Common Kubernetes Admin Interview Questions to Know

1

How can you mitigate security risks in Kubernetes?

Reference answer

These risks can be mitigated by applying the best security practices or repairing misconfiguration of the clusters.

2

Can you explain the differences between Docker Swarm and Kubernetes?

Reference answer

Below are the main difference between Kubernetes and Docker: - The installation procedure of the K8s is very complicated but if it is once installed then the cluster is robust. On the other hand, the Docker swarm installation process is very simple but the cluster is not at all robust. - Kubernetes can process the auto-scaling but the Docker swarm cannot process the auto-scaling of the pods based on incoming load. - Kubernetes is a full-fledged Framework. Since it maintains the cluster states more consistently so autoscaling is not as fast as Docker Swarm.

3

What is a Kubernetes controller? Name a few different types of controllers.

Reference answer

A Kubernetes controller is a control loop that watches over a desired state of a Kubernetes object and takes action to ensure the current state matches the desired state. Some common types of controllers include ReplicaSet, Deployment, Statefulset, and Daemonset.

4

What is the difference between Docker and Kubernetes?

Reference answer

Docker is a platform for building and running containers. It packages your application and everything it needs into a container that runs consistently across environments, from a local laptop to a CI/CD pipeline. Kubernetes is a container orchestration platform. It does not build containers. It schedules and manages them across a cluster of machines. Today, Kubernetes does not rely on Docker as the runtime. It connects directly to container runtimes like containerd or CRI-O through the Container Runtime Interface.

5

Can you provide a YAML example of a Pod with two containers?

Reference answer

apiVersion: v1 kind: Pod metadata: name: pod-with-two-containers spec: containers: - name: container1 image: image1 - name: container2 image: image2

6

What are Network Policies in Kubernetes?

Reference answer

Kubernetes Network Policies regulate traffic within the cluster, boosting both security and performance. - Network Policy: The rule-set defining traffic behavior. - Selector: Identifies pods to which the policy applies. - Gateways / Egress Points: Regulate outgoing traffic. - Ingress Definition: Specifies allowed inbound connections. - Allow: Permits specific traffic types. - Deny: Blocks specified traffic types. - Blacklist / Whitelist: Contradictory to Allow & Deny, they either block everything except what's listed (Whitelist) or block specific things except what's listed (Blacklist). Different Kubernetes tools and implementations have their own way of writing policies. - Cilium: Uses rich BPF rule expression to define advanced rules and manage application-level policies. - Calico: Adds its security and network features, with a powerful policy engine allowing you to express complex network rules. - Start Simple: Build policies gradually, testing after each rule addition. - Documentation: Detailed policy design and updates encourage consistent and secure practices. - Review Regularly: Network requirements can change, necessitating policy updates. - Testing: Use tools like kube-router to verify policy application. By implementing Network Policies, businesses can ensure more secure and efficient internal Kubernetes communication, meeting compliance and governance requirements.

7

What is a storage class in Kubernetes? How is it used?

Reference answer

A storage class is a Kubernetes object that defines the type of storage that can be used by a pod or a persistent volume claim (PVC). Storage classes are used to dynamically provision storage resources based on the requirements of the application.

8

What is kube-scheduler and what's the role of it?

Reference answer

Kube-scheduler is responsible for keeping track of the state of the cluster and ensuring that all desired pods are scheduled. In a Kubernetes cluster, the scheduler is responsible for assigning Pods to Nodes. When a new Pod is created, the scheduler watches for it and becomes responsible for finding the best Node for that Pod to run on. To do this, the scheduler looks at the requirements of the Pod and compares them with the capabilities of the Nodes in the cluster. The scheduler also takes into account factors such as Node utilization and available resources. By finding the best match between Pods and Nodes, the scheduler helps to ensure that Pods are running on an optimal Node. This, in turn, helps to improve the performance of the overall cluster. To get the most out of the Kubernetes scheduler, you should configure it to schedule your pods as efficiently as possible. You can do this by configuring the scheduler's resource constraints and pod priorities.

9

How does Kubernetes handle networking for Pods?

Reference answer

Kubernetes assigns each Pod its unique IP address, ensuring communication across Pods. It also abstracts the underlying network, simplifying the deployment process.

10

What is the significance of Labels and Selectors in Kubernetes?

Reference answer

Labels are key-value pairs attached to objects like Pods, allowing for efficient categorization and identification. Selectors, on the other hand, are used to filter objects based on labels. This powerful combination enables easy grouping and selection of resources, facilitating streamlined management and organization within a Kubernetes cluster.

11

What is Ingress in Kubernetes?

Reference answer

Ingress is an API object used to manage external access to the services within a cluster, allowing for more advanced routing, SSL termination, and host-based routing.

12

How do you check the status of jobs and pods?

Reference answer

To check the status of a pod, run this command: kubectl get pods NAME READY STATUS RESTARTS AGE visualcv-main 1/1 Running 0 59s To check the status of a job, run this command instead: kubectl get job NAME DESIRED SUCCESSFUL AGE visualcv-main 1 0 19s

13

How the Kubernetes Scheduler Assigns Pods to Nodes

Reference answer

The Kubernetes scheduler (kube-scheduler ) is a control plane component responsible for deciding where each Pod should run. It ensures optimal placement based on resource availability, constraints, and policies. Scheduling Workflow - Filtering Phase (Predicates) The scheduler first filters out nodes that cannot host the Pod. Examples of filtering criteria: Insufficient CPU or memory , Node taints and tolerations , Node selectors or affinity rules, Volume or topology constraints - Scoring Phase (Priorities) From the remaining eligible nodes, the scheduler scores each one based on priority functions. - Binding The Pod is bound to the highest-scoring node, and the API Server updates the cluster state accordingly.

14

What is a Pod in Kubernetes?

Reference answer

A Pod is the smallest and simplest Kubernetes object. It represents a single instance of a running process in a cluster and can contain one or more containers that share the same network namespace, IP address, and storage. Pods are designed to support the deployment of tightly coupled application components that need to share resources.

15

You're deploying a mix of latency-sensitive services and batch jobs in a Kubernetes cluster. How would you ensure each workload is scheduled appropriately?

Reference answer

In a Kubernetes cluster hosting both latency-sensitive services and batch jobs, scheduling decisions must be tailored to meet the unique demands of each workload. This is where the kube-scheduler and its extensibility come into play. Default Behavior with kube-scheduler The default kube-scheduler evaluates Pods in the scheduling queue and assigns them to Nodes based on: - Resource availability (CPU, memory) - Constraints like affinity/anti-affinity, taints/tolerations - Scoring functions that rank eligible nodes for optimal placement This works well for general-purpose workloads, including latency-sensitive services that need consistent performance and fast response times.

16

What is the difference between an EmptyDir volume and a PersistentVolumeClaim in Kubernetes?

Reference answer

An EmptyDir volume is ephemeral and tied to a Pod's lifecycle, while a PersistentVolumeClaim requests storage that is provisioned and managed separately from the Pod.

17

What is the Horizontal Pod Autoscaler (HPA), and how does it work?

Reference answer

The Horizontal Pod Autoscaler (HPA) in Kubernetes automatically scales the number of pod replicas in a deployment, replica set, or stateful set based on observed CPU utilization or other select metrics. HPA continually monitors the specified metric (e.g., average CPU usage) and adjusts the number of replicas to match the desired target utilization. The HPA controller queries the metrics API for the current value of the specified metric, calculates the desired number of replicas based on the target, and updates the resource's replica count accordingly. HPA supports custom metrics and external metrics, allowing scaling based on application-specific indicators or external data sources. Properly tuning HPA settings and thresholds ensures optimal resource usage and application performance.

18

How do you debug Kubernetes Pods?

Reference answer

When Pods fail, Kubernetes provides multiple ways to debug it: - Use kubectl logs to check container logs for errors. - Use kubectl describe pod to inspect events and recent state changes. - Use kubectl exec to open an interactive shell and investigate from inside the container. - Use kubectl get pods --field-selector=status.phase=Faile d to list all failing Pods. # get logs of a specific Pod kubectl get logs # describe the Pod and check events kubectl describe pod # open an interactive shell inside the Pod kubectl exec -it – /bin/sh # check all failing pods kubectl get pods --field-selector=status.phase=Failed These commands help identify misconfigurations, resource constraints, or application errors.

19

What are the security risks in Kubernetes?

Reference answer

There are various security risks in this platform, which are mentioned below. - Unauthorized access - Misconfigured clusters - Insecure network policies - Vulnerable container images

20

How is host application deployment different from container application deployment?

Reference answer

Deploying applications directly on hosts can be less flexible and scalable compared to using containers, which encapsulate an application and its dependencies in a portable container image.

21

What is a pod network in Kubernetes?

Reference answer

A pod network is a network overlay that connects pods in a Kubernetes cluster.

22

What are some examples of Kubernetes security measures you've used and loved?

Reference answer

- Role-Based Access Control (RBAC) to manage permissions more efficiently - Network policies to restrict pod-to-pod communication - Pod Security Standards (PSS) to enforce best practices like non-root containers - Secrets management via Kubernetes Secrets, external vaults like HashiCorp Vault - Image scanning with tools like Trivy or Anchore - Pod security policies and admission controllers for pre-deployment checks

23

You have a Kubernetes deployment running a web application and need to perform a rolling update with zero downtime. How would you accomplish this?

Reference answer

To achieve zero-downtime rolling updates, I would follow these steps: - Create a new version of the container image with the required changes. - Update the deployment's image tag to the new version while keeping the replica count unchanged. - Monitor the rollout progress using the Kubernetes rollout status command to ensure the update proceeds smoothly. - Configure the deployment with a readiness probe to verify the availability and stability of the updated pods before considering them ready. - If any issues occur, use Kubernetes' rollback feature to revert to the previous version. - Monitor the application's logs and metrics to confirm that the rolling update was successful without any disruptions.

24

Define Heapster in Kubernetes

Reference answer

A Heapster is a metrics collection and performance monitoring system for data that are collected by the Kublet.

25

What are Init Containers?

Reference answer

Init Containers are specialized containers that run before the main application containers in a Pod start. They are used to perform setup tasks such as configuration, data initialization, or waiting for a service to become available. Each Init Container must complete successfully before the next one starts, and they all must complete before any of the main application containers start.

26

How can we use Kubernetes on a single machine?

Reference answer

To set up Kubernetes on a local machine, we can use a tool such as minikube or Kind. Both are open-source binaries that can create a local Kubernetes environment on your machine.

