Typical Kubernetes Administrator Interview Questions

1

Explain Multi-container pod patterns.

Reference answer

There are three main multi-container pod patterns that we use: With adapter multi-container pod pattern - restructuring of the application's file is performed by the adapter container. With ambassador multi-container pod pattern we leverage a proxy to connect other containers with a port on localhost. With sidecar multi-container pod pattern, a helper container isn't required to ensure that the main container work.

2

What is the role of the Kubernetes Master?

Reference answer

The Kubernetes Master, or Control Plane, is responsible for managing the cluster state and coordinating operations. It includes components like the API server, etcd, scheduler, and controller manager.

3

How do you expose a Deployment as a Service in Kubernetes?

Reference answer

We can expose a Deployment by creating a Service resource and specifying the selector to target the Pods belonging to the Deployment.

4

How do containers within a pod communicate with each other?

Reference answer

Communication between pods is different. Each pod gets its own unique IP address, and pods can reach each other directly using those IPs without NAT (Network Address Translation). This is a core requirement of the Kubernetes networking model: every pod must be able to communicate with every other pod across the cluster using its real IP address. However, Kubernetes itself does not implement this networking. Instead, it delegates that responsibility to a CNI (Container Network Interface) plugin. The CNI is a standard that defines how networking should be configured for containers, and the actual implementation is handled by a plugin you install on the cluster. Common examples include: - Calico: Widely used, supports network policies for controlling traffic between pods. - Flannel: A simpler option that provides basic overlay networking. - Cilium: Uses eBPF for high-performance networking and advanced observability. Without a CNI plugin, pods on different nodes would have no way to reach each other. The plugin is responsible for assigning IP addresses to pods, setting up routes between nodes, and ensuring that the flat networking model Kubernetes expects is actually in place. Understanding the role of the CNI shows the interviewer that you know Kubernetes defines the rules for networking, but relies on external components to enforce them.

5

For a LoadBalancer type service, how does the cloud provider handle external traffic?

Reference answer

For a LoadBalancer type service, the cloud provider provisions a load balancer that forwards external traffic to the NodePorts on the cluster nodes where the service is running.

6

What is Kubernetes?

Reference answer

Kubernetes is an open-source platform for automating the deployment, scaling, and management of containerized workloads and services. It groups containers into logical units for easy management and discovery.

7

What are the advantages of using AKS for deploying containerized applications compared to managing your own Kubernetes cluster?

Reference answer

Azure Kubernetes Service (AKS) dramatically reduces the operational overhead of managing a “vanilla” cluster. - Managed Control Plane: Microsoft handles the API server and etcd patching, scaling, and backups for free; you only pay for worker nodes. - Ecosystem Integration: It seamlessly integrates with Azure Active Directory (RBAC), Azure Monitor, and Azure Policy. - Automation: It features built-in node auto-repair and one-click Kubernetes version upgrades. - Elasticity: The built-in Cluster Autoscaler dynamically adds or removes worker nodes based on real-time traffic demands. The advantages of using AKs are: - Managed Services: AKS is entirely managed by Azure, which means the services are taken care of by Azure services along with scaling, upgrading, and maintaining the Kubernetes cluster. - Simple Operations: AKS eases operations such as cluster provisioning, node scaling, and cluster upgrades. - Build-in Availability: AKS ensures high availability features such as automatic node repair and multiple availability zone support.

8

Define the Google Container Engine.

Reference answer

The Google Container Engine can be defined as the Open-source manager for Docker and the related clusters. The GKE or Google Container Engine is basically an engine that supports clusters that run in the public cloud services of Google.

9

What are the main differences between Kubernetes and Docker Swarm?

Reference answer

The native and open-source orchestration platform for grouping and organizing Docker containers is called Docker Swarm. Here are several ways that Swarm varies from Kubernetes: - First off, Kubernetes is more complex to set up but guarantees a strong cluster, and Docker Swarm is simpler to set up but lacks a robust cluster. - Second, although Docker scaling is five times faster, Docker Swarm, including Kubernetes, does not offer auto-scaling. - Next, although Kubernetes offers a graphical user interface (GUI) in the form of a dashboard, Docker Swarm does not. - In a cluster, Docker Swarm automatically distributes traffic amongst containers, while Kubernetes necessitates human involvement.

10

What is a Kubernetes deployment?

Reference answer

A Kubernetes deployment defines a desired state for a group of replicas of a pod, and manages the rollout and rollback of updates to the pod replicas.

11

Explain the concept of Ingress

Reference answer

Ingress is a Kubernetes API object that manages external access to services, typically via HTTP/HTTPS. Instead of exposing services with LoadBalancer or NodePort, Ingress routes traffic based on hostnames, paths, or TLS settings. Share an example use case, such as how a single Ingress controller (e.g., Nginx, Traefik) can manage traffic for multiple services and what rules you'd use.

12

What is Kubernetes gateway?

Reference answer

Kubernetes gateway is a network entry point that manages incoming and outgoing traffic for a service mesh.

13

In what ways can Kubernetes be paired with a CI/CD pipeline?

Reference answer

Kubernetes could be paired with the CI/CD pipelines with the assistance of Jenkins, GitLab CI/CD, and ArgoCD. The pipeline constructs a new container image, uploads it to a registry, and then uses kubectl or Helm to deploy it on Kubernetes.

14

How do you implement high availability in Kubernetes?

Reference answer

High availability is essential to avoid downtime of applications running in your Kubernetes cluster. You can ensure high availability by: - Using multiple control plane nodes. Multiple API servers prevent downtime if one fails. - Enabling the cluster autoscaler. This automatically adds/removes nodes based on demand.

15

How can Kubernetes help with workload distribution optimization?

Reference answer

Kubernetes automatically places containers based on their resource requirements and other constraints, while also balancing loads effectively across the cluster for optimal performance.

16

Discuss Kubernetes Deployments and ReplicaSets?

Reference answer

Deployments in Kubernetes provide declarative updates to applications, managing the deployment lifecycle. ReplicaSets, a part of Deployments, ensures the specified number of replicas are running at all times. This abstraction simplifies scaling, rolling updates, and rollback procedures, enhancing the overall efficiency of application management.

17

What is a kubelet?

Reference answer

Kubelet as the lowest-level component in Kubernetes. It is responsible for making the individual machines run. The sole purpose of a kubelet is that in a given set of containers, it has to ensure that they are all running.

18

How would you troubleshoot the issue if a pod is running but not reachable from a service?

Reference answer

Bonus question for practice. Troubleshoot by verifying service selectors and pod labels, checking endpoints, testing connectivity with curl, and reviewing network policies.

19

What is the Gateway API, and how is it different from Ingress?

Reference answer

The Gateway API is the successor to Ingress, designed to fix its limitations. While Ingress handles basic HTTP routing, the Gateway API supports TCP, UDP, gRPC, and TLS natively. The biggest structural difference is role separation. Ingress puts everything in one resource. The Gateway API splits responsibilities across three: - GatewayClass — defines the infrastructure provider (managed by cluster operators) - Gateway — defines the listener configuration like ports and TLS (managed by platform teams) - HTTPRoute — defines the actual routing rules (managed by application developers) apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: my-app-route spec: parentRefs: - name: my-gateway hostnames: - "app.example.com" rules: - matches: - path: type: PathPrefix value: /api backendRefs: - name: api-service port: 80 - matches: - path: type: PathPrefix value: / backendRefs: - name: frontend-service port: 80 This separation means a platform team can manage TLS and infrastructure without application developers needing to touch those configs. The core Gateway API resources reached GA in v1.0 (2023), and adoption is growing across major ingress controllers like NGINX, Envoy, and Istio.

20

Cluster resources are exhausted, causing new Pods to remain in a pending state: "New pods stay in the state Pending. Looking deeper into the pods, we see that the message “0/3 nodes are available: insufficient CPU and memory”. How do you go about debugging and solving the problem?"

Reference answer

Steps to approach the problem: 1. Check cluster resource availability. Look for high CPU/memory usage that prevents scheduling. kubectl describe node kubectl top nodes 2. Check which Pods are consuming the most resources. Set resources and limits for Pods to ensure they are not over-consuming. You can also enforce that for all namespaces in the cluster. kubectl top pods --all-namespaces 3. Scale down non-essential workloads to free up resources. kubectl scale deployment --replicas=0 4. Increase available nodes to increase cluster resources. You can also add more nodes to the cluster autoscaler if one is used.

21

Can you provide a YAML example of a rolling update in Kubernetes?

Reference answer

Here is the Kubernetes YAML code: apiVersion: apps/v1 kind: Deployment metadata: name: my-app spec: replicas: 3 strategy: rollingUpdate: maxUnavailable: 2 maxSurge: 1 type: RollingUpdate selector: matchLabels: app: my-app template: metadata: labels: app: my-app spec: containers: - name: my-app-container image: my-app:v2 readinessProbe: httpGet: path: /ready port: 8080 livenessProbe: httpGet: path: /live port: 8080

22

Explain the concept of Resource Quotas in Kubernetes.

Reference answer

Resource Quotas are a tool in Kubernetes that administrators use to limit the aggregate resource consumption in a namespace. This prevents one part of the cluster from using more than its fair share of resources and helps in multi-tenant environments by ensuring equitable resource allocation.

23

How to fix a CrashLoopBackOff in Kubernetes?

Reference answer

A CrashLoopBackOff indicates a Pod is repeatedly crashing and restarting with an exponential delay. To resolve it: - Check App Logs: Run kubectl logs to identify application-level crashes (e.g., missing dependencies). - Check Previous Logs: Run kubectl logs –previous to see the exact fatal error that killed the prior instance. - Inspect Events: Run kubectl describe pod and scroll to “Events” to spot system-level issues, such as failed Liveness Probes or missing Secrets.

24

List out the ways to increase Kubernetes security.

