
Use Kubernetes Secrets for simple cases, integrate external vaults for rotation/encryption, and apply RBAC with network policies. Avoid hardcoding in manifests.[1]
Master these Kubernetes interview questions to demonstrate expertise across all levels. Practice with hands-on labs focusing on troubleshooting, security, and scaling for real-world scenarios.