27

What is the difference between Rolling Updates and Blue-Green Deployments?

Reference answer

Rolling Updates and Blue-Green Deployments are two common strategies used in software development and deployment to ensure smooth and efficient updates to applications. Rolling Updates involve gradually replacing instances of the old application with instances of the new one. This is typically done in a phased manner, where a subset of servers or containers is updated at a time, ensuring that there is minimal disruption to the overall system. If any issues arise during the update, they can be addressed before moving on to the next subset, reducing the risk of widespread downtime. Blue-Green Deployments, on the other hand, involve maintaining two separate environments: one with the current production version (Blue) and another with the new version (Green). When a new release is ready, traffic is redirected from the Blue environment to the Green one. This approach allows for a seamless and quick rollback to the previous version if any problems are detected, as the old environment remains intact. Blue-Green Deployments provide a higher level of safety and flexibility but require more resources as both environments need to be kept up and running simultaneously.

28

How does Kubernetes monitor and check the health of containers?

Reference answer

Kubernetes actively monitors and checks the health of containers and workloads, ensuring quick remediation in case of issues.

29

How to inject secrets securely in Kubernetes (not env vars)?

Reference answer

Injecting Secrets as Environment Variables is a major security risk because they can be easily exposed in crash logs or via the printenv command inside the container. Instead, you should inject Secrets strictly as Read-Only Volume Mounts. When a Secret is mounted as a volume, Kubernetes uses a tmpfs (RAM-backed filesystem). The sensitive data is never written to the underlying Node's physical disk. Furthermore, if you update the Secret object in the API, the mounted volume automatically updates within the running Pod.

30

How do you update an application in Kubernetes?

Reference answer

You typically update an application by changing the container image tag in the Deployment manifest. When you apply the updated manifest, Kubernetes performs a rolling update, gradually replacing old Pods with new ones.

31

What are the main components of a Kubernetes cluster?

Reference answer

A Kubernetes cluster consists of the Master node and Worker nodes. The Master node comprises components like the API server, controller manager, and scheduler, while Worker nodes run containers and include kubelet, kube-proxy, and a container runtime.

32

What are the core concepts for storage management in Kubernetes?

Reference answer

Core Concepts: Storage classes, Persistent Volumes (PVs) and Persistent Volume Claims (PVCs) abstract the underlying storage technologies and provide dynamic provisioning and access control.

33

What does Kubernetes Controller Manager do?

Reference answer

Kubernetes controller manager is responsible for garbage collection, creation of namespaces, and control loops.

34

You need to update a live PHP deployment without dropping any user requests. How do you implement a Zero-Downtime Rolling Update?[Asked in Amazon]

Reference answer

“To guarantee true zero-downtime during an update, I implement strict Pod Lifecycle hooks in the YAML: - Strategy: Set maxUnavailable: 0 to ensure Kubernetes spins up new Pods before terminating old ones. - Readiness Probes: Prevent the Service from routing traffic to the new Pod until it returns a 200 OK status. - PreStop Hook: Add a preStop: sleep 10 hook. This pauses termination, allowing the Ingress controller enough time to update routing tables before the PHP process actually dies.”

35

What is a Kubernetes operator?

Reference answer

A Kubernetes operator is a design pattern to package, deploy, and manage a Kubernetes application. Think of an operator as a way to create and deploy all the Kubernetes resources that go with an application at once using automation. For example, an operator creates a Kubernetes service, the backing pods, the storage volumes as well as the Roles, and RoleBindngs, and all the configurations that are part of an application that runs on a Kubernetes cluster. There are Kubernetes operators for MySQL, Oracle and Redis to name a few

36

What are the different components of Kubernetes Architecture?

Reference answer

The Kubernetes Architecture has mainly 2 components – the master node and the worker node. As you can see in the below diagram, the master and the worker nodes have many inbuilt components within them. The master node has the kube-controller-manager, kube-apiserver, kube-scheduler, etcd. Whereas the worker node has kubelet and kube-proxy running on each node.

37

What's the difference between a Pod, a Service, and a Deployment?

Reference answer

A Pod is the smallest deployable unit; it wraps one or more containers that share networking and storage. A Deployment manages how many replicas of a Pod run and handles updates and rollbacks. A Service provides a stable network endpoint that routes traffic to Pods, even as Pods are created and destroyed. Here's a minimal Pod definition: apiVersion: v1 kind: Pod metadata: name: my-app spec: containers: - name: app image: nginx:1.27 ports: - containerPort: 80 And a Deployment that manages three replicas of it: apiVersion: apps/v1 kind: Deployment metadata: name: my-app spec: replicas: 3 selector: matchLabels: app: my-app template: metadata: labels: app: my-app spec: containers: - name: app image: nginx:1.27 ports: - containerPort: 80 And a Service that exposes those Pods internally: apiVersion: v1 kind: Service metadata: name: my-app-service spec: selector: app: my-app ports: - port: 80 targetPort: 80 type: ClusterIP The selector in the Service matches Pods with the label app: my-app . Traffic arriving on port 80 is forwarded to port 80 on those Pods.

38

What is Kubernetes?

Reference answer

Kubernetes is an open-source container orchestration system that automates container deployment, scaling, and management processes. Using Kubernetes allows you to easily distribute container replicas over several physical hosts, called Nodes, to achieve high availability and boost performance.

39

Explain Kubelet

Reference answer

Each node runs services to run containers and be managed from the master. In addition to Docker, Kubelet is another key service installed there. It reads container manifests as YAML files that describes a pod. Kubelet ensures that the containers defined in the pods are started and continue running.

40

What is an init container in Kubernetes?

Reference answer

Basically a pod includes various containers within it with a specified one. This specified container is known as init container. These containers are just like the regular ones but have slightly different working. It always runs before the other containers and does not stop working until the operation completes.

41

What is a Deployment in Kubernetes?

Reference answer

A Deployment in Kubernetes is a higher-level abstraction that manages the lifecycle of Pods. It ensures that the desired number of replicas are up and running and provides features like rolling updates, rollbacks, and self-healing. Here's how a simple Deployment definition YAML file looks like: apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment spec: replicas: 3 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.21 ports: - containerPort: 80

42

What are Namespaces in Kubernetes?

Reference answer

A Namespace is a virtual cluster within a Kubernetes cluster. It helps to organize workloads in multi-tenant environments by isolating resources within a cluster. Below, you can find a short code snippet that shows how to create a Namespace using kubectl and how to create and fetch Pods in that Namespace: # create a namespace called “dev” kubectl create namespace dev # create a Pod in that namespace kubectl run nginx --image=nginx --namespace=dev # get Pods in that namespace kubectl get pods --namespace=dev

43

How does traffic flow from an external client to a Pod?

Reference answer

This is an open-ended question interviewers use to gauge your depth of understanding. A solid answer walks through the full chain: the client sends a request to an external load balancer, which forwards it to a node. kube-proxy (using iptables or IPVS rules) routes it to the correct Service, which selects a healthy Pod based on its selector labels. Alternatively, with an Ingress controller: client → load balancer → Ingress controller Pod → Service → application Pod. The more detail you can provide about each hop, the stronger your answer.

44

What is Kubernetes horizontal pod autoscaling (HPA)?

Reference answer

Kubernetes HPA automatically scales the number of replicas of a pod based on the current demand for resources.

45

What are the ways to provide API Security on Kubernetes?

Reference answer

The following are some of the ways that provide API Security: - Using the correct auth mode with the API server authentication mode= Node, RBAC - Ensuring that the traffic is protected by TLS - Using API authentication - Ensuring that kubeless protects its API via authorization-mode=Webhook - Monitoring RBAC failures - Removing default Service Account permissions - Ensuring that the kube-dashboard applies a restrictive RBAC policy - Implementing a pod security policy for container restrictions and the protection of the node - Using the latest version of kube

46

Can you explain about the Kubernetes controller manager?

Reference answer

Multiple controller processes run on the master node but are compiled together to run as a single process which is the Kubernetes Controller Manager. So, Controller Manager is a daemon that embeds controllers and does namespace creation and garbage collection. It owns the responsibility and communicates with the API server to manage the end-points. So, the different types of controller manager running on the master node are :

47

What is a Headless service in Kubernetes?

Reference answer

Headless service does not have any single access point or cluster IP. It is generally used for services that do not require any IP address for load balancing or service discovery. It allows users to access each pod that is presented in the service. With this feature they can now reach any pod without using any proxy. Headless services are useful in scenarios where load balancing or a single service IP is not required.

48

What is the last update date for the CKA exam?

Reference answer

The CKA exam was last updated on May 20, 2026.

49

What is the vendor for the CKA exam?

Reference answer

The vendor for the CKA exam is CNCF (Cloud Native Computing Foundation).

50

What are the main differences between Docker Swarm and Kubernetes?

Reference answer

Docker Swarm and Kubernetes are both container orchestration platforms. They are both designed for deploying and managing containers at scale. However, there are some key differences between the two platforms. Docker Swarm is a native clustering solution for Docker. It is simpler to install and configure than Kubernetes. Docker Swarm also uses the same CLI and API as Docker, so it is easy to learn for users who are already familiar with Docker. However, Docker Swarm lacks some of the advanced features that Kubernetes has, such as automatic rollouts and rollbacks, health checks, and secrets management. Kubernetes is a more complex system than Docker Swarm, but it offers a richer feature set. Kubernetes is also portable across different environments, so it can be used in on-premise deployments, as well as cloud-based deployments. In addition, Kubernetes is backed by a large community of users and developers, so there is a wealth of support and documentation available. To sum up: -Kubernetes is more complicated to set up but the benefits are a robust cluster and auto-scaling -Docker Swarm is easy to set up but does not have a robust cluster or autoscaling

51

When to use StatefulSet?

Reference answer

Some examples of reasons you'd use a StatefulSet include: - A Redis pod that has access to a volume, but you want it to maintain access to the same volume even if it is redeployed or restarted - A Cassandra cluster and have each node maintain access to its data - A webapp that needs to communicate with its replicas using known predefined network identifiers

52

What is a Kubernetes mutating admission webhook, and how does it work?

Reference answer

A mutating admission webhook allows real-time modification of Kubernetes objects before they are applied to the cluster and persisted. It runs a dynamic admission controller in Kubernetes that intercepts API requests before objects are persisted in etcd. It can modify the request payload by injecting, altering, or removing fields before allowing the request to proceed. They are commonly used for: - Injecting sidecars. - Setting default values for Pods, Deployments, or other resources. - Enforcing best practices (e.g. automatically assigning resource limits). - Adding security configurations (e.g. requiring labels for audit tracking).