Reference answer

Increasing Kubernetes security is crucial to protect your cluster, applications, and sensitive data from potential threats and unauthorized access. Here are several essential practices and measures to enhance Kubernetes security:

25

How does Kubernetes handle resource limits and requests?

Reference answer

Kubernetes allows you to set resource requests and limits for Pods to ensure fair allocation and avoid the overuse of cluster resources. - Requests are the minimum amount of CPU and memory a Pod needs. They are permanently assigned to a Pod. - Limits are the maximum a Pod can use. They are not assigned to the Pod, but if it requires more resources, it can grow until the limit is reached. Example YAML Pod definition that sets resource requests and limits: apiVersion: v1 kind: Pod metadata: name: resource-limited-pod spec: containers: - name: my-container image: nginx resources: requests: memory: "256Mi" cpu: "250m" limits: memory: "512Mi" cpu: "500m"

26

How to turn the service defined below in the spec into an external one? spec: selector: app: some-app ports: - protocol: UDP port: 8080 targetPort: 8080

Reference answer

Explanation - Adding type: LoadBalancer and nodePort as follows: spec: selector: app: some-app type: LoadBalancer ports: - protocol: UDP port: 8080 targetPort: 8080 nodePort: 32412

27

How do you manage resource requests and limits in Kubernetes?

Reference answer

Kubernetes provides several mechanisms for managing resource requests and limits, including Pod resource requests and limits, and the Kubernetes Horizontal Pod Autoscaler.

28

What is a Kubernetes namespace?

Reference answer

The Kubernetes namespace is used in the environment wherein we have multiple users spread in the geographically vast areas and working on multiple projects. What the namespace does is dividing the cluster resources between multiple users.

29

How would you use init containers?

Reference answer

To perform setup tasks (like seeding a database) before the main container runs.

30

List some recommended security measures for Kubernetes.

Reference answer

Below are some recommended security measures for Kubernetes: - Enable Role-Based Access Control (RBAC) - Keep Kubernetes up to date - Use API authentication - Restrict SSH access - Protect ETCD with TLS and Firewall - Isolate Kubernetes Nodes - Implementing a pod security policy - Turn on Audit Logging - Implement Network Segmentation - Ensure that the kube-dashboard applies a restrictive RBAC policy - Use images from repositories that are authorized - Conduct security and vulnerability scanning regularly

31

How do you implement fine-grained access control using RBAC in Kubernetes?

Reference answer

Role-based access control (RBAC) controls who can do what inside your cluster. You define permissions through a Role or ClusterRole, then attach it to a user, group, or service account using a RoleBinding or ClusterRoleBinding. A Role works within one namespace. A ClusterRole covers the entire cluster. Once you decide which fits, write the permissions and bind them to whoever needs access. First, define the Role: Next, bind it using a RoleBinding:

32

What is a Service in Kubernetes?

Reference answer

A Service provides a stable endpoint for accessing a group of Pods, enabling load balancing and exposing the Pods to the network.

33

What is a Kubernetes cluster?

Reference answer

A Kubernetes cluster is a set of nodes that run containerized applications managed by the Kubernetes control plane.

34

What are taints and tolerations in Kubernetes?

Reference answer

Taints and tolerations work together to ensure that Pods are not scheduled onto inappropriate nodes. - Taints are applied to nodes and prevent Pods from being scheduled unless the Pod has a matching toleration. - Tolerations are applied to Pods and allow them to be scheduled on nodes with matching taints. This mechanism is useful for isolating certain workloads, controlling resource allocation, and ensuring critical applications run on dedicated hardware.

35

What is Kube-apiserver and what's the role of it?

Reference answer

The Kubernetes apiserver is a critical part of a Kubernetes deployment. The apiserver provides a REST API for managing Kubernetes resources. It also provides authentication and authorization for accessing those resources. The apiserver must be secured to prevent unauthorized access to Kubernetes resources. Use role-based access control to restrict access to specific resources.

36

Name three typical Pod error causes and how they can be fixed.

Reference answer

Pods can get stuck in Pending, CrashLoopBackOff, or ImagePullBackOff states: - Pod stuck in Pending: Check node availability and resource limits. You can check the events of the Pod for further information. - CrashLoopBackOff: Investigate app logs and check misconfigurations. - ImagePullBackOff: Ensure the correct image name and pull credentials. Again, investigate the Pod's events for further information. You can check the events of the Pod using the describe command: kubectl describe pod

37

What are the core concepts related to Pods in Kubernetes?

Reference answer

Core Concepts: Deployments, Replication Controllers, and ReplicaSets ensure that a specific number of replicas for the Pod are running at all times.

38

What is the CKA exam?

Reference answer

The CKA exam is the Certified Kubernetes Administrator exam offered by the CNCF (Cloud Native Computing Foundation). It validates the skills and knowledge required to administer Kubernetes clusters.

39

What is a Namespace in Kubernetes?

Reference answer

Namespaces are a way to logically group objects in Kubernetes. By default, Kubernetes has a single namespace. Objects in different namespaces can have different security contexts and can be managed independently.

40

How do you implement Kubernetes cluster multi-tenancy?

Reference answer

Multi-tenancy is quite important if you are setting up Kubernetes for your company. It allows multiple teams or applications to share a Kubernetes cluster securely without interfering with each other. There are two types of multi-tenancy: - Soft multi-tenancy: Uses Namespaces, RBAC, and NetworkPolicies to isolate on the namespace level. - Hard multi-tenancy: Uses virtual clusters or separate control planes to isolate a physical cluster (e.g., KCP).

41

What is Kubernetes?

Reference answer

Kubernetes is an open-source container orchestration platform. It was developed by Google and was donated to the Cloud Native Computing Foundation (CNCF) in 2015.

42

What are Namespaces in Kubernetes and why are they used?

Reference answer

Kubernetes uses Namespaces to create separate virtual clusters on top of a physical cluster. This enables multi-tenancy, providing a powerful way to manage diverse workloads efficiently. - Resource Isolation: Namespaces offer a level of separation, ensuring resources like pods, services, and persistent volumes are distinct to a Namespace. - Network Isolation: Each Namespace has its IP, enabling isolated network policies and container-to-container communication. - Multi-Environment Segregation: Namespaces can delineate development, testing, and staging environments. - Multi-Tenancy: Namespaces allow multiple teams to work independently in the same cluster. - Client Isolation: Service objects in a Namespace are only visible to clients in the same Namespace, providing clear-cut network boundaries. - Resource Quotas: Namespaces help establish quotas to govern resource consumption for projects or teams. - Limit Ranges: Namespaces can define minimum and maximum limitations on resource memory and CPU for each container. - Ingress Configuration: Namespaces assist in external-to-internal network mapping and traffic routing. - IP Management: Each Namespace can have distinct IP ranges to uniquely identify services and pods.

43

How to set a static IP for Kubernetes load balancer?

Reference answer

Kubernetes Master assigns a new IP address. You can set a static IP for the Kubernetes load balancer by changing the DNS records whenever the Kubernetes Master assigns a new IP address.

44

How does Kubernetes handle container networking?

Reference answer

Kubernetes provides a flat network space where every Pod gets its own IP address. Communication between Pods is enabled by network plugins (CNI). Services provide stable IPs for accessing groups of Pods.

45

What are common challenges faced during Kubernetes deployments, and how can they be addressed?

Reference answer

Issues include image pull errors, resource limits, and security context problems. Address these by using proper tags, adequately setting limits, and ensuring correct permissions.

46

What is a Kubernetes network policy? How does it work?

Reference answer

A Kubernetes network policy is a specification that defines how groups of pods can communicate with each other and with the outside world. It is used to enforce network traffic rules that restrict access to pods based on their labels or namespaces. Network policies use selectors and rules to allow or deny incoming or outgoing traffic between pods.

47

What are the approaches to managing Rollbacks with Kubernetes CI/CD?

Reference answer

Rollbacks could be conducted by: - Execute kubectl rollout undo deployment for reverting a deployment to an earlier version. - Helm rollback command if the application was deployed using Helm. - Using GitOps tools such as ArgoCD in order to revert to the last known good state using Git.

48

What is Kubectl?

Reference answer

Kubectl is a Kubernetes command-line tool that is used for deploying and managing applications on Kubernetes. Kubectl is especially useful for inspecting the cluster resources and for creating, updating, and deleting the components.

49

What is Kubernetes, exactly?

Reference answer

The purpose of Kubernetes is to make it easier to organize and schedule your application across a fleet of machines. At a high level it is an operating system for your cluster. Basically, it allows you to not worry about what specific machine in your datacenter each application runs on. Additionally it provides generic primitives for health checking and replicating your application across these machines, as well as services for wiring your application into micro-services so that each layer in your application is decoupled from other layers so that you can scale/update/maintain them independently.

50

What is a Kubernetes Admission Controller?

Reference answer

Admission Controllers are plugins that govern and enforce how the cluster is configured. They intercept requests to the Kubernetes API server before objects are persisted in etcd, allowing them to validate, modify, or reject API requests. Examples include: - NamespaceLifecycle: Manages the lifecycle of namespaces. - ResourceQuota: Enforces resource quotas in a namespace. - PodSecurityPolicy: Controls security aspects of the Pod specification. - ValidatingAdmissionWebhook and MutatingAdmissionWebhook: Allow for custom validation and mutation using webhooks.

51

Can you explain what happens during a rolling update in Kubernetes?

Reference answer

During a rolling update, Kubernetes incrementally replaces instances of the old version of a pod with the new version without downtime. It ensures that the application remains available by carefully managing the deployment of new pods and the termination of old pods.

52

Which tools does Kubernetes use to do container monitoring?