53

What are Custom Resources in Kubernetes?

Reference answer

Custom Resources allow you to extend Kubernetes' API to include your own objects, enabling the creation of domain-specific resources and controllers.

54

What is RBAC?

Reference answer

Role-Based Access Control restricts which users or service accounts can perform actions within the cluster.

55

What is container orchestration?

Reference answer

Container orchestration is about automating the operational tasks required to run containerized workloads and services, including deploying, managing, scaling, and networking containers.

56

What are the components of Kubernetes?

Reference answer

Here are the components included in a Kubernetes cluster: - Pods: They are the smallest and most basic units of computation in Kubernetes. A Pod is a group of one or more containers that share the same network and storage resources and are deployed on the same host. Pods are ephemeral, meaning that they can be created and destroyed at any time. They are usually managed by higher-level controllers, such as deployments, which ensure that their desired number and state are maintained. - Nodes: These are the physical or virtual machines that run your Pods. Each node has a kubelet, which is an agent that communicates with the master node and manages the Pods on the node. Nodes also have other components, such as a container runtime, a kube-proxy, which handles the network routing for the Pods, and a kube-DNS, which provides DNS services for the Pods. - Master node: The master node in a Kubernetes cluster oversees the entire cluster's operation and manages the scheduling and deployment of Pods. It coordinates communication between nodes and maintains the desired state of the cluster. - Control plane: The control plane is the brain of the Kubernetes cluster. It has the API server, scheduler, etcd, and controller manager that handles the orchestration and management of the cluster. - API server: The API server is the main entry point for all the communications between the nodes and the control plane. It exposes the Kubernetes API, which allows you to interact with your cluster using the kubectl CLI, the Kubernetes dashboard, or other tools and clients. - Scheduler: The scheduler is responsible for assigning Pods to nodes based on the resource availability and requirements of the Pods. - Controller manager: The controller manager runs various controllers that monitor and manage the state of your cluster. For example, the replication controller ensures that the desired number of Pods are running for a given deployment, the service controller creates and updates the load balancers for your services, and the node controller handles the node registration and health checks. - Etcd: Etcd is a distributed key-value store that stores the configuration and state data of your cluster. It is used by the API server and the other control plane components to store and retrieve the cluster information.

57

How can we forward the port '8080 (container) -> 8080 (service) -> 8080 (ingress) -> 80 (browser)and how it can be done?

Reference answer

The ingress is exposing port 80 externally for the browser to access, and connecting to a service that listens on 8080. The ingress will listen on port 80 by default. An "ingress controller" is a pod that receives external traffic and handles the ingress and is configured by an ingress resource For this you need to configure the ingress selector and if no 'ingress controller selector' is mentioned then no ingress controller will manage the ingress. Simple ingress Config will look like host: abc.org http: paths: backend: serviceName: abc-service servicePort: 8080 Then the service will look like kind: Service apiVersion: v1 metadata: name: abc-service spec: ports: protocol: TCP port: 8080 # port to which the service listens to targetPort: 8080

58

When would you use kubectl debug or an ephemeral container instead of kubectl exec?

Reference answer

kubectl exec works when the container has a shell and the debugging tools you need. But many production images are minimal or distroless — they don't include sh , curl , or nslookup . kubectl debug solves this by attaching an ephemeral container to a running Pod. The ephemeral container shares the Pod's network and process namespace, so you can inspect everything without modifying the original image. # Attach a debug container to a running Pod kubectl debug -it --image=busybox --target=app # Create a copy of the Pod with a debug container (doesn't affect the original) kubectl debug --copy-to=debug-pod --image=ubuntu --share-processes Use kubectl exec when the container already has the tools you need. Use kubectl debug when it doesn't, or when you don't want to risk disrupting a running container by installing packages inside it.

59

How does Kubernetes support microservices?

Reference answer

Kubernetes supports the deployment and management of microservices, enabling developers to independently develop, deploy, and scale individual components.

60

How do you secure a Kubernetes cluster?

Reference answer

Securing a Kubernetes cluster involves multiple layers: - Authentication and Authorization: Using role-based access control (RBAC) to limit access to the API server. - Network Policies: Defining rules for how Pods can communicate with each other and with external endpoints. - Secrets Management: Storing sensitive data securely using Secrets and integrating with external secret management systems. - Pod Security Policies: Enforcing security standards for Pods, such as restricting privileged containers and enforcing resource limits. - Audit Logging: Keeping detailed logs of access and changes to the cluster. - Regular Updates: Keeping Kubernetes and its components updated with the latest security patches.

61

What is Kubernetes software development kit (SDK)?

Reference answer

Kubernetes software development kit (SDK) is a set of tools and libraries that help developers build, deploy and manage cloud-native applications on Kubernetes.

62

You deployed a service, but you cannot access it from outside the cluster. How do you troubleshoot the network path?

Reference answer

“I troubleshoot from the inside out to isolate the broken link: - Pod Check: I kubectl exec into a temporary pod and curl the target Pod's IP. If it fails, the app isn't listening on the right port. - Service Check: I run kubectl get endpoints . If this is empty, the Service's selector labels don't match the Pod's labels. - Ingress/Firewall Check: I verify the Ingress object rules match the Service, then check cloud security groups (e.g., AWS/Azure firewalls).”

63

Define and explain Container resource monitoring.

Reference answer

It is important for the user for users to keep track of an application's performance. One of the common criteria that are considered to do so is by checking the utilization of resources at different levels of abstraction. Kubernetes has developed cluster management by producing abstraction at various levels such as containers, pods, whole clusters, and services. All these activities together can be called container resource monitoring.

64

What is the importance of Kubernetes network policies?

Reference answer

Kubernetes Network Policies control how traffic flows between cluster Pods. They enforce which Pods are allowed to communicate with each other. This lets you prevent Pods from attempting to interact with neighboring workloads. Network Policies ensure that if one Pod is compromised, attackers can't send malicious traffic to other sensitive services running in your cluster. This makes them a key Kubernetes security control, as well as a crucial component in Kubernetes multi-tenancy implementations.

65

What is the cloud-controller-manager?

Reference answer

The cloud-controller-manager is responsible for managing integration with cloud providers, such as AWS, GCP, or Azure.

66

What are Native Sidecars (SidecarContainers), and what problem do they solve?

Reference answer

Before Kubernetes v1.28/1.29, sidecar containers were just regular containers running alongside your app. This caused a "race condition": if your application started before your sidecar (e.g., a security proxy or log shipper), the app might crash or lose data because the helper wasn't ready yet. Native Sidecars solve this by allowing you to define sidecars within the initContainers section with a restartPolicy: Always . - How it works: Kubernetes treats them as init containers, meaning they must start successfully before the main application starts. - The benefit: This guarantees that security proxies or loggers are fully active before your application ever handles a single request.

67

What is Kubernetes API server authorization?

Reference answer

Kubernetes API server authorization controls who can access and perform actions against the Kubernetes API server.

68

How does Kubernetes handle rolling updates and rollbacks?

Reference answer

Kubernetes handles rolling updates through Deployments, which manage versioned ReplicaSets. Whenever the Pod template changes, Kubernetes creates a new ReplicaSet and gradually scales down the old one. The default strategy is RollingUpdate, controlled by two parameters. maxUnavailable defines how many pods can be unavailable during the update. maxSurge defines how many extra pods can be created above the desired replica count. Together, they balance rollout speed. Monitor progress with kubectl rollout status. If something goes wrong, kubectl rollout undo restores the last stable state immediately. Kubernetes retains old ReplicaSets for rollback with the revisionHistoryLimit field. The default is 10. Lower it to save resources. Raise it if you want more rollback options down the line.

69

Explain the concept of Container Orchestration.

Reference answer

Container orchestration is the automated process of managing the lifecycle of software containers. It involves tasks such as provisioning, deployment, scaling (up or down), networking, load balancing, and health monitoring of containers across a cluster of machines. Tools like Kubernetes handle this complexity, ensuring applications are highly available and operate efficiently at scale.

70

What is Kubernetes Fluentd?

Reference answer

Kubernetes Fluentd is an open-source data collection and forwarding tool that aggregates logs and sends them to a central location for analysis and storage.

71

What is Kubernetes?

Reference answer

Kubernetes is an open-source system for managing containerized applications. It is the most widely used orchestrator for cloud-native, reliable and scalable distributed systems. Sometimes, you will see 'Kubernetes' refered to as 'k8s'. Simply put, k8s is just an abbreviation of Kubernetes. It represents the 10-letter word 'Kubernetes', which has 8-letters situated between the ‘K' and ‘S'.

72

Q15. What's the init container and when it can be used?

Reference answer

An init container is a special type of container in Kubernetes that runs and completes its tasks before the main containers in a Pod start running. Init containers are used to perform setup, initialization, or configuration tasks required by the main application containers before they can start processing requests or performing their primary functions. Here are some key points about init containers: Use Cases for Init Containers: Here's an example of a Pod definition with an init container: ```yaml apiVersion: v1 kind: Pod metadata: name: my-pod spec: containers: – name: main-container image: my-app-image # Main application container specification initContainers: – name: init-container image: busybox command: ['sh', '-c', 'echo "Performing initialization…" && sleep 10'] # Init container specification ``` In this example, the Pod contains an init container named "init-container" with a simple command to echo a message and sleep for 10 seconds. The main application container is named "main-container" and is specified below the init container. When the Pod starts, the init container will run and complete its task before the main application container starts. Using init containers can help ensure that the required setup and configuration tasks are completed successfully before the main application starts, improving the reliability and stability of the overall application deployment.

73

What are Liveness, Readiness, and Startup Probes in Kubernetes

Reference answer

Probes are health checks performed by the Kubelet to monitor container status and ensure application reliability. Each probe serves a distinct purpose in managing Pod lifecycle: Liveness Probe - Checks if the container is still running. - If it fails, the container is killed and restarted. - Useful for detecting deadlocks or stalled processes. Readiness Probe - Checks if the container is ready to serve traffic. - If it fails, the Pod is removed from Service endpoints. - Ideal for handling temporary unavailability, like during startup or heavy processing. Startup Probe - Verifies if the application has successfully started. - Temporarily disables liveness and readiness probes until it passes. - Crucial for slow-starting apps, preventing premature restarts.