Reference answer

Kubernetes integrates with tools that collect metrics, gather logs, and track cluster health. It integrates with metrics tools like Prometheus to measure CPU, memory, and workload performance, while dashboards such as Grafana help visualize that data. For logging, tools like Fluentd, Elasticsearch, or Loki are used to collect and centralize application and system logs.

53

How does Kubernetes handle logging and monitoring?

Reference answer

Kubernetes does not handle logging and monitoring directly but provides mechanisms to collect logs and metrics from containers. Key strategies include: - Logging: Use logging agents like Fluentd, Logstash, or Fluent Bit to collect logs from containers and nodes and send them to storage solutions like Elasticsearch, or cloud services like AWS CloudWatch or Google Stackdriver. - Monitoring: Use monitoring tools like Prometheus, which scrapes metrics from Kubernetes and other services. Combine with Grafana for visualization. Metrics Server is also used for resource usage metrics (CPU, memory) within the cluster. - Cluster-level logging: Configure logging at the cluster level to capture logs from all nodes and Pods. - Sidecar logging: Use a sidecar container within Pods to collect logs and send them to a central logging service. Example configuration for deploying Prometheus: kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/main/bundle.yaml Example configuration for deploying Fluentd as a DaemonSet: apiVersion: apps/v1 kind: DaemonSet metadata: name: fluentd namespace: kube-system spec: template: spec: containers: - name: fluentd image: fluent/fluentd-kubernetes-daemonset

54

What are Liveness, Readiness, and Startup Probes? Write a YAML snippet for a Readiness probe.

Reference answer

Probes are diagnostic checks performed by the Kubelet to determine a Pod's health: - Liveness Probe: Checks if the container is deadlocked. If it fails, Kubelet automatically restarts the container. - Readiness Probe: Checks if the app is fully initialized and ready to accept traffic. If it fails, the Pod is removed from the Service load balancer. - Startup Probe: Used for slow-starting legacy apps, disabling the other probes until the app successfully starts. readinessProbe: httpGet: path: /healthz port: 8080 initialDelaySeconds: 5 periodSeconds: 10

55

What you understand by LimitRange

Reference answer

LimitRange in Kubernetes acts like a set of rules for resource usage within a namespace, providing defaults and constraints for pods and containers. It ensures fair resource allocation, prevents resource abuse, and helps maintain stability and efficiency in the Kubernetes cluster. apiVersion: v1 kind: LimitRange metadata: name: example-limit-range spec: limits: - type: Container max: memory: 1Gi # Maximum memory limit per container cpu: 500m # Maximum CPU limit per container (500 millicores) default: memory: 512Mi # Default memory request per container cpu: 250m # Default CPU request per container (250 millicores) kubectl apply -f limit-range.yaml

56

What is Kubernetes, and why is it used?

Reference answer

Kubernetes, also known as K8s, is an open-source container orchestration platform for deploying, managing, and scaling containerized applications. Instead of manually juggling containers across servers, Kubernetes automates scheduling, improves scaling, and keeps your applications running. Developers use Kubernetes to prevent downtime and handle complex processes such as rolling updates, service discovery, and fault tolerance, so you can focus on building features rather than firefighting infrastructure.

57

What are Kubernetes Volumes?

Reference answer

Kubernetes volumes are storage units attached to Pods. They enable data persistence and sharing in Kubernetes across containers within the same Pod.

58

Explain Master

Reference answer

Master is the central control point that provides a unified view of the cluster. There is a single master node that control multiple minions. Master servers work together to accept user requests, determine the best ways to schedule workload containers, authenticate clients and nodes, adjust cluster-wide networking, and manage scaling and health checking responsibilities

59

How would you troubleshoot issues with Persistent Volumes not being mounted correctly?

Reference answer

Use your understanding of PVC, PV, and storage classes to: - Check the PVC status - Describe the PVC for errors - Verify the storage class - Check the underlying cloud storage. If using AWS, check EBS Attachments, and if using Azure, verify Azure Disk provisioning. - Inspect the pod logs for mount failures - Manually test volume mounting

60

How do you check the status of a deployment rollout in Kubernetes?

Reference answer

When you update a deployment (like changing the image version), Kubernetes performs a rolling update. To monitor this progression in real-time, use the rollout status command: kubectl rollout status deployment/my-deployment This command is crucial for CI/CD pipelines. It blocks the terminal and streams the live status, showing you exactly how many old replicas have been terminated and how many new ones are online. If the rollout gets stuck (e.g., due to a CrashLoopBackOff error), you can easily halt it and use kubectl rollout undo to revert.

61

What's the role of the Kubernetes API server?

Reference answer

- Central control plane entry point. - Authenticates, validates, and persists objects to etcd. - Communicates with all other components (e.g., scheduler, controllers).

62

How would you manage thousands of containers across various nodes in a distributed system using Kubernetes?

Reference answer

The company is using thousands of containers in which numerous tasks run across various nodes in a worldwide distributed system. It will require a platform that can improve their agility, scalability with cloud based applications. This is where that company can use this tool to support multiple containers at single time.

63

Explain Horizontal Pod Autoscaling.

Reference answer

Horizontal Pod Autoscaling (HPA) automatically adjusts the number of Pod replicas in a Deployment or StatefulSet based on observed metrics, most commonly average CPU utilization or memory, to handle fluctuating load.

64

What are ConfigMaps and Secrets in Kubernetes, and how do they differ?

Reference answer

ConfigMaps and Secrets are Kubernetes API objects used to externalize configuration from application code, but they serve distinct purposes: ConfigMap - Stores non-sensitive configuration data as key-value pairs. - Used for environment variables, command-line args, or config files. Secret - Stores sensitive data like passwords, tokens, and SSH keys. - Data is base64-encoded by default (not encrypted). - Supports fine-grained access control via RBAC.

65

How does Kubernetes service discovery work?

Reference answer

Kubernetes ServiceDiscovery works by assigning a unique IP address to each service, and DNS for service to service communication, which can be resolved through the cluster DNS service, enabling pods to communicate with each other.

66

New Pods are stuck in Pending. The message says insufficient CPU and memory. How do you resolve this?

Reference answer

Pending usually means the scheduler can't find a node with enough resources. Work through this systematically, from confirming the cause to freeing up capacity: # 1. Confirm the scheduling issue kubectl describe pod # 2. Check node resource availability kubectl describe nodes | grep -A5 "Allocated resources" kubectl top nodes # 3. Find resource-heavy Pods kubectl top pods --all-namespaces --sort-by=cpu # 4. Scale down non-essential workloads kubectl scale deployment --replicas=0 # 5. Check Cluster Autoscaler (if enabled) kubectl get pods -n kube-system -l app=cluster-autoscaler kubectl logs -n kube-system -l app=cluster-autoscaler

67

What are the different types of services in Kubernetes, and how do they differ?

Reference answer

Kubernetes offers several types of services to abstract and manage network access to a set of pods: - ClusterIP: The default service type, accessible only within the cluster. It exposes the service on a cluster-internal IP, making it reachable only from within the cluster. - NodePort: Exposes the service on a static port on each node's IP. It makes the service accessible from outside the cluster by requesting :. - LoadBalancer: Integrates with cloud provider load balancers to expose the service externally. It automatically creates a load balancer and forwards external traffic to the service. - ExternalName: Maps a service to a DNS name, which acts as an alias for an external service. It does not create a proxy but allows Kubernetes to return a CNAME record with the specified external name. Each service type addresses different use cases, from internal cluster communication to exposing services to external clients.

68

What are Persistent Volumes (PVs) and Persistent Volume Claims (PVCs) in Kubernetes?

Reference answer

Persistent Volumes (PVs) and Persistent Volume Claims (PVCs) are crucial concepts in container orchestration systems like Kubernetes, designed to manage storage in a dynamic and scalable manner. PVs represent the actual storage resources, such as physical disks or network-attached storage, that are available for use within a Kubernetes cluster. They abstract the underlying storage details and provide a standardized interface for applications to request and use storage. PVCs, on the other hand, are requests made by applications or pods for specific amounts and characteristics of storage. They act as a user's request for storage resources from the available PVs. When a PVC is created, Kubernetes matches it to an appropriate PV based on the defined storage class and access mode, ensuring that the application gets the storage it needs without needing to know the specifics of the underlying infrastructure.

69

What are Persistent Volumes (PVs) and Persistent Volume Claims (PVCs)?

Reference answer

Persistent Volumes (PVs) provide storage that persists beyond Pod lifecycles. The PV is a storage piece in the cluster that has been provisioned by a cluster administrator or dynamically provisioned using Storage Classes. A Persistent Volume Claim (PVC) is a request for storage by a user. Here's an example PV and PVC YAML definition: apiVersion: v1 kind: PersistentVolume metadata: name: my-pv spec: capacity: storage: 1Gi accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Retain hostPath: path: "/mnt/data" --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: my-pvc spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi

70

How does Kubernetes compare to Docker Swarm?

Reference answer

Docker Swarm is simpler but less feature-rich. Kubernetes supports advanced scheduling, scaling, service discovery, and has a much larger ecosystem.

71

What is the use of kube-controller-manager?

Reference answer

It is the Kubernetes Controller Manager. The kube-controller-manager is a daemon that embeds the core control loops that regulate the system state, and it is a non-terminating loop.

72

What are the core components for health checking in Kubernetes?

Reference answer

Core Components: Liveness and Readiness probes are used to determine the health of container-based applications. Kubernetes restarts containers that don't pass liveness probes and stops routing traffic to those that don't pass readiness probes.

73

What is Horizontal Pod Autoscaler (HPA), why is it used, and how does it work?