74

What steps would you take to debug a failed pod in Kubernetes?

Reference answer

My first step will be detecting the error. It can be detected by evaluating logs or using command fiction like 'Kubectl'. With this process, the system will show which pod has failed to work. After detecting the error in application, it will require a reconfiguration to ensure that dependencies are accurately working or not. Later, I will delete the failed pods and create new ones in order to restart the application. Once the application has been successfully recovered, I will monitor the pod's log and metrics to check its working.

75

What is etched in Kubernetes, and how does it work?

Reference answer

Etcd is a distributed key-value store that Kubernetes uses as its primary data store. It stores all cluster data, including configuration details, state, and metadata. Etcd is a critical component of the Kubernetes control plane, ensuring consistency and reliability across the cluster. Etcd operates using a consensus algorithm called Raft, which ensures data is consistently replicated across multiple nodes. This replication provides fault tolerance and high availability, as the cluster can continue functioning even if some etcd nodes fail. Etcd uses a watch mechanism to notify clients of changes to stored data, enabling real-time updates and synchronization across the cluster. Properly managing and securing etcd is crucial for the stability and security of a Kubernetes cluster. Best practices include deploying etcd in a highly available configuration, securing communication with TLS, and regularly backing up etcd data to prevent data loss.

76

What is GitOps, and how does it relate to Kubernetes?

Reference answer

When answering this question, you want to be mindful of the fact tha,t as much as GitOps tooling exists, it is first and foremost a methodology for deploying and managing applications using Git as the single source of truth. GitOps is an approach where you declare the desired state of your infrastructure and applications in a Git repository, and an automated process ensures that the actual state of your cluster matches what is defined in Git. If a developer wants to change a deployment, they open a pull request. Once merged, the change gets applied to the cluster automatically. The core principles are: - The entire desired state of the system is described declaratively and stored in Git. - Any change to the system goes through Git, giving you a full audit trail and the ability to roll back by reverting a commit. - An agent running in the cluster continuously compares the desired state in Git with the actual state in the cluster. If something drifts (for example, someone manually edits a resource with kubectl), the agent detects this and reconciles it back to what Git says it should be. This last point is what separates GitOps from a standard CI/CD pipeline that pushes changes to a cluster. In GitOps, the cluster pulls its own state from Git and self-corrects, rather than relying on an external system to push updates.

77

How do you deploy a stateful application in Kubernetes?

Reference answer

Deploying a stateful application in Kubernetes requires using Statefulsets, which provides guarantees around the ordering and uniqueness of pod startup and termination.

78

What is PDB (Pod Disruption Budget)?

Reference answer

A Kubernetes administrator can create a deployment of a kind: PodDisruptionBudget for high availability of the application, it makes sure that the minimum number is running pods are respected as mentioned by the attribute minAvailable spec file. This is useful while performing a drain where the drain will halt until the PDB is respected to ensure the High Availability(HA) of the application. The following spec file also shows minAvailable as 2 which implies the minimum number of an available pod (even after the election). Example: YAML Config using minAvailable => apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: name: zk-pdb spec: minAvailable: 2 selector: matchLabels: app: zookeeper

79

What is the best approach to reduce expenses and increase speed in a DevOps pipeline using Kubernetes?

Reference answer

The best approach to meet this goal is implementation of DevOps practices like building CI/CD pipelines. This approach will definitely reduce the expenses but it may take more time to process. This is where they should use this tool to schedule and orchestrate all containers on a cluster. By completing this procedure they can achieve high efficiency with minimum expenses and higher speed.

80

Describe the role of a kube-proxy in the cluster.

Reference answer

kube-proxy is a critical network component that runs on every node in a Kubernetes cluster. Its primary job is to enable communication between services and Pods, ensuring that traffic is routed correctly across the cluster. What kube-proxy Does: - Service Discovery & Routing - Load Balancing - Protocol Handling

81

List the features of Kubernetes.

Reference answer

Some of the features of Kubernetes are: Automated scheduling: Kubernetes automatically schedules containers to run on the available resources in the cluster. Self-healing capabilities: Kubernetes automatically replaces failed containers and reschedules them on healthy nodes in the cluster. Automated rollouts and rollback: Kubernetes is responsible for automating the deployment process, enabling users to roll out new versions of their applications easily and roll them back in case of any issues. Horizontal scaling and load balancing: Kubernetes automatically scales and distributes traffic across multiple instances of a containerized application. Configuration management: Kubernetes enables users to define and manage the application configuration settings separately from the application code. Service discovery & networking: Kubernetes provides a built-in service discovery mechanism to locate and communicate with other services in the cluster. Security & compliance: Kubernetes provides several security features, including access control to ensure the security of the cluster and compliance with organizational policies.

82

What are the different strategies for Kubernetes deployment, and when would you use each?

Reference answer

- RollingUpdate: Gradually replaces old pods with new ones, minimizing downtime. Ideal for most updates requiring high availability. - Recreate: Terminates all old pods before new ones are created. Suitable for stateless applications where brief downtime is acceptable. - Blue/Green: Deploys a new version alongside the old version, then switches traffic. Use it to test a new release in the production environment before going live. - Canary: Introduces a new version to a small subset of users before rolling it out to everyone. Useful for testing the impact of changes incrementally.

83

What is Kube-proxy?

Reference answer

Kube-proxy is an implementation of a load balancer and network proxy used to support service abstraction with other networking operations. Kube-proxy is responsible for directing traffic to the right container based on IP and the port number of incoming requests.

84

How can you solve connectivity issues between pods?

Reference answer

To solve this connectivity issue developers first have to detect why and where the error has risen. These errors can be a result of misconfigured network policies, incorrect service definition or firewall rules. They can use tools like 'nslookup' and 'Kubectl exec'. It can be also done by inspecting podes connectivity, network policies and service definitions to detect the problem. Once the error has been found, they can resolve it by configuring inter-pod communication according to the network policies.

85

What are the different types of cloud controller managers?

Reference answer

Here are some of the types of cloud controller managers: Node controller: Responsible for managing the lifecycle of nodes in the cluster, such as creating, updating, and deleting nodes Route controller: Manages ingress and egress traffic for services running in the Kubernetes cluster Volume controller: Responsible for managing the lifecycle of volumes in the cluster, such as creating, attaching, and detaching volumes. Service controller: Manages the lifecycle of Kubernetes services, such as creating, updating, and deleting services.

86

What is the role of the "Kube-scheduler" in Kubernetes, and how does it decide where to place newly created pods within the cluster?

Reference answer

Kube-scheduler determines optimal node for new pods based on resource availability and constraints, ensuring efficient pod placement.

87

What does it mean that “pods are ephemeral”?

Reference answer

Pods are ephemeral. They are not designed to run forever, and when a Pod is terminated it cannot be brought back. In general, Pods do not disappear until they are deleted by a user or by a controller. Pods do not “heal” or repair themselves. For example, if a Pod is scheduled on a node which later fails, the Pod is deleted. Similarly, if a Pod is evicted from a node for any reason, the Pod does not replace itself.

88

How can we enable monitoring of the pods?

Reference answer

To monitor the Pods running on the cluster, we can use the following command to check their utilization: kubectl top pods -n Pod-level metrics can be viewed using the Grafana dashboard as well. Prometheus and Grafana need to be integrated with the metrics that are exposed by Kubernetes. Kubernetes exposes several metrics that are related to overall cluster health as well as pod-level metrics. The metrics server exposes these metrics and can be accessed using /metrics API. kubectl get --raw /metrics

89

When to use a DaemonSet instead of a Deployment?

Reference answer

Use a DaemonSet to create one pod on each node. This is perfect for tools that log data, monitor systems, or manage networks. Unlike Deployments, which work by increasing the number of identical pod copies.

90

What are the key challenges organizations may face when migrating existing applications to Kubernetes, and how can these challenges be mitigated?

Reference answer

Challenges when migrating to Kubernetes include complex application dependencies, storage considerations, and network policy management. Mitigation involves incrementally migrating services, using Kubernetes-native tools for storage and networking, and thorough testing.

91

How to do maintenance activity on the K8 node?

Reference answer

Whenever there are security patches available the Kubernetes administrator has to perform the maintenance task to apply the security patch to the running container in order to prevent it from vulnerability, which is often an unavoidable part of the administration. The following two commands are useful to safely drain the K8s node. - kubectl cordon - kubectl drain –ignore-daemon set The first command moves the node to maintenance mode or makes the node unavailable, followed by kubectl drain which will finally discard the pod from the node. After the drain command is a success you can perform maintenance. Note: If you wish to perform maintenance on a single pod following two commands can be issued in order: - kubectl get nodes: to list all the nodes - kubectl drain : drain a particular node

92

What is a headless service?

Reference answer

A service without a ClusterIP. It's used to control the domain name system (DNS) responses directly, often useful for integrating with other service discovery mechanisms and for managing stateful sets.

93

What is Kubernetes pod security context?

Reference answer

Kubernetes pod security context provides a way to set security-related attributes on a per-pod basis, such as user and group IDs, and file permissions.

94

Explain the difference between a deployment and a statefulset in Kubernetes.

Reference answer

A deployment and a statefulset are two different controllers in Kubernetes with distinct use cases: - Deployment: A deployment manages stateless applications or microservices. It provides declarative updates, scaling, and rollback capabilities. Deployments are suitable for applications that don't require stable, unique network identities or stable storage. - StatefulSet: A statefulset manages stateful applications that require stable network identities and stable storage. It ensures that each pod in the set has a stable hostname, network identity, and persistent storage. StatefulSets are typically used for databases, distributed systems, and applications that require ordered deployment and scaling.

95

What is etcd?

Reference answer

etcd is a consistent and highly-available distributed key-value store used as Kubernetes' backing store for all cluster data. It holds the configuration and state of the cluster.

96

What is Kubernetes Prometheus?

Reference answer

Kubernetes Prometheus is an open-source monitoring and alerting toolkit that collects metrics and data from the Kubernetes API server.

97

How do you mount a secret in a pod?

Reference answer

A Secret can be mounted as a volume or injected as an environment variable. When mounted as a volume, the application reads sensitive data from the file system. When used as an environment variable using secretKeyRef, a particular key from the secret maps to a variable in the container. This method is often used for database passwords or API tokens.

98

Explain the Role and Functionality of the Control Plane Components in Kubernetes.