Reference answer

Horizontal Pod Autoscaler (HPA) in Kubernetes automatically scales the number of pods in a deployment or replica set based on observed metrics, such as CPU or custom metrics. It ensures that applications can handle varying loads efficiently by increasing or decreasing pod replicas. HPA is used to maintain application performance and optimize resource usage in dynamic environments. It prevents under-provisioning during traffic spikes and over-provisioning during low-demand periods, which is critical for cost control and system stability. HPA works by periodically querying the Kubernetes Metrics API (typically every 15 seconds) to evaluate resource usage. It compares current usage against target thresholds and adjusts the number of pod replicas accordingly. For example, if the average CPU utilization exceeds a defined limit (e.g., 80%), HPA increases pod count proportionally. It uses a control loop and scaling algorithm to make smooth, proportional adjustments.

74

What is the difference between RoleBinding and ClusterRoleBinding?

Reference answer

RoleBinding and ClusterRoleBinding are both Kubernetes objects that associate roles with subjects, such as users or groups. The main difference between the two is the scope of the permissions they grant. RoleBinding: - RoleBinding is used to bind a role to a specific namespace. - It grants permissions within that namespace only. - It allows you to grant access to resources within a specific namespace. ClusterRoleBinding: - ClusterRoleBinding is used to bind a cluster-wide role to a subject. - It grants permissions across all namespaces in the cluster. - It allows you to grant access to resources across the entire cluster.

75

A pod is evicted with an OOMKilled status. What does this mean and how do you resolve it?

Reference answer

(Out Of Memory) occurs when a container attempts to consume more RAM than allowed by its resources.limits.memory setting. To protect the node, the Linux kernel terminates the process. Resolution: Analyze Limits: Review the deployment YAML. If the memory limit is unreasonably low (e.g., 128Mi), increase it to match the application's actual baseline. Profile the Code: If the limit is already high (e.g., 4Gi), the application likely has a memory leak requiring developer profiling to fix.

76

What is Node Affinity?

Reference answer

Node affinity in Kubernetes is a feature that allows you to influence pod scheduling decisions based on node labels. - RequiredDuringSchedulingIgnoredDuringExecution: Pod will not schedule if not match - Specifies rules considered during pod scheduling. - Pods must be scheduled on nodes that satisfy these rules. - Once scheduled, affinity rules are ignored. apiVersion: v1 kind: Pod metadata: name: required-node-affinity-pod spec: containers: - name: nginx-container image: nginx affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: type operator: In values: - worker 2. PreferredDuringSchedulingIgnoredDuringExecution: Pod can schedule on any node if not match - Specifies preferences for pod scheduling. - Pods prefer nodes that satisfy these rules but can be scheduled elsewhere if needed. - Once scheduled, affinity rules are ignored. apiVersion: v1 kind: Pod metadata: name: preferred-node-affinity-pod spec: containers: - name: nginx-container image: nginx affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 preference: matchExpressions: - key: zone operator: In values: - us-west

77

What is the difference between ConfigMaps and Secrets in Kubernetes?

Reference answer

ConfigMaps store configuration data as key-value pairs, while Secrets store sensitive information like passwords or tokens in an encoded format.

78

Scenario 2-Suppose there is an MNC that has a highly distributed system that comprises a huge variety of data clouds, a large number of employees, and multiple virtual machines. Share your thoughts about how such an MNC can manage consistency in the work with the help of Kubernetes.

Reference answer

In general, there are many IT sectors that introduce numerous containers with multiple tasks that run through numerous nodes all over the world in an evenly distributed manner. As MNCs, they have the power to utilize anything that will supply them with agility, top-notch capabilities, and practices of DevOps the applications based on cloud services. Now they can move forward to schedule architecture and they can also get support for various container formats by using the Kubernetes platform. Ultimately it solves their issue of maintaining work consistency.

79

What is Kubernetes Istio?

Reference answer

Kubernetes Istio is an open-source service mesh that provides traffic management, observability, and security for microservices-based applications.

80

How do you list ConfigMaps and Secrets in a Kubernetes cluster?

Reference answer

You can list these configuration objects using standard kubectl get commands: kubectl get configmaps kubectl get secrets You can also use their shortnames: kubectl get cm and kubectl get secret. The output will display the name, the number of data items (key-value pairs) stored inside, and the age of the object. Note: Listing secrets will not reveal the actual Base64 encoded values. To view the contents, you must describe the specific secret and output it as YAML: kubectl get secret -o yaml.

81

How does Kubernetes interact with GitOps?

Reference answer

Kubernetes and GitOps are often used together, although Kubernetes isn't specifically a GitOps tool. Nonetheless, with declarative configuration at its core, Kubernetes allows you to easily configure your apps using YAML manifests stored in a Git repository. After committing changes to your manifests, you can then use a CI/CD pipeline to apply your new revisions to your cluster. Tools like Argo CD and Flux CD make this even simpler by running an agent inside Kubernetes. The agent continually reconciles your Git repository state to the objects in your cluster.

82

What is a DaemonSet in Kubernetes?

Reference answer

A DaemonSet ensures that all (or some) Nodes run a copy of a Pod. As nodes are added to the cluster, Pods are added to them. As nodes are removed from the cluster, those Pods are garbage collected.

83

Can you provide a YAML example of a ReplicaSet in Kubernetes?

Reference answer

Kubernetes YAML: apiVersion: apps/v1 kind: ReplicaSet metadata: name: av-replicaset labels: tier: frontend spec: replicas: 2 selector: matchLabels: app: availability template: metadata: labels: app: availability spec: containers: - name: av-reporter image: av-reporter:v1 In this example, we ensure that two pods of the av-reporter:v1 image are continuously available, serving as a live status reporter for an availability system.

84

What is the difference between a Kubernetes Daemonset and a Kubernetes Statefulset?

Reference answer

Both Kubernetes Daemonsets and Statefulsets are used to manage pods, but they have different use cases. Daemonsets are used for running pods on every node in a cluster, while Statefulsets are used for deploying stable, ordered pods with unique network identities.

85

How can you debug a slow Kubernetes application?

Reference answer

I would start by checking Pod logs (`kubectl logs`), then inspect events (`kubectl describe pod`), check resource usage (`kubectl top`), verify network connectivity, and ensure Nodes are healthy.

86

What is a LoadBalancer Service type in Kubernetes?

Reference answer

A LoadBalancer Service type automatically provisions an external load balancer (e.g., on cloud providers) and directs traffic to the Pods based on defined rules.

87

How to run a POD on a particular node?

Reference answer

Various methods are available to achieve it. - nodeName: specify the name of a node in POD spec configuration, it will try to run the POD on a specific node. - nodeSelector: Assign a specific label to the node which has special resources and use the same label in POD spec so that POD will run only on that node. - nodeaffinities: required DuringSchedulingIgnoredDuringExecution, preferredDuringSchedulingIgnoredDuringExecution are hard and soft requirements for running the POD on specific nodes. This will be replacing nodeSelector in the future. It depends on the node labels.

88

How does Kubernetes scheduling work?

Reference answer

The scheduler decides which node a pod should run on. When you create a pod, it has no node assigned yet. The scheduler watches for pods in this unscheduled state and checks available CPU, memory, and constraints across all nodes before making a decision. The scheduler logic is a mixture of three phases: filtering, scoring, and binding. Filtering: removes any node that cannot satisfy the pod's requirements, such as not enough CPU, not in a ready state, or wrong taint. Scoring ranks the remaining nodes based on available resources, affinity rules, and other preferences. The pod lands on the highest-scoring node. Binding: assigns the pod to the winning node by updating the API server. The kubelet on that node takes over and starts the pod.

89

What feature do you wish Kubernetes had? And what's most frustrating about using K8s?

Reference answer

YAML complexity and debugging issues can be challenging. Debugging failed deployments often requires checking multiple logs, events, and networking configurations, which can be cumbersome, especially in large-scale environments. You can add, "I found that using tools like Lens, Stern, and kubectl plugins helps streamline troubleshooting." This can demonstrate your awareness of K8s pain points, familiarity with workarounds, and a problem-solving mindset. Continue, "One feature I'd love to see improved is built-in cost visibility and optimization tools. While tools like CloudZero Kubernetes Cost Analysis, Karpenter, OpenCost, and Kubecost exist, a native Kubernetes cost management tool would be a game-changer."

90

List various services available in Kubernetes

Reference answer

Various services available in Kubernetes are 1) Cluster IP service, 2) Load Balancer service, 3) Node Port service, 4) External Name Creation service.

91

What is Helm in Kubernetes?

Reference answer

Helm is a package manager for Kubernetes that allows developers and operators to more easily package, configure, and deploy applications onto Kubernetes clusters.

92

A Pod is consuming excessive resources and impacting other workloads. What do you do?

Reference answer

Start by identifying which Pod is the problem and whether it has resource limits set: # Identify the culprit kubectl top pods --sort-by=memory kubectl describe pod | grep -A5 "Limits" # Check if resource limits are set # If not, add them immediately The immediate fix is adding resource limits to the offending Pod. Longer term, implement LimitRanges (default limits for Pods in a Namespace), ResourceQuotas (cap total Namespace consumption), and consider taints/tolerations to isolate noisy workloads on dedicated nodes.

93

How can an organization enhance the efficiency of its technical operations and keep costs low using Kubernetes?

Reference answer

Kubernetes cuts costs by letting workloads share infrastructure instead of running on dedicated servers. By setting resource requests, limits, and autoscaling, applications use only what they need and adjust as traffic changes. Built-in automation handles deployments and recovery without manual intervention.

94

What is the purpose of a Deployment in Kubernetes?

Reference answer

Deployment is a higher-level resource in Kubernetes that ensures a specified number of Pod replicas are running and handles updates of application code.

95

What are the main components of a Kubernetes cluster, and what are their functions?

Reference answer

The Kubernetes cluster has master nodes that manage the cluster and worker nodes that run the applications. Key components include the API server (processes and validates requests), etcd (stores cluster state), scheduler (assigns work to nodes), controller manager (oversees cluster state), kubelet (manages pod lifecycle on nodes), kube-proxy (handles network communication), and the container runtime (runs containers).