Reference answer

The candidate should explain the components of the Kubernetes Control Plane, including the kube-apiserver, etcd, kube-scheduler, kube-controller-manager, and cloud-controller-manager. They should detail how these components interact to manage the state of a Kubernetes cluster, focusing on aspects like API serving, cluster state storage, pod scheduling, and the lifecycle management of various Kubernetes objects. Important Points to Mention: - The kube-apiserver acts as the front end to the control plane, exposing the Kubernetes API. - etcd is a highly available key-value store used for all cluster data. - The kube-scheduler distributes workloads. - The kube-controller-manager runs controller processes. - The cloud-controller-manager lets you link your cluster into your cloud provider's API. Example You Can Give: “When deploying a new application, the kube-apiserver processes the creation request. etcd stores this configuration, making it the source of truth for your cluster's desired state. The kube-scheduler then decides which node to run the application's Pods on, while the kube-controller-manager oversees this process to ensure the desired number of Pods are running. For clusters running in cloud environments, the cloud-controller-manager interacts with the cloud provider to manage resources like load balancers.” Hedge Your Answer: “While this answer outlines the core responsibilities of each control plane component, the real-world functionality can extend beyond these basics, especially with the advent of custom controllers and cloud-provider-specific integrations. Additionally, how these components are managed and interact can vary based on the Kubernetes distribution and the underlying infrastructure.”

99

Can you provide a YAML configuration for a Pod with multiple containers?

Reference answer

Here is the YAML configuration: apiVersion: v1 kind: Pod metadata: name: my-pod spec: containers: - name: primary-container image: primary-image - name: secondary-container image: secondary-image volumes: - name: shared-data emptyDir: {} In this instance, primary-container is the main application container, and secondary-container is the auxiliary container. Both containers share the same storage volume shared-data.

100

What is Kubernetes mainly used for?

Reference answer

Kubernetes is mainly used to run and manage containerized applications. It helps automatically scale and maintain applications across servers.

101

Explain the role of etcd in Kubernetes.

Reference answer

etcd is a distributed key-value store used by Kubernetes to store all cluster data. It is the primary data store for Kubernetes and holds the state of all cluster objects, such as nodes, Pods, and configurations. etcd provides a reliable way to store data across distributed systems and ensures consistency and availability of the Kubernetes cluster state.

102

What is load balancing on Kubernetes?

Reference answer

Load balancing in Kubernetes ensures network traffic is efficiently distributed across multiple Pod replicas, preventing any single Pod from becoming a bottleneck. - Internal Load Balancing: Managed by ClusterIP Services and kube-proxy, distributing East-West traffic between internal microservices. - External Load Balancing: Managed by Ingress controllers or cloud-provider LoadBalancer Services. It directs North-South traffic (from the outside internet) to the correct backend Pods based on configured routing rules.

103

How can you troubleshoot cluster issues in Kubernetes?

Reference answer

In case of cluster issues, the platform may give some common signs like high memory or CPU use, pod eviction and slow response time. It can be identified by using tools like 'Kubectl top' or reviewing cluster metrics. Once the problem is detected, it can be removed by scaling the required resource limits. The best way to mitigate the potential issues before happening is to optimize it frequently.

104

What do mean by Cloud Controller Manager?

Reference answer

There are certain important roles of the Cloud Controller Manager to maintain the residing cloud services in Kubernetes. The Cloud Controller Manager plays a significant role in routing the network, maintaining consistent storage, and management of communication with the pre-existing cloud-based services further, it also helps in abstracting the codes, particularly for Cloud Controller Manager from the primary specific code of Kubernetes. It is categorized into various types of cloud containers. Each container can be used on the basis of a particular Cloud Controller Manager platform. Further, it permits cloud sellers to develop Kubernetes codes. Here it is also considered that the Kubernetes code can be organized and deployed without depending on any of the platforms of the Cloud Controller Manager. In order to do so the cloud vendors or sellers, first, take time to develop a specific code. After developing a code these vendors connect with the Kubernetes cloud controller manager while running the Kubernetes.

105

You're managing a Kubernetes cluster shared by multiple teams working on different projects. How would you isolate their resources and avoid naming conflicts?

Reference answer

In this scenario, Namespaces are the ideal solution. Kubernetes Namespaces allow you to divide a single cluster into virtual sub-clusters, each with its own scope for resources like Pods, Services, and ConfigMaps. Benefits of Using Namespaces - Isolation: Each team gets its own namespace, preventing accidental interference with others' workloads. - Avoids naming conflicts: Resources like web-service can exist in multiple namespaces without clashing. - Access control: You can apply Role-Based Access Control (RBAC) to restrict who can access or modify resources in each namespace. - Resource quotas: Set limits on CPU, memory, and object counts per namespace to prevent overuse.

106

Do you know what container resource monitoring is?

Reference answer

Container resource monitoring is the process of constantly collecting metrics. Also, it tracks the health of containerized applications to improve their health and performance and ensure they are operating smoothly. Container resource monitoring has become popular because it provides robust capabilities to track potential failures.

107

What is the Kubernetes Dashboard?

Reference answer

The Kubernetes Dashboard is a web-based UI for Kubernetes clusters. It provides a user-friendly interface to manage and troubleshoot applications and resources in a Kubernetes cluster. Key features include: - Cluster overview: View cluster resources, nodes, namespaces, and workloads. - Resource management: Create, update, and delete Kubernetes resources. - Monitoring and logging: View metrics and logs for applications. - Access control: Manage users and permissions with RBAC. To deploy the Kubernetes Dashboard: kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml Access it securely via a proxy: kubectl proxy And navigate to http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/ in your browser.

108

How do you implement zero-downtime deployments?

Reference answer

Set: strategy: rollingUpdate: maxUnavailable: 0 maxSurge: 1 - Use readinessProbes and preStop hooks. - Use canary or blue/green deployment patterns (e.g., via Argo Rollouts).

109

How do you manage permissions for Kubernetes cluster connections?

Reference answer

The permissions for connecting with a Kubernetes cluster is managed by a set of rules that are defined by the Ingress network.

110

How does Kubernetes handle resource management and limits?

Reference answer

Kubernetes lets you define what your application needs and how much it can use through requests and limits. Requests specify the minimum CPU and memory required. The scheduler uses them to decide where a pod runs. If a node cannot meet those requested resources due to limited resource availability, the pod will not be scheduled there. Once the container is running, limits take effect. Managing Kubernetes resources at this level matters because exceeding the CPU limit throttles the container. Exceeding the memory limit terminates it with an out-of-memory kill. Watching resource usage helps you catch these issues before they hit your users.

111

What is Kubernetes KubeVirt?

Reference answer

Kubernetes KubeVirt is an open-source virtual machine runtime for Kubernetes, allowing users to deploy and manage virtual machines alongside Kubernetes workloads.

112

What is a Secret in Kubernetes?

Reference answer

Secrets are Kubernetes resources used to securely store sensitive information such as passwords, API keys, and certificates within the cluster.

113

What is Kubernetes?

Reference answer

Kubernetes is an open-source container orchestration platform that automates the deployment, scaling, and management of containerized applications.

114

What is Kubernetes cloud deployment?

Reference answer

Kubernetes cloud deployment is the deployment of Kubernetes clusters on cloud platforms, such as AWS, Azure, or GCP.

115

How do you secure a Kubernetes cluster?

Reference answer

Securing a Kubernetes cluster is a multi-layered approach. It includes focusing the given key areas: - RBAC (Role-Based Access Control) - Network Policies - Pod Security Standards - Secrets Management - Image Scanning - API Server Auditing

116

What is the role of a Controller Manager in Kubernetes?

Reference answer

This tool has numerous controllers on the master node that are embedded together to perform as a single operation. It is crucial to run each controller efficiently. It is where a controller manager is needed, it compiles controllers and namespace creation and garbage collection. The controller manager is also responsible for communication between API servers and endpoints. Following are some examples of different controller manager - - Node Controller - Replication Controller - Endpoint Controller - Service Account and Token Controller

117

How to monitor the health and performance of a Kubernetes cluster?

Reference answer

Kubernetes addresses the storage needs of stateful applications by employing Persistent Volumes (PVs) and Persistent Volume Claims (PVCs): Persistent Volume (PV): A PV serves as a cluster-wide resource, representing networked storage within the cluster. This storage can be in the form of a physical disk or network-attached storage (NAS). The responsibility for the provisioning and management of PVs lies with administrators. Persistent Volume Claim (PVC): On the other hand, a PVC is a user or application's request for a specific amount of storage resources. It acts as an abstraction layer, allowing developers to request and consume storage resources without dealing with the underlying complexities. A PVC binds to a suitable PV based on matching capacity and access modes, fulfilling the storage requirements specified by the user or application.

118

Are there other ways to interact with Kubernetes?

Reference answer

kubectl is the primary command-line tool for communicating with a Kubernetes cluster. You use it to create and manage resources, inspect cluster state, view logs, and debug running workloads. Under the hood, every kubectl command translates into an HTTP request to the Kubernetes API server. And that detail matters, because kubectl is just one client. Other ways to interact with Kubernetes include: - The Kubernetes API directly: Since the API server exposes a REST API, you can make requests to it using curl or any HTTP client. This is common in automation scripts and CI/CD pipelines where you need programmatic access. - Client libraries: Kubernetes has official client libraries for languages like Go, Python, Java, and others. These are useful when you are building tooling or controllers that need to interact with the cluster from within your own code. - The Kubernetes Dashboard: A web-based UI that gives you a visual overview of the cluster. It is helpful for getting a quick picture of what is running, though most day-to-day work tends to happen through kubectl or automation. - Infrastructure-as-code tools: Tools like Helm, Kustomize, or even Terraform can manage Kubernetes resources declaratively. These sit on top of the API and are useful when you want to version, template, or package your deployments.

119

How does Kubernetes handle secrets management?

Reference answer

Kubernetes uses Secrets to store and manage sensitive information such as passwords, tokens, and keys. Secrets are base64-encoded and can be injected into Pods as environment variables or mounted as files. To enhance security, it is recommended to use tools like HashiCorp Vault, AWS Secrets Manager, or Azure Key Vault for more secure storage and management of secrets. Additionally, Kubernetes Secrets can be encrypted at rest and access controlled using RBAC policies.

120

How does Kubernetes' Horizontal Pod Autoscaler (HPA) work, and when would you use it?

Reference answer

The Horizontal Pod Autoscaler (HPA) automatically adjusts the number of pod replicas in a deployment based on observed CPU utilization or other specified metrics. Used to maintain performance during varying load, HPA scales out (increases replicas) during high demand and scales in (reduces replicas) during low usage, optimizing resource use.

121

Explain how Kubernetes handles high availability and failover.

Reference answer

Kubernetes ensures high availability and failover through a combination of its architecture and various built-in components. The control plane, consisting of the API server, etcd, controller manager, and scheduler, is typically deployed in a highly available manner across multiple nodes. Etcd, the key-value store, is often set up with a quorum of nodes to ensure data consistency and availability. In the event of node failures, Kubernetes uses controllers such as ReplicaSets to ensure that the desired number of pod replicas are always running. If a node fails, the scheduler will automatically reschedule the pods on other available nodes. Additionally, Kubernetes supports multi-zone and multi-region deployments to further enhance availability and disaster recovery capabilities.

122

What is Namespace?

Reference answer

Namespaces in Kubernetes provide a way to organize and isolate resources within a cluster. Type of Namespaces: - Default: This is the default namespace - Kube-public: Public access without Authentication - Kube-system: Kube cluster management workspace - Kube-node-lease: Heartbeat performance #Create a Namespace: kubectl create namespace #List Namespaces: kubectl get namespaces #Switch Context to a Namespace: kubectl config set-context --current --namespace= #Delete a Namespace (and all resources within it): kubectl delete namespace #View Resources in a Namespace: kubectl get pods -n kubectl get deployments -n apiVersion: v1 kind: ResourceQuota metadata: name: namespace: spec: hard: pods: "10" requests.cpu: "4" requests.memory: "2Gi" limits.cpu: "6" limits.memory: "4Gi"

123

What is a Namespace in Kubernetes?

Reference answer

Namespaces let you create multiple virtual clusters within a single physical cluster. Different teams get their own partition without stepping on each other. Resource names only need to be unique within a namespace, so conflicts across teams are not an issue. You can attach quotas, access controls, and policies to a namespace to keep resource usage in check.

124

What are stateful sets?

Reference answer

Manage stateful applications with unique, persistent identities and stable storage that persists across pod rescheduling.

125

What is a Kubernetes deployment rollout strategy? Name a few different types of strategies.

Reference answer

A Kubernetes deployment rollout strategy is used to update a deployed application to a new version. Some common deployment strategies include RollingUpdate, Recreate, and Blue/Green.

126

Scenario 1- for instance, a company designs and develops a monolithic architectural handle for multiple products. Further, the architectural handle creates issues due to the expansion of the present day's scaling industry. What are your thoughts about how the company will shift from monolithic to microservices and deploy the containers for the services?

Reference answer

Yes, indeed it is possible for a company to jump or shift from monolithic architectural handles to micro-services. In order to do this, they have to start designing new plans and implementing those plans to construct micro-services one by one. After constructing the desired micro-services they can easily switch over the background configuration. After the configuration is completed they can place each micro-services onto the Kubernetes platform. At first, they will have to introduce some of their micro-services on the Kubernetes platforms. Then they will have to observe the functionality of the same. After finding everything running smoothly, they can completely put all their applications on the Kubernetes platform.

127

What are the different ways to provide external network connectivity to K8?

Reference answer

By default, POD should be able to reach the external network but vice-versa we need to make some changes. Following options are available to connect with POD from the outer world. - Nodeport (it will expose one port on each node to communicate with it) - Load balancers (L4 layer of TCP/IP protocol) - Ingress (L7 layer of TCP/IP Protocol) Another method is to use Kube-proxy which can expose a service with only cluster IP on the local system port. $ kubectl proxy --port=8080 $ http://localhost:8080/api/v1/proxy/namespaces//services/:/

128

How does Kubernetes handle service discovery and load balancing?

Reference answer

Kubernetes employs two key components to handle service discovery and load balancing: 1. Services: Kubernetes services offer a consistent network endpoint for accessing a group of pods. Acting as an abstraction layer, services provide clients with a stable way to connect without requiring knowledge of individual pod IP addresses. Kubernetes assigns a virtual IP address and DNS name to the service, enabling traffic load balancing among the associated pods. 2. kube-proxy: Operating on each node within the Kubernetes cluster, kube-proxy functions as a network proxy responsible for managing network routing and load balancing for services. It ensures that traffic directed to a service's virtual IP address is appropriately distributed among the underlying pods, facilitating efficient load balancing across the cluster.

129

What are Kubernetes Pods?

Reference answer

Pods are the smallest deployable units in Kubernetes, which can hold one or more containers that share storage/network, and a specification on how to run the containers.

130

What is ClusterIP?

Reference answer

It is a type of service in Kubernetes that provides a single internal IP address for accessing pods, making it ideal for internal cluster communication.

131

What is the purpose of the Kubernetes API server?

Reference answer

As the front end to the cluster's shared state, the API server manages REST operations and serves as the hub through which all other components communicate. Its main responsibility is to receive and handle HTTP requests in the form of API calls, which come from consumers or other Kubernetes system components. The Kubernetes API server is crucial to the validation as well as the configuration of data for different API objects, including pods, services, replication controllers, and more.

132

How can we check the utilization of the nodes?

Reference answer

We can check the utilization of the nodes in the cluster using the command below: kubectl top nodes If available, we can also use the Kubernetes dashboard to monitor the utilization of the nodes. We can also integrate the cluster with the Prometheus-Grafana stack to monitor and alert the cluster.

133

What is the role of container runtimes in Kubernetes?

Reference answer

Container runtimes are responsible for running the containers within Pods. Kubernetes supports several container runtimes via the Container Runtime Interface (CRI). Popular container runtimes include: - Docker: One of the most widely used container runtimes. - containerd: A lightweight runtime designed to manage the lifecycle of containers. - CRI-O: An OCI-compliant runtime designed to run containers directly from Kubernetes. The container runtime handles container operations such as image pulling, starting, stopping, and managing container storage and networking.

134

Can you provide Python code that accesses a Kubernetes Service?

Reference answer

Python code that Accesses the Service: import requests response = requests.get('http://my-service/') print(response.text)

135

What is the connection between Kubernetes and Docker?

Reference answer

Kubernetes and Docker were found to be the most popular containerized development technologies. The docker is used to package the applications into containers while the kubernetes can be used to orchestrate and control the containers available in the production environment.

136

How are Kubernetes and Docker related?

Reference answer

Docker packages applications and their dependencies into isolated units called containers, ensuring consistency across environments. Kubernetes takes these containers and handles deployment, scaling, load balancing, and fault tolerance across a distributed infrastructure. Whereas Docker can run containers independently, Kubernetes requires a container runtime. Docker was the default before containerd replaced it in recent versions.

137

What is Kubernetes scheduling?

Reference answer

Kubernetes scheduling is the process of assigning a running pod to a node in the cluster.

138

Q13. What are the various K8 services running on nodes and describe the role of each service?

Reference answer

In a Kubernetes (K8s) cluster, several essential services run on nodes to ensure proper cluster management, networking, and communication between components. Here are some of the key services and their roles: These services, running on every node, play a crucial role in maintaining the health, networking, and performance of the Kubernetes cluster. They ensure seamless communication, resource management, and container orchestration, providing the foundation for deploying and managing containerized applications effectively in the Kubernetes environment.

139

How do you run Kubernetes locally?

Reference answer

To run Kubernetes locally, we can use Minikube.

140

What is Kubernetes kubectl describe?

Reference answer

Kubernetes kubectl describe is the command to get detailed information about a Kubernetes object, such as a pod, replication controller, or service.

141

What happens if the API server is down in EKS?

Reference answer

- No new resources can be created or modified. - Existing workloads continue running. - Kubelets on nodes keep managing running pods independently.

142

How to run Kubernetes locally?

Reference answer

Kubernetes can be set up locally using the Minikube tool. It runs a single-node bunch in a VM on the computer. Therefore, it offers the perfect way for users who have just ongoing learning Kubernetes.

143

How does Kubernetes handle resource limits and requests?

Reference answer

Kubernetes uses resource requests and limits to manage how much CPU and memory a container can use. These settings help ensure that applications have sufficient resources to run and prevent a single container from monopolizing resources. - Requests: The amount of CPU and memory guaranteed to the container. The Kubernetes scheduler uses these values to place Pods on nodes that have sufficient resources. - Limits: The maximum amount of CPU and memory a container can use. If a container exceeds its limits, Kubernetes may throttle its CPU or evict the container if it uses too much memory. Example Pod configuration with resource requests and limits: ```yaml apiVersion: v1 kind: Pod metadata: name: resource-demo spec: containers: - name: resource-demo-ctr image: nginx resources: requests: memory: "64Mi" cpu: "250m" limits: memory: "128Mi" cpu: "500m" ```

144

What is etcd in Kubernetes, and why is it important?

Reference answer

etcd is a key-value store that Kubernetes uses to store all cluster data. It keeps track of the cluster's state, configurations, and deployed objects. If etcd fails, Kubernetes may lose critical data.

145

A critical pod in your Kubernetes cluster fails. How would you identify the issue and recover the application?

Reference answer

To identify the issue and recover the application, I would follow these steps: - Check the pod's status and events using the kubectl command to identify any error messages or crash loop errors. - Inspect the pod's logs to gather more information about the failure and identify any application-specific errors or exceptions. - If the issue is related to resource constraints, adjust the resource allocations for the pod or the cluster. - If the pod is stuck in a crash loop, review the pod's configuration and ensure any required dependencies or configurations are correctly set up. - If necessary, delete and recreate the pod to restart the application. - Monitor the pod's logs and metrics to verify that the application recovers successfully.

146

Name the different services in Kubernetes.

Reference answer

The different in Kubernetes are: - Cluster IP service - External Name Creation service - Node Port service - Load Balancer service

147

How does Kubernetes work?

Reference answer

Kubernetes operates on a declarative model managed by a Control Plane and Worker Nodes. You define the desired state of your application (e.g., “I need 3 replicas of Nginx”) using a YAML file and submit it to the API server. The Scheduler then assigns these Pods to optimal Worker Nodes. The Kubelet agent on each node continuously ensures the containers match your desired state. If a node crashes, the Control Plane detects the drift and automatically spins up new Pods on healthy nodes to compensate.

148

What are managed Kubernetes services?

Reference answer

Cloud providers offer managed Kubernetes services that abstract cluster management tasks, making it easier to set up, scale, and maintain Kubernetes clusters.

149

What is a Kubernetes pod template?