96

What are the key components of a Kubernetes cluster?

Reference answer

- Nodes: Physical or virtual servers that form the worker or master nodes. - May also include additional specialized nodes for storage, networking, or other purposes. - Kubelet: An agent installed on each worker node and helps the node connect with the main control panel. It takes PodSpecs, which define a group of containers that require to be coordinated, and guarantees that the identified containers are running and healthy. - Kube-Proxy: A network agent on each node for managing network connectivity to local deployments. - Control Panel: A collection of critical processes steamy on a cluster's master nodes to regulate the cluster management and API server. - API Server: Resembles the front door to the cluster. All external communications cease here. - Scheduler: Picks the best node for a program to run on. - Controller manager: Monitors the present state of the cluster and attempts to bring it to the desired state. - External Cloud: Offers the physical hardware where your cluster will run.

97

How do you create a Pod in Kubernetes?

Reference answer

Pods can be created using YAML or JSON configuration files that specify the pod's properties such as containers, volumes, and metadata.

98

What do you mean by Minikube?

Reference answer

The Minkube can be defined as the tool that helps to run Kubernetes in a localized manner or locally. This in return leads to running Kubernetes on a virtual machine. Minikube is a tool that enables developers to set up and run a Kubernetes cluster locally on their devices. It simplifies Kubernetes deployment in environments where a full cloud-based cluster isn't needed, allowing easier exploration of functionalities without managing complex infrastructure.

99

Explain the role of a kubelet.

Reference answer

The kubelet is an agent that runs on each node in the cluster. It ensures that containers are running in a Pod.

100

What is container orchestration?

Reference answer

Container orchestration is the automation of components and processes related to running containers. It includes things like configuring and scheduling containers, the availability of containers, allocation of resources between containers, and securing the interaction between containers, among other things.

101

If you have already tainted the master nodes while setting up Kubernetes - how would you define the tolerance for a service?

Reference answer

To define tolerance for a service use taints, tolerations and NodeSelectors. The way to use them would be: To apply taint, run the following command kubectl taint nodes node9 key=value:NoSchedule To apply toleration to a pod, add the following: spec: tolerations:

102

What is a PersistentVolume in Kubernetes?

Reference answer

PersistentVolumes are Kubernetes resources used to abstract underlying storage systems, allowing Pods to request and use persistent storage independently of the underlying infrastructure.

103

What is Kubernetes?

Reference answer

Kubernetes, also known as K8s, is an open-source container orchestration platform that performs different tasks like deployment, scaling, management, and monitoring containerized applications. It eases the management and deployment of the applications in an automated manner. It can manage applications on a cluster of servers on the cloud or on-premise.

104

How can you make it so that a pod runs on a specific node?

Reference answer

Use node affinity. Node affinity is a Kubernetes deployment technique in which a node is assigned an arbitrary label, and then pods are configured to be assigned to that node according to the label created. For example, this following code snippet creates an arbitrary label, nodelocation, and assigns the value usa to the node named worker-01: kubectl label nodes worker-01 nodelocation=usa The manifest file shown below describes a Kubernetes deployment in which all the pods created for the deployment are assigned to any node that has a label with key-value pair nodelocation=usa. apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment labels: app: nginx spec: replicas: 5 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: # bind the pods in the deployment to nodes that have the key-value # pair, nodelocation=usa affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: nodelocation operator: In values: - usa containers: - name: nginx image: nginx:1.14.2 ports: - containerPort: 80 |

105

What is the kubelet in Kubernetes?

Reference answer

The kubelet is an agent that runs on each node and communicates with the Kubernetes API server to manage the container lifecycle.

106

Explain what are some Pods usage patterns?

Reference answer

Pods can be used in two main ways: Pods that run a single container. The simplest and most common Pod pattern is a single container per pod, where the single container represents an entire application. In this case, you can think of a Pod as a wrapper. Pods that run multiple containers that need to work together. Pods with multiple containers are primarily used to support colocated, co-managed programs that need to share resources. These colocated containers might form a single cohesive unit of service—one container serving files from a shared volume while another container refreshes or updates those files. The Pod wraps these containers and storage resources together as a single manageable entity. Each Pod is meant to run a single instance of a given application. If you want to run multiple instances, you should use one Pod for each instance of the application. This is generally referred to as replication. Replicated Pods are created and managed as a group by a controller, such as a Deployment.

107

We need to migrate PostgreSQL to Kubernetes. What's your approach?

Reference answer

First, question whether it should run on Kubernetes at all. Managed database services (RDS, Cloud SQL) avoid significant operational complexity. If the decision is to proceed, then use a StatefulSet with PersistentVolumeClaims, implement a backup strategy, and strongly consider a Kubernetes operator (CloudNativePG or Zalando PostgreSQL Operator) to handle replication, failover, and backups. Plan data migration carefully, test in staging, and have a rollback plan.

108

What is a LoadBalancer in Kubernetes?

Reference answer

This question checks whether you understand how traffic from outside the cluster reaches your applications. We touched on this briefly when discussing Service types, but the interviewer may want you to go deeper. A LoadBalancer is a Service type that provisions an external load balancer, typically through your cloud provider. When you create a Service with type: LoadBalancer, Kubernetes asks the underlying infrastructure (Civo, GCP, Azure, etc.) to spin up a load balancer that routes external traffic to the correct set of pods. Each LoadBalancer Service gets its own external IP address. This works well when you have a small number of services to expose, but it becomes expensive and hard to manage as the number grows. Every service gets a separate load balancer, each with its own IP and associated cloud cost.

109

What is a Kubernetes Operator?

Reference answer

Kubernetes Operators are software extensions that encapsulate operational knowledge for managing complex, stateful applications in Kubernetes, automating tasks such as deployment, scaling, and failure recovery.

110

What is the Kubernetes Ingress resource?

Reference answer

Kubernetes Ingress is an API object that manages external access to services within a cluster, typically HTTP and HTTPS traffic. Ingress provides load balancing, SSL termination, and name-based virtual hosting. - Ingress Controller: A necessary component that implements the Ingress resource, such as NGINX, Traefik, or HAProxy. - Ingress Rules: Define how traffic should be routed to services based on the request host and path. Example of an Ingress configuration: ```yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: my-ingress spec: rules: - host: example.com http: paths: - path: / pathType: Prefix backend: service: name: my-service port: number: 80 tls: - hosts: - example.com secretName: my-tls-secret Deploying the Ingress resource: ```bash kubectl apply -f my-ingress.yaml Ensure the Ingress Controller is deployed in your cluster to handle the Ingress resources.

111

Can you describe the Kubernetes architecture?

Reference answer

Kubernetes architecture is a client-server model consisting of a control plane and a set of worker nodes. The control plane manages the Kubernetes cluster, while worker nodes run the actual application workloads. The control plane includes key components: - API Server: The front end for the Kubernetes control plane, handling all REST requests - Controller Manager: Maintains the desired state by watching resources and triggering actions - Scheduler: Assigns pods to appropriate nodes based on resource availability and constraints - etcd: A consistent, distributed key-value store for all cluster data Each worker node runs: - kubelet: Agent that ensures containers are running as expected on the node - kube-proxy: Manages networking and forwards traffic to the correct pod - Container runtime: Software like containerd or CRI-O that runs containers

112

How can you pause a Deployment rollout in Kubernetes?

Reference answer

You can pause a Deployment rollout in Kubernetes, a container orchestration platform, by updating the Deployment's configuration. To do this, you would use the kubectl command-line tool or edit the Deployment YAML manifest directly. Simply change the desired number of replicas to the current number of replicas. This effectively halts the rollout since the desired state matches the current state. For example, if you have a Deployment with three replicas running, and you want to pause the rollout, you would set the replicas field to 3 in your Deployment YAML file. Once the desired state matches the current state, Kubernetes will stop making changes to the deployment until you decide to resume it by updating the replicas field again or making other necessary changes to the configuration. This approach allows you to control the pace of updates and troubleshoot any issues that may arise during a rollout.

113

What is Horizontal Pod Autoscaling (HPA) in Kubernetes?

Reference answer

Horizontal Pod Autoscaling (HPA) is a crucial feature in Kubernetes, a popular container orchestration platform. It automates the process of adjusting the number of replicas (Pods) for a particular workload or application based on real-time resource utilisation and user-defined metrics. HPA ensures that your applications can efficiently handle varying levels of traffic or workload demands, optimising resource utilisation and ensuring stable performance. HPA operates by continuously monitoring the specified metrics, such as CPU or memory utilisation, for the pods in a deployment or replica set. When these metrics exceed or fall below predefined thresholds, HPA can automatically scale the number of pod replicas up or down. For example, if the CPU usage of a set of pods exceeds a certain percentage, HPA will add more pods to distribute the load, thus preventing performance degradation.

114

What happens when you run kubectl apply -f deployment.yaml ?

Reference answer

This question reveals how well you understand Kubernetes architecture. Here's the chain: kubectl sends the manifest to the API server- The API server authenticates, runs admission controllers, validates, and persists to etcd - The Deployment controller detects the new Deployment and creates a ReplicaSet - The ReplicaSet controller creates Pod objects - The scheduler assigns each Pod to a node - The kubelet on each node pulls the image via containerd and starts the container Each step is a separate reconciliation loop because Kubernetes doesn't have a single monolithic "deploy" command. That declarative, eventually-consistent model is one of the most important concepts to convey in an interview.

115

Suppose a company wants to revise it's deployment methods and wants to build a platform which is much more scalable and responsive. How do you think this company can achieve this to satisfy their customers?

Reference answer

In order to give millions of clients the digital experience they would expect, the company needs a platform that is scalable, and responsive, so that they could quickly get data to the client website. Now, to do this the company should move from their private data centers (if they are using any) to any cloud environment such as AWS. Not only this, but they should also implement the microservice architecture so that they can start using Docker containers. Once they have the base framework ready, then they can start using the best orchestration platform available i.e. Kubernetes. This would enable the teams to be autonomous in building applications and delivering them very quickly.

116

What is the load balancer in Kubernetes?

Reference answer

A load balancer is a software program that evenly distributes network traffic across a group of servers. It is used to improve the performance and availability of applications that run on multiple servers. Specifically, the load balancer in Kubernetes is a component that distributes traffic across nodes in a Kubernetes cluster. It can be used to provide high availability and to optimize resource utilization. Also, the load balancer can help to prevent overloads on individual nodes.

117

You deleted a deployment, but the pods are still running. How?

Reference answer

The ReplicaSet wasn't deleted along with it. If the Deployment was paused or not cleaned up properly, the ReplicaSet keeps maintaining the pods independently.

118

What is the purpose of kubectl?

Reference answer

Kubectl is the primary CLI tool for managing Kubernetes resources and interacting with the cluster. Here are a few common kubectl commands you should be familiar with: kubectl get pods # list all Pods kubectl get services # list all Services kubectl logs # view logs of a Pod kubectl exec -it – /bin/sh # open a shell inside a Pod

119

What are StatefulSets, and when would you use one over a Deployment?

Reference answer

This question checks whether you understand that not all workloads are interchangeable. The interviewer wants to see that you know the difference between applications that can be freely scaled and replaced versus those that need a stable identity and a persistent state. A StatefulSet is a Kubernetes workload controller designed for applications that need to maintain state across restarts or scaling events. Databases are the classic example. Unlike a Deployment, where pods are treated as identical and disposable, a StatefulSet gives each pod a stable, unique identity. This means: - Pods are created and deleted in a predictable order, not all at once. - Each pod gets a persistent hostname that survives rescheduling (for example, mysql-0, mysql-1, mysql-2). - Each pod can be associated with its own dedicated storage that follows it even if it moves to a different node.

120

What is a node in Kubernetes?

Reference answer

A node is a worker machine in the cluster which runs applications using Docker or another container runtime. It's managed by the master components and runs agents like kubelet and kube-proxy.

121

What is a Service Account in Kubernetes?

Reference answer

A Service Account is a specialised type of account used in the context of computer systems and network services. It is primarily employed to enable secure and controlled access to resources and services, typically within a software application or a server environment. Service Accounts are distinct from user accounts in that they are not associated with individual human users but are designed to represent an application, a system process, or a service itself. Service Accounts are used for several essential purposes. They enhance security by reducing the need for human intervention and minimising the risk of unauthorised access. Service Accounts can be granted only the necessary permissions to perform specific tasks, reducing the potential attack surface.

122

Explain the concept of CRDs in Kubernetes?

Reference answer

A Kubernetes custom resource definition lets you extend Kubernetes by creating your own resource types. Instead of being limited to built-in objects like pods or deployments, you define something new that fits your needs. This is the foundation for a Kubernetes operator. An operator uses a CRD to define a custom resource, then watches it and acts on it automatically, the same way Kubernetes manages its own resources. Think of it as teaching Kubernetes a new word. Once you define it, Kubernetes treats it like any other resource; you can create, update, watch, and manage it using the same API and tools.

123

What are the features of Kubernetes?

Reference answer

The features of Kubernetes are: - Automated Scheduling - Self-Healing Capabilities - Automated rollouts & rollback - Horizontal Scaling & Load Balancing - Offers environment consistency for development, testing, and production - Infrastructure is loosely coupled to each component can act as a separate unit - Provides a higher density of resource utilization - Offers enterprise-ready features - Application-centric management - Auto-scalable infrastructure - You can create predictable infrastructure

124

How does Kubernetes manage storage for stateful applications?

Reference answer

It offers a straightforward, standardized way of managing storage systems, making it a great solution for databases and stateful applications.

125

How does Kubernetes' scheduler decide where to place pods?

Reference answer

The scheduler in Kubernetes assigns pods to nodes based on resource requirements, node policies, and scheduling constraints like affinity and anti-affinity. It evaluates the resource needs of each pod and finds a suitable node with sufficient capacity, optimizing resource utilization and fulfilling specific deployment requirements.

126

Which problems does a container orchestration solve?

Reference answer

Containers run in an isolated process (usually in it's own namespace). This means that by default the container will not be aware of other containers. Additionally, it will not be aware of the systems files, network interfaces, and processes. While this can greatly help with portability of the software it does not solve several production issues such as microservices, container discovery, scalability, disaster recovery, or upgrades. Adding a container orchestrator can greatly reduce the complexity in production as these tools are designed to resolve the issues outlined above. For example, Kubernetes is built to allow containers to be linked together, deploy containers across an entire network, scale and load balance the network based on container resource consumption, and allow upgrades of individual containers with no downtime. If you are only running a single container or two containers together you are correct in that an orchestrator may be unnecessary and add unneeded complexity.

127

What is Kubernetes Grafana?

Reference answer

Kubernetes Grafana is an open-source data visualization and analysis tool that provides real-time monitoring and analysis of Kubernetes clusters.

128

What is a Kubernetes custom resource? How does it work?

Reference answer

A Kubernetes custom resource is an extension of the Kubernetes API, providing a way to define and manage custom resources using Kubernetes-compliant tools and APIs. Custom resources can be used to manage applications and resources that are not native to Kubernetes.

129

What is a Namespace in Kubernetes?

Reference answer

Namespaces provide a scope for names, allowing you to partition cluster resources between multiple users and projects, helping manage access and resource allocation.

130

Explain what Kube-proxy does.

Reference answer

Kube-proxy allows you to implement and maintain network rules on Kubernetes nodes.

131

What is a Kubernetes ingress? How is it used?

Reference answer

A Kubernetes ingress is an API object that allows external traffic to be routed to the appropriate Kubernetes services based on the incoming request's URL or host. It is used to expose HTTP and HTTPS routes to the Kubernetes cluster.

132

How does Kubernetes handle load balancing and network traffic routing?

Reference answer

Kubernetes uses a Service object to handle load balancing and network traffic routing. A Service provides a single IP address and DNS name for a set of pods and routes traffic to those pods based on a set of rules defined by the user.

133

What is the exam code for the CKA exam?

Reference answer

The exam code for the CKA exam is CKA.

134

Which three namespaces are available on new clusters?

Reference answer

The following are the three namespaces available on new clusters default: It is the default namespace for objects with no other namespace. This namespace acts as the main target for new user-added resources until alternative namespaces are created. kube-system: It is the namespace for objects created by the Kubernetes system. kube-public: It is globally readable by all users with or without authentication. It helps in exposing any cluster information necessary to bootstrap components. Its public aspect is only a convention and not a requirement.

135

Explain the use of Helm in Kubernetes.

Reference answer

Helm is a package manager for Kubernetes that simplifies the deployment and management of applications. Helm uses charts, which are packages of pre-configured Kubernetes resources. It provides commands for: - Installing: Deploying applications to a Kubernetes cluster. - Upgrading: Updating the versions of applications. - Rolling back: Reverting to previous versions of applications. - Deleting: Removing applications from the cluster. Helm helps manage the complexity of Kubernetes applications by providing reusable templates and a consistent way to handle configuration and lifecycle management.

136

You exposed a pod via NodePort, but it's still unreachable externally. What's likely missing?

Reference answer

The node's firewall or cloud network ACL is probably blocking the assigned port. Kubernetes can expose the port, but the OS or cloud infrastructure will still drop traffic if the port isn't explicitly allowed.

137

Explain the Kubernetes architecture.

Reference answer

The control plane includes the API Server, Scheduler, Controller Manager, and etcd. The worker nodes run kubelet, kube-proxy, and the container runtime.

138

What are the main differences between Kubernetes and Docker?

Reference answer

| Differences | Kubernetes | Docker | | Definitions | It is a container orchestration tool that helps to manage schedule and scale containerized applications. | It is a container runtime technology that helps developers to create, deploy and run containerized applications. | | Architecture | The architecture of this tool includes two main components, known as Worker Node and Master Node. Apart from these components, it has a central control plane that has various in-built elements, such as scheduler, API servers, controller manager, etc. | It has a simple architecture with simple nodes that communicate through the gossip protocol. | | Functionality | This platform provides a number of advanced functionalities and services. For instance, self healing, rolling updates, ingress controllers, health check, replicated, demonsets and statefulsets. | Just like its architecture Docker Swarm offers a simple functionality for container administration and orchestration. It only has one type of service called replicated. | | Installation | It is very complex to set up this tool due to its less intuitive interface. This complexity results in high maintenance and overhead cost. | It is simple to set up this tool as it has a simple and intuitive command-line interface. Additionally, it does not require high maintenance and overhead costs. | | Maturity | This platform has numerous advanced features that help users to perform operations more maturely. It also has rich community support and documentation. | This platform does not have any advanced features, community support and documentation. It can not perform operations better than Kubernetes. |

139

Explain the process of a rolling update in Kubernetes and its benefits?

Reference answer

A rolling update gradually replaces pods of the previous version of an application with pods of the new version. This maintains service availability and allows rollback in case of issues, minimizing the impact on users.

140

Why are network policies crucial in Kubernetes?

Reference answer

This platform is a network-centric platform and requires a secure connection between various entities. That is why network policies are crucial for this platform. These policies are mostly applied on the inter-connection of pods only.

141

What is a StorageClass and how does it enable dynamic provisioning?

Reference answer

A StorageClass eliminates the need for administrators to manually pre-provision Persistent Volumes (PVs). It acts as a storage “profile” (e.g., AWS gp3 for standard SSDs or io1 for high-performance). When a developer creates a PVC referencing a specific StorageClass, Kubernetes automatically provisions the underlying cloud storage block on demand. This Dynamic Provisioning binds a new PV to the claim instantly, saving administrative time and preventing unused storage from sitting idle in your cloud environment.