Reference answer

A Kubernetes pod template defines the desired configuration for a pod, including the container image, environment variables, and other settings.

150

What is orchestration in software?

Reference answer

Application orchestration in the software process means that we can integrate two or more applications. We will be able to automate arrangement, coordination, and management of computer software. The goal of any orchestration process is to streamline and optimize frequent repeatable processes.

151

Why does the control plane need an odd number of nodes?

Reference answer

etcd uses the Raft consensus protocol, which requires a majority (quorum) to accept writes. Three nodes tolerate one failure. Five tolerate two. An even number like four provides no additional fault tolerance over three, both need at least three healthy nodes for quorum. That's why production control planes run three or five nodes, never two or four.

152

What are “K8s”?

Reference answer

k8s is an abbreviation for Kubernetes.

153

How do you perform a rolling update in Kubernetes?

Reference answer

A rolling update keeps your application responsive while the backend is being updated. Instead of shutting everything down at once. Here's how it works: Kubernetes creates a new pod with the updated version of the application. It waits for that pod to pass its readiness check. Once the new pod is healthy, the old pod is terminated. This process repeats until all pods are running the new version.

154

What is kubeadm?

Reference answer

kubeadm is a tool provided by Kubernetes for bootstrapping a Kubernetes cluster. It simplifies the process of creating a minimum viable Kubernetes cluster that follows best practices. kubeadm handles tasks such as: - Initializing the control plane. - Setting up networking. - Configuring certificates. - Joining worker nodes to the cluster. To initialize a cluster with kubeadm: kubeadm init --pod-network-cidr= To join a worker node: kubeadm join : --token --discovery-token-ca-cert-hash sha256:

155

What is a Kubernetes daemon set?

Reference answer

A Kubernetes daemon set ensures that a specific pod runs on all or some nodes in the cluster.

156

Difference between Replication Controller and Replicaset?

Reference answer

ReplicationController and ReplicaSet are both Kubernetes controllers used to ensure that a specified number of pod replicas are running at any given time. Replication Controller: - Example: Managing a stateless web server with a fixed number of replicas. - Selector Support: Uses simple selector fields. - Rolling Updates: Not supported; manual deletion and recreation are required for updates. - Pod Deletion: May have issues with pod deletion, potentially leading to discrepancies. - Self-healing: Basic; may not effectively recover from pod failures. - Ownership and Annotation: Doesn't manage pod ownership explicitly. - Deployment Integration: Not directly integrated with Deployments. apiVersion: v1 kind: ReplicationController metadata: name: my-replication-controller spec: replicas: 3 selector: app: my-app template: metadata: labels: app: my-app spec: containers: - name: my-container image: nginx:latest ports: - containerPort: 80 ReplicaSet: - Example: Orchestrating a stateless microservice with rolling updates. - Selector Support: Supports matchLabels and matchExpressions for flexible selection criteria. - Rolling Updates: Supported natively, enabling seamless updates without downtime. - Pod Deletion: More robust handling, continuously monitoring and maintaining the desired state. - Self-healing: Advanced; effectively recovers from failures by creating new pods. - Ownership and Annotation: Manages pod ownership using annotations for tracking. - Deployment Integration: Primarily used by Deployments, offering higher-level abstractions and additional features like declarative updates and rollbacks. apiVersion: apps/v1 kind: ReplicaSet metadata: name: my-replicaset spec: replicas: 3 selector: matchLabels: app: my-app template: metadata: labels: app: my-app spec: containers: - name: my-container image: nginx:latest ports: - containerPort: 80

157

How would you manage multiple environments (development, staging, production)?

Reference answer

By using namespaces to isolate environments within a cluster or separate clusters, combined with GitOps tools like ArgoCD to enforce consistent deployments across environments.

158

How do Kubernetes Deployments and Services enable high availability for your workloads?

Reference answer

Kubernetes Deployments and Services work together to provide high availability by ensuring consistent Pod replication and automatic traffic distribution across those replicas. A Deployment maintains the desired number of identical Pods, automatically replacing failed ones and spreading them across available Nodes to reduce the risk of a single point of failure. Services expose these Pods under a stable network name and route incoming traffic to healthy replicas using internal load balancing. This abstraction allows the backend Pods to scale or move across Nodes without requiring changes to how clients connect. Even as infrastructure scales or Pods are rescheduled, the Service keeps routing traffic reliably.

159

How can you list all services in the current namespace?

Reference answer

To retrieve a list of all active Services within your currently configured namespace, execute the following command: kubectl get services Alternatively, you can use the shorthand command kubectl get svc. The output displays a highly scannable table containing critical network information: the Service NAME, the TYPE (e.g., ClusterIP, NodePort), the assigned internal CLUSTER-IP, the EXTERNAL-IP (if applicable), and the mapped PORT(S). To list Services across every namespace in the cluster, append the –all-namespaces or -A flag.

160

How are Kubernetes and Docker related?

Reference answer

Docker is an open-source platform used to handle software development. Its main benefit is that it packages the settings and dependencies that the software/application needs to run into a container, which allows for portability and several other advantages. Kubernetes allows for the manual linking and orchestration of several containers, running on multiple hosts that have been created using Docker. Related Readings: Kubernetes vs Docker

161

What is a Network Policy in Kubernetes?

Reference answer

Kubernetes Network Policies are an application-centric build that let you specify how pod is allowed to communicate with various network "entities" (we use the term "entity" here to avoid over change the more common terms such as "endpoints" and "services", which have specific K8s connotations) over the network. Network Policies apply to the connection with pod on one or both sides, and are not relevant to any other connections.

162

What are ResourceQuotas and LimitRanges?

Reference answer

- ResourceQuotas: Set namespace-wide limits (e.g., CPU, pods). - LimitRanges: Set default/request/limit constraints per container.

163

Explain the Difference between secret and config map.

Reference answer

Configmap in Kubernetes is a key-value pair that is used to store data that isn't of any sensitive nature (e.g. API keys, secrets, passwords, etc). Kubernetes secret on the other hand store sensitive data (e.g.

164

How do you monitor a Kubernetes cluster?

Reference answer

Kubernetes administrators must monitor CPU, memory, disk, networking, and application health. The following tools are recommended for these tasks: - Prometheus + Grafana: Collect and visualize cluster metrics. Create real-time alerts to get notified in case there are issues. - Loki + Fluentd: Collect and analyze logs. - Kubernetes dashboard: UI-based cluster monitoring. - Jaeger/OpenTelemetry: Distributed tracing.

165

Export your secrets for an app inside Kubernetes as an environment variable. Do it without saving inside Kubernetes secret.

Reference answer

To achieve this, use vault. With this, we use sidecar injector for secrets through configmaps, environment variables or can dump the secret to the volume. However, this isn't very secure. Storing plain text secret as an environment variable is insecure. When asked, make sure you inform your interviewer about the potential harm of storing secrets using these methods.

166

What are the core concepts for managing tasks in Kubernetes?

Reference answer

Core Concepts: Jobs and CronJobs manage the execution of Pods over time, guaranteeing the desired state.

167

How does Kubernetes manage and allocate resources?

Reference answer

Kubernetes makes it easy to manage and allocate resources (CPU and memory) to different components of an application, ensuring that no single component degrades overall performance.

168

How do readiness and liveness probes work in Kubernetes?

Reference answer

A probe is a health check mechanism used by the kubelet to determine the state of a container. There are three types: Readiness probe: Checks if the container is ready to serve traffic. If it fails, the pod is removed from the service endpoint until it passes again. Liveness probe: Checks whether the container is still alive. If it fails, Kubernetes kills it. You can use a liveness probe when you encounter issues like deadlocks and infinite loops. Startup probe: Checks if the application has finished starting. Useful for slow-starting containers that would otherwise be killed by the liveness probe before they are ready. Once it passes, the liveness and readiness probes take over.

169

What is Minikube?

Reference answer

Minikube is a tool that lets you run Kubernetes locally on a personal computer for testing and development purposes, simulating a cluster environment.

170

What are the main components of Kubernetes architecture?

Reference answer

Kubernetes architecture consists of the following main components: - Master Node: Manages the Kubernetes cluster and consists of: - API Server: Serves as the entry point for all REST commands used to control the cluster. - etcd: A key-value store used for configuration data and service discovery. - Controller Manager: Runs controller processes to regulate the state of the cluster. - Scheduler: Assigns tasks to nodes based on resource availability and policies. - Worker Nodes: Run the applications and contain: - Kubelet: An agent that runs on each node and ensures containers are running in a Pod. - Kube-proxy: Maintains network rules on nodes and handles networking for the Pods. - Container Runtime: Software that runs the containers, such as Docker or containerd.

171

In Kubernetes, what are the various services available?

Reference answer

Kubernetes supports a number of services, include the following: 1) Cluster IP, 2) Node Port, 3) Load Balancer, & 4) External Name Creation. 1. Cluster IP Service A ClusterIP service in Kubernetes provides a stable virtual IP address (Cluster IP) to the service, allowing internal communication between various parts in the Kubernetes cluster, it exposes a set of Pods within the cluster to other objects in the cluster. 2. Node Port Service A NodePort service in Kubernetes is a type of service that allows a group of Pods accessible to external customers on an allocated port on all cluster nodes. 3. Load Balancer service An external load balancer is automatically provided by a LoadBalancer service in Kubernetes to distribute incoming traffic between the Pods when a group of Pods are accessible to the outside world. 4. External Name Creation Service An ExternalName service in Kubernetes works as an alias which allows pods inside the cluster to contact services outside cluster using a user-defined DNS name. External name provides DNS-based service discovery to map a service to an external DNS name. Also Read: Kubernetes - Images

172

How does Kubernetes handle node failures and resiliency?

Reference answer

Whenever a node fails or a container becomes hazardous, Kubernetes makes sure that a sufficient amount of replicas is maintained by launching new replicas on numerous servers, which maintains continuous availability. Here are some key mechanisms and strategies that Kubernetes employs: - Node Health Monitoring - Pod Restart Policies - Replication and Desired State - Pod Disruption Budgets - Node Pools and Multi-Cloud Deployments

173

Define Kubectl?

Reference answer

The kubectl can be defined as a platform that can be used to pass the commands to the cluster. In other words, it delivers commands to the CLI to run against the Kubernetes clusters. Kubectl allows users to deploy apps, inspect and manage resources, see logs, and troubleshoot issues. It links users to the Kubernetes API server, providing precise control over cluster operations and enabling users to interact with the entire Kubernetes ecosystem.