142

What steps would you take if a node becomes NotReady in a Kubernetes cluster?

Reference answer

- Check the node status - Describe the node for events/logs - Check Kubelet logs for errors - Verify system resource availability - Restart Kubelet - Remove the node from the cluster if it's unresponsive - Scale the cluster up if needed. Cluster Autoscaler may replace the failed node if it's a cloud-based cluster.

143

How to write a Kubernetes scheduler?

Reference answer

While the default kube-scheduler works for most, you can write a Custom Scheduler for highly specialized workloads. To implement one: - Write a program (often in Go) that watches the Kubernetes API for newly created Pods where the schedulerName matches your custom name. - Program your custom logic to find a suitable Node based on your unique business rules (e.g., specific hardware routing, compliance restrictions, or cost-optimization). - Once a Node is selected, your scheduler sends a Binding object back to the API Server, which then commands the Kubelet to start the Pod.

144

What is the purpose of operators?

Reference answer

As compared to stateless applications, achieving desired status changes and upgrades are handled the same way for every replica, managing Kubernetes applications is more challenging. The stateful nature of stateful applications may require different handling for upgrading each replica, as each replica might be in a different state. Therefore, managing stateful applications often requires a human operator. This is supposed to be assisted by Kubernetes Operator. Moreover, this will pave the way for a standard process to be automated across several Kubernetes clusters.

145

Explain the Importance of Etcd in Kubernetes and Discuss What Could Happen in Case of an Etcd Outage?

Reference answer

Etcd is a key-value store for Kubernetes, holding all cluster data. An Etcd outage can lead to a loss of cluster state and configuration, affecting the scheduling and operation of applications within the cluster.

146

What is the role of the kube-apiserver in Kubernetes?

Reference answer

The kube-apiserver serves as the front-end for the Kubernetes control plane and exposes the Kubernetes API, which allows users and external components to interact with the cluster.

147

How does the Container Network Interface (CNI) work in Kubernetes?

Reference answer

The Container Network Interface (CNI) is a standard for connecting containers and pods in Kubernetes with underlying networking hardware. Containers within a Pod share network namespaces, making inter-container communication straightforward. However, Pods require network isolation, which CNI providers, like Calico, address. Kubernetes initiates and manages the CNI connectivity process as follows: - Network Attachment Definitions (NADs): Kubernetes 1.18 and later supports a custom resource called Network Attachment Definitions. This allows operators to specify that a Pod should have a particular network interface. - Multus CNI: This open-source CNI plugin enables Kubernetes Pods to have multiple network interfaces. With Multus, you can use different CNI plugins to assign either overlay or underlay network interfaces to the Pods. - Kubelet Configuration: Kubelet, an essential Kubernetes component on each node, is responsible for integrating CNI providers. Configuration commands, typically introduced in the kubelet.service file, facilitate this compatibility. { "cniConfigFilePath": "/etc/cni/net.d/", "networkPluginName": "cni-type", "featureGates": { "CSIMigration": true, "CSIMigrationAWS": true, "CSIMigrationAzureDisk": true, "CSIMigrationAzureFile": true, "CSIMigrationGCEPD": true, "SupportPodPidsLimit": true } } Here, cniConfigFilePath specifies the path for CNI configuration files, while networkPluginName names the CNI plugin Kubernetes should use. - API Server Triggers: By interacting with the pod lifecycle events, the API server can trigger CNI when pods require network interfaces. - CoreDNS Integration: CoreDNS acts as a plugin for Kubernetes DNS, providing a unified method for service discovery. - Use Throughout the Stack: After establishing a network, CNI serves an essential role in the Kubernetes stack, including in Service and Ingress controller configurations. - DaemonSets: Operators use DaemonSets to run CNI plugins on every Kubernetes node. This ensures network configuration consistency across the cluster. - Namespace Segmentation: Kubernetes frequently utilizes CNI to prevent traffic from leaking between namespaces, ensuring network security. CNI is primarily responsible for performing network segmentation to meet these policy requirements.

148

Difference between LoadBalancer and Ingress in AWS?

Reference answer

- LoadBalancer: Allocates an AWS ELB (Classic/NLB/ALB) per service. - Ingress: Uses a single ALB (via AWS Load Balancer Controller) to route traffic to multiple services.

149

Sidecars—what are they?

Reference answer

Secondary containers that extend functionality, like log shippers or service meshes.

150

What is Kube-apiserver?

Reference answer

Kube-apiserver: This is an API server of this platform and stands as the front-end of the master controller. It follows a scale-out architecture. This API helps to create secured communication between master components and nodes. It also exposes all APIs presented in Kubernetes Master node components.

151

How can an organization enhance the efficiency of its technical operations and keep costs low using Kubernetes?

Reference answer

Kubernetes streamlines deployment and scaling of applications, optimizes resource utilization, and provides robust monitoring tools. This results in reduced overhead, better resource management, and cost savings.

152

What is the difference between a Pod and a Job? Differentiate the answers as with examples)

Reference answer

A Pod always ensure that a container is running whereas the Job ensures that the pods run to its completion. Job is to do a finite task. Examples: $ kubectl run mypod1 --image=nginx --restart=Never $ kubectl run mypod2 --image=nginx --restart=onFailure $ kubectl get pods NAME READY STATUS RESTARTS AGE mypod1 1/1 Running 0 59s $ kubectl get job NAME DESIRED SUCCESSFUL AGE mypod1 1 0 19s

153

What are namespaces in Kubernetes?

Reference answer

In Kubernetes, namespaces are a way to divide cluster resources between multiple users (via resource quotas) or to partition resources within the same user group. They are intended for use in environments with many users spread across multiple teams or projects. Namespaces help in organizing and isolating cluster resources, such as pods, services, and replication controllers, into distinct groups. This allows for better management, segregation, and visibility of resources within the cluster. We can check the resources that can be namespaced using the command below: kubectl api-resources --namespaced=True

154

How would you handle multi-tenancy in a shared cluster?

Reference answer

By using namespaces, resource quotas, network policies, and RBAC to isolate tenants, ensuring security and fair resource distribution.

155

How does Kubernetes manage resource limits and quotas?

Reference answer

Kubernetes manages resource limits and quotas through ResourceQuotas and LimitRanges. ResourceQuotas are applied at the namespace level and ensure that the aggregate resource usage does not exceed specified limits. For example, ResourceQuotas can limit the number of pods, services, or the total amount of CPU and memory used within a namespace. LimitRanges, on the other hand, are used to enforce minimum and maximum resource limits on individual containers within a namespace. They ensure that containers do not exceed defined resource limits, preventing any single container from monopolizing cluster resources. These mechanisms help in resource planning, ensuring fair usage, and preventing resource contention.

156

Explain how GitOps works with Kubernetes.

Reference answer

In GitOps, your desired cluster state lives in a Git repository: Kubernetes manifests, Helm charts, or Kustomize overlays. A GitOps controller (ArgoCD or Flux) running in the cluster continuously reconciles the actual state with what's in Git. Drift gets corrected automatically. Every change has an audit trail, rollbacks are as simple as reverting a commit, and your cluster state is always documented in version control.

157

What are Kubernetes Volumes?

Reference answer

Kubernetes Volumes provide a way for containers in a Pod to access shared storage. Volumes are directory trees accessible to containers in a Pod, and they persist data across container restarts within the Pod. There are several types of volumes, such as: - emptyDir: A temporary directory that exists as long as the Pod is running. - hostPath: Mounts a file or directory from the host node's filesystem into a Pod. - nfs: Mounts an NFS share. - persistentVolumeClaim: Uses a PersistentVolumeClaim to mount a PersistentVolume. - configMap and secret: Mounts a ConfigMap or Secret into a Pod. - awsElasticBlockStore: Mounts an AWS EBS volume. - gcePersistentDisk: Mounts a Google Compute Engine persistent disk.

158

Difference between describe pod and inspect pod

Reference answer

kubectl describe pod provides detailed information about a pod's configuration and status, the term "inspect pod" is used informally to refer to examining or analyzing the pod's characteristics or status using various Kubernetes commands.

159

What is a Kubernetes mutating admission webhook?

Reference answer

A mutating admission webhook intercepts API requests before objects are persisted to etcd and can modify them. Common uses include injecting sidecar containers, setting default resource limits, and enforcing labeling standards. This is how service meshes like Istio automatically inject their Envoy proxy sidecar into every Pod without you modifying your Deployment manifests.

160

What happens when you run kubectl apply -f deployment.yaml?

Reference answer

This question reveals how well you understand Kubernetes architecture. Here's the chain: kubectl sends the manifest to the API server- The API server authenticates, runs admission controllers, validates, and persists to etcd - The Deployment controller detects the new Deployment and creates a ReplicaSet - The ReplicaSet controller creates Pod objects - The scheduler assigns each Pod to a node - The kubelet on each node pulls the image via containerd and starts the container Each step is a separate reconciliation loop because Kubernetes doesn't have a single monolithic "deploy" command. That declarative, eventually-consistent model is one of the most important concepts to convey in an interview.

161

What are the features/benefits of Kubernetes?

Reference answer

Below are some of the features of Kubernetes: Automatic scheduling – Advanced scheduler to launch containers on cluster nodes. Automated rollouts & rollback – Supports rollouts and rollbacks. Horizontal scaling – Scale applications up or down as per requirements. Storage orchestration – Automatically mount the storage system of your choice. Self-healing capabilities – Reschedule, replace, and restart containers that have died or failed. Load balancing – Offers Pods their own IP addresses and a single DNS name for a set of Pods, and can load-balance across them. Secret and configuration management – This lets you store and manage sensitive information Allows you to create predictable infrastructure.