174

How would you perform a Kubernetes cluster upgrade?

Reference answer

To upgrade a Kubernetes cluster: - Review release notes for breaking changes. - Back up etcd to protect cluster state. - Upgrade control plane components one master at a time. - Upgrade worker nodes using kubectl drain , update packages, thenkubectl uncordon . - Update add-ons like CNI, CoreDNS, and Ingress to compatible versions. Always test in staging before applying to production.

175

How do Labels and Annotations function in Kubernetes?

Reference answer

Labels help organize and select and workloads in a Kubernetes cluster, and annotations can attach arbitrary non-identifying information to objects.

176

What is Kube-proxy?

Reference answer

Kube-proxy manages network communication to Kubernetes pods from network sessions inside or outside of your cluster.

177

What happens when you run a Kubectl command?

Reference answer

Kubectl reads the kubeconfig file to determine which cluster to talk to. The request is then sent to the API server. The API server authenticates you, checks your permissions through RBAC, and then processes the request. If the request changes the cluster state, the API server stores that change in etcd.

178

What is a Pod in Kubernetes and why is it used?

Reference answer

Pods are the smallest deployable units in Kubernetes, encapsulating one or more containers. This brings flexibility and makes it effortless to manage multi-container applications.

179

How does Kubernetes use namespaces to organize cluster resources?

Reference answer

Kubernetes uses namespaces to organize and isolate resources within the cluster, like segregating environments (development, testing, production) or teams. This allows for efficient resource management, access control, and simplifies service naming within the same physical cluster.

180

Name some tools for container monitoring.

Reference answer

Some popular tools for container monitoring include: - Prometheus - InfluxDBHeapster - Grafana - cAdvisor

181

An application in Kubernetes can't connect to an external database. How do you troubleshoot?

Reference answer

Debug this from inside the Pod, working outward through each layer that could block the connection: # 1. Test connectivity from inside the Pod kubectl exec -it -- nc -zv db.example.com 5432 # 2. Check DNS resolution kubectl exec -it -- nslookup db.example.com # 3. Check for NetworkPolicies blocking egress traffic kubectl get networkpolicies -n # 4. Verify database credentials and configuration kubectl describe pod | grep -A5 "Environment" If DNS resolution fails, CoreDNS may be misconfigured. If connectivity times out, check for NetworkPolicies or cloud-level firewall rules blocking outbound traffic.

182

Explain the concept of a pool in AKS.

Reference answer

In an AKS node, a pool is a group of nodes or virtual machines within a cluster that share configuration settings. It enables resource optimization, scalability, availability, fault tolerance, and cost management.

183

Describe the concept of blue/green deployment in Kubernetes and its advantages over traditional deployment methods?

Reference answer

Involves running two identical environments, one with the last version (blue) and one with the new version (green). Traffic is switched from blue to green once the new version is fully tested, reducing risk.

184

Why do you need on-premises to run the Kubernetes architecture? Explain Azure Kubernetes Service (AKS) and its key features.

Reference answer

AKS is a managed service provided by Azure that helps in the deployment, managing, and scaling of containerized applications using Kubernetes. A few features of AKS are: - Scalability: AKS enable auto-scaling of applications by dynamic adjustment of the containers. - Integration: It seamlessly integrates with other Azure Container services namely Azure Monitor, Azure Active Directory, Azure Policy, and so on. - Hybrid Cloud Support: AKS supports hybrid cloud scenarios, allowing both on-premises and Azure cloud deployments. - Cost Efficient: AKS has a pay-as-you-go policy that only asks for the cost of the services utilized.

185

What is a Feature Gate in Kubernetes?

Reference answer

- Enables/disables optional or experimental features. - Example: --feature-gates=EphemeralContainers=true - Set via flags in components like API Server, Kubelet, etc.

186

What are Kubernetes StatefulSets?

Reference answer

StatefulSets manage the deployment and scaling of a set of Pods with unique, persistent identities and stable network identities. They are used for stateful applications that require persistent storage, ordered deployment, and scaling. Features of StatefulSets: - Stable, unique Pod identifiers: Each Pod gets a unique, stable network identity. - Ordered, graceful deployment and scaling: Pods are deployed and scaled in a specific order. - Persistent storage: Each Pod gets its own PersistentVolumeClaim. Use cases include databases, distributed systems, and applications requiring stable network IDs. Example of a StatefulSet configuration: ```yaml apiVersion: apps/v1 kind: StatefulSet metadata: name: web spec: serviceName: "nginx" replicas: 3 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx volumeMounts: - name: www mountPath: /usr/share/nginx/html volumeClaimTemplates: - metadata: name: www spec: accessModes: [ "ReadWriteOnce" ] resources: requests: storage: 1Gi ```

187

How does Kubernetes handle zero-downtime deployments, and what are the key considerations for achieving them?

Reference answer

Kubernetes achieves zero-downtime deployments primarily through RollingUpdates and readiness probes that ensure traffic only goes to ready pods. Key considerations include proper health checks, resource allocation, and rollout strategy configuration.

188

Describe the role of a Proxy in Kubernetes.

Reference answer

One essential Kubernetes agent that exists on every cluster node is called Kube-Proxy. Its primary function is to keep track of modifications made to the Service of objects and the endpoints that correspond to them. It then changes these modifications into actual network rules that are implemented into the node.

189

What is a container?

Reference answer

A container is a lightweight, standalone, executable software package that includes everything needed to run an application, including code, runtime, system tools, libraries, and settings.

190

How can an organization enhance the efficiency of its technical operations and keep costs low using Kubernetes?

Reference answer

Using Kubernetes to keep costs low and enhance efficiency: By automating deployment, scaling, and management processes, Kubernetes reduces the need for manual oversight and helps utilize infrastructure more effectively, cutting down unnecessary expenses.

191

What are K8s?

Reference answer

K8s is shorthand for Kubernetes, an open-source platform that automates running containerized applications.

192

What is Container Orchestration and how does it work in Kubernetes?

Reference answer

Container orchestration is the process of managing a group of containers as a single entity. Container orchestration systems, like Kubernetes, allow you to deploy and manage containers across a cluster of nodes. This provides a higher-level of abstraction and makes it easier to manage and scale your applications. Kubernetes supports features for container orchestration, including: – Creating and managing containers – Configuring and managing networking – Configuring and managing storage – Booting and managing VMs – Deploying applications – Managing workloads – Accessing logs and monitoring resources – Configuring security and authentication

193

How do you monitor the health of a Kubernetes cluster?

Reference answer

Health monitoring can be achieved using tools like Prometheus for metrics collection and Grafana for metrics visualization. Additionally, Kubernetes provides readiness and liveness probes to monitor the health of your applications.

194

What is Kubernetes?

Reference answer

Kubernetes is an open-source container orchestration platform that automates the deployment, scaling, and management of applications.

195

What is a NetworkPolicy?

Reference answer

A NetworkPolicy controls traffic flow to and from Pods, essentially a firewall at the Pod level. By default, Kubernetes allows all traffic between all Pods. Once you apply a NetworkPolicy, only explicitly allowed traffic passes through. Here's a policy that allows incoming traffic only from Pods with the label app: frontend : apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-frontend-only namespace: production spec: podSelector: matchLabels: app: backend policyTypes: - Ingress ingress: - from: - podSelector: matchLabels: app: frontend ports: - protocol: TCP port: 80 NetworkPolicies are only enforced if the cluster's CNI plugin supports them. Plugins like Calico and Cilium fully support NetworkPolicy, while simpler plugins like kubenet do not, meaning policies will have no effect unless a compatible CNI is used.

196

What are QoS classes?

Reference answer

This is usually a follow-up to questions about requests and limits, as Kubernetes automatically assigns a Quality of Service class to each pod based on how those values are configured. The default QoS class is BestEffort, which is assigned when a pod has no requests or limits set at all. This is the lowest priority class. Other classes include: The QoS class matters most during node pressure events. When a node starts running out of memory, Kubernetes decides which pods to evict first. BestEffort pods are evicted first, then Burstable, and Guaranteed pods are evicted last. Understanding this helps you make informed decisions about how to configure requests and limits for workloads of different importance.

197

What is a pod in Kubernetes?

Reference answer

A pod is the smallest deployable unit in Kubernetes. It holds one or more containers operating in the same network namespace, sharing storage and networking resources such as a single IP address, allowing tightly coupled containers to run together. The main container is where your application lives. Pods support two additional container types: An init container runs before the main container starts, handling setup tasks like checking dependencies. A sidecar container runs alongside the main container, handling supporting tasks like logging or proxying without touching the main application.

198

How do Kubernetes Services work?

Reference answer

Services are the main component of Kubernetes networking. They provide stable network identifiers that can be resolved through the cluster DNS system. Requests handled by Services will be directed to any available Pod replica that meets the Service's selection criteria, such as having a specific label attached. Several types of Service are supported for different use cases: for example, ClusterIP is the primary service type used for cluster-internal networking, while LoadBalancer makes Pods accessible from outside the Kubernetes cluster.

199

How can data migration be achieved in Kubernetes?

Reference answer

Data migration can be achieved by exporting data from one cluster, transferring it to the target cluster, and importing it using tools like Kubectl or Velero.

200

What is Kubernetes networking, and how does it work?

Reference answer

Kubernetes networking allows for communication between Pods, Services, and external clients. It follows a flat networking structure, meaning that, by default, all Pods can communicate with each other. Key networking concepts in Kubernetes include: - Pod-to-pod communication: Each Pod gets a unique IP assigned and can communicate within the cluster. - Service-to-pod communication: Services provide a stable network endpoint for a group of Pods, as Pods are ephemeral. Each pod gets a new IP assigned every time it is created. - Ingress controllers: Manage external HTTP/HTTPS traffic. - Network policies: Define rules to restrict or allow communication between Pods.

DON'T WANT TO MISS A THING?

Latest Cisco, PMP, AWS, CompTIA, Microsoft Materials on SALE
Get Now

Common Kubernetes Admin Interview Questions to Know | SPOTO

Earn a certification to make your resume stand out.

DON'T WANT TO MISS A THING?

Latest Cisco, PMP, AWS, CompTIA, Microsoft Materials on SALE Get Now

Common Kubernetes Admin Interview Questions to Know | SPOTO

Earn a certification to make your resume stand out.

Latest Cisco, PMP, AWS, CompTIA, Microsoft Materials on SALE
Get Now