162

StatefulSets vs DaemonSets: When to use each, with real-world examples?

Reference answer

StatefulSets for databases needing persistent identity, DaemonSets for monitoring agents that need to run on every node.

163

A pod with no memory limit defined is still getting OOMKilled. What could be the reason?

Reference answer

Without a memory limit, the pod receives the BestEffort QoS class and can consume unlimited node memory. When the node runs low on memory, the kubelet kills BestEffort pods first to reclaim resources.

164

Describe how the master node works in Kubernetes.

Reference answer

The Kubernetes master node is basically designed to control the master node and each node contains a number of containers. These containers are stored and secured as pods. And further, those pods have the capacity to store multiple containers at a time. All the containers are stored in the pods in accordance with the requirements and certain configurations. Further, when the pods are used they could be organized and deployed with the help of a command-line interface or user interface. The scheduling process of the pods is carried out. The pods are scheduled on the master node according to the requirement of the resource. Ultimately the communication is established between the Kubernetes nodes and master components.

165

How does Kubernetes handle multi-tenancy, and what are the risks?

Reference answer

Multi-tenancy means multiple teams share one cluster. Namespaces provide logical separation, but they don't prevent one team from consuming resources that belong to everyone else. ResourceQuotas solve this by putting a hard cap on what a namespace can use. You define the ceiling for CPU, memory, and pod count, and Kubernetes enforces it. The risk that is often overlooked is at the kernel level. Containers on the same node share the host kernel, so a container escape vulnerability can affect neighboring tenants. For workloads that require stronger isolation, teams use separate node pools or sandboxed runtimes such as gVisor, RBAC, and network policies.

166

How can you get a static IP for a Kubernetes load balancer?

Reference answer

Static IP for a Kubernetes load balancer can be set by configuring the load balancer service with a specific external IP address, if supported by the cloud provider.

167

How can you ensure application scalability in Kubernetes deployments?

Reference answer

Ensure scalability by defining horizontal pod autoscalers, which adjust the number of pod replicas based on CPU usage or other metrics. Also, use resource requests and limits to manage the resource allocation efficiently.

168

What are static pods, and how are they managed?

Reference answer

- Defined in /etc/kubernetes/manifests/ on the node. - Managed directly by the kubelet. - Useful for core components (e.g., local etcd, kube-proxy in custom setups).

169

What is the role of a Kubernetes Scheduler?

Reference answer

The Kubernetes Scheduler is a control plane component responsible for assigning Pods to nodes. It considers various factors such as resource requirements (CPU, memory), quality of service, affinity/anti-affinity rules, data locality, inter-workload interference, and custom scheduling policies. The scheduler ensures that workloads are optimally distributed across the cluster to meet desired performance and resource utilization.

170

What is Kubernetes and what does it do?

Reference answer

Kubernetes is an open-source container management tool that automates the deployment, scaling, and descaling of containers. It was developed by Google based on their experience of running containerized workloads for over 15 years. Kubernetes has become the standard tool for managing containerized applications and has a large and active community contributing to its development.

171

How do applications in Kubernetes accept traffic from clients?

Reference answer

Applications in Kubernetes receive traffic through Services and Ingress Controllers: - ClusterIP (default) caters to internal communication within the cluster. - NodePort exposes a service on a static port (30000-32767) on each node. - LoadBalancer provisions a cloud-based external IP for direct access. - Ingress routes external HTTP/HTTPS traffic using hostnames and paths. Many production environments use Ingress with a LoadBalancer to allow traffic routing to multiple services efficiently.

172

How can you list all deployments in the current namespace?

Reference answer

To view all active deployments within your currently active namespace, you utilize the basic get command. kubectl get deployments This command outputs a highly scannable table detailing critical metrics. You will see the NAME of the deployment, the READY state (showing how many replicas are currently available versus desired), the UP-TO-DATE count (replicas matching the latest desired state), and the AVAILABLE count. If you need to search across all namespaces simultaneously, you can append the –all-namespaces or -A flag to the command.

173

Where is the Kubernetes cluster data stored?

Reference answer

The primary data store of Kubernetes is etcd, which is responsible for storing all Kubernetes cluster data.

174

What is the difference between Deployment and StatefulSet?

Reference answer

Deployments and StatefulSets both manage pod replicas but treat identity and storage differently. A Kubernetes deployment works best for stateless applications like website frontends and REST APIs. Pods can be created or destroyed because nothing depends on local storage. If one crashes, another takes its place, and nobody notices. A StatefulSet is built for stateful applications like databases. Each pod has a unique identity and requires persistent storage that survives restarts. If a database pod is recreated, it comes back with the same name and the same persistent volumes. Without that stability, the database loses track of its whole data. Below is a simple manifest that starts four replicas of pods running the NGINX web server using a Deployment: Here is the equivalent StatefulSet running three MySQL replicas:

175

What are the different types of services in Kubernetes?

Reference answer

Kubernetes provides several types of services to expose applications running on Pods: - ClusterIP: The default type, which exposes the service on a cluster-internal IP. This service is only reachable from within the cluster. - NodePort: Exposes the service on each node's IP at a static port. It is accessible externally using : . - LoadBalancer: Exposes the service externally using a cloud provider's load balancer. It creates a NodePort and ClusterIP service, and then configures the external load balancer to route traffic to those. - ExternalName: Maps a service to a DNS name. It returns a CNAME record with the value provided in the ExternalName field.

176

What is a Helm chart in Kubernetes?

Reference answer

Helm charts are packages of pre-configured Kubernetes resources, used to simplify the deployment and management of complex applications in Kubernetes.

177

What are the main components of the Kubernetes architecture?

Reference answer

The main components include the Control Plane (Master Node) with components like the kube-apiserver, etcd storage, kube-scheduler, kube-controller-manager, and cloud-controller-manager, and the Worker Nodes with kubelet, kube-proxy, and container runtime.

178

What is Minikube?

Reference answer

Minikube is a lightweight, open-source tool that allows you to run a single-node Kubernetes cluster locally on your personal machine (Windows, macOS, or Linux). It is the ultimate sandbox environment for developers. Instead of paying for expensive cloud infrastructure (like AWS EKS or Azure AKS), Minikube runs the control plane and the worker node within a local Virtual Machine (VM) or Docker container.

179

What is CoreDNS? How do you configure and use it?

Reference answer

CoreDNS is the default DNS provider for Kubernetes clusters. It provides service discovery and allows Pods to communicate using internal DNS names instead of IP addresses. Features of CoreDNS: - Handles internal DNS resolution ( my-service.default.svc.cluster.local ). - Supports custom DNS configuration. - Load-balances DNS queries across multiple Pods. - Allows caching for improved performance. You can configure CoreDNS using the ConfigMap stored in the kube-system namespace. You can view the current settings using: kubectl get configmap coredns -n kube-system -o yaml Simply update that ConfigMap and apply the changes to adapt the CoreDNS configuration.

180

How do you configure node affinity?

Reference answer

By defining requiredDuringSchedulingIgnoredDuringExecution rules in a Pod spec to ensure workloads run on specific nodes.

181

How can you handle incoming data from external sources (ingress traffic)?

Reference answer

Ingress is a Kubernetes resource that allows an organization to control how external traffic is routed to and from its services. Ingress resources are defined in a YAML file. An Ingress controller is then deployed to manage the ingress resource. Ingress controllers use the Ingress Resource Definition to determine how to route traffic to services. Ingress controllers can use a variety of methods to route traffic, including: -Using a load balancer -Using a DNS server -Using a path-based routing algorithm

182

Explain the difference between liveness, readiness, and startup probes.

Reference answer

Kubernetes uses three types of probes to check container health, each with a different response when the check fails: | Probe | What It Checks | On Failure | When to Use | |---|---|---|---| | Liveness | Is the container still running correctly? | Restarts the container | Detect deadlocks or hung processes | | Readiness | Can the container handle traffic right now? | Removes Pod from Service endpoints | Graceful load handling during startup or heavy load | | Startup | Has the container finished initializing? | Prevents liveness checks until startup succeeds | Slow-starting apps (JVM, large data loads) | Here's how you'd configure all three on a Pod: apiVersion: v1 kind: Pod metadata: name: health-demo spec: containers: - name: app image: myapp:1.2 livenessProbe: httpGet: path: /healthz port: 8080 periodSeconds: 10 readinessProbe: httpGet: path: /ready port: 8080 periodSeconds: 5 startupProbe: httpGet: path: /healthz port: 8080 failureThreshold: 30 periodSeconds: 10 The key distinction interviewers want to hear: liveness failures kill the container, readiness failures only remove it from traffic rotation. Confusing the two is a common mistake that can cause cascading outages.

183

What is etcd in Kubernetes?

Reference answer

etcd is a distributed, reliable, and highly available key-value store used to store the configuration data for the Kubernetes cluster.

184

What is a node in Kubernetes?

Reference answer

A node is the primary worker machine in the Kubernetes cluster, also known as the minion. It may be a physical or a virtual machine depending on the cluster. It has several components, including a kubelet, container runtime, and Kubernetes components to communicate with the control plane. Nodes can run one or more containers and can be added or removed from the cluster dynamically.

185

When might Kubernetes be overkill?

Reference answer

Kubernetes adds significant operational overhead. If you're running a small team with a few simple services, Docker Compose or a managed service like AWS ECS or Google Cloud Run might be a better fit. Kubernetes shines when you need to manage many services at scale, automate complex deployments, or provide self-service infrastructure for multiple teams. Not every workload needs Kubernetes, and interviewers ask this to see whether you understand trade-offs.

186

How do you back up and restore an etcd cluster in Kubernetes?

Reference answer

It requires the use of etcdctl snapshot save command. This command creates a snapshot of the etcd database, which is a key-value store that holds all of the cluster's state. The snapshot should be stored in a secure and remote location. For a live cluster, you should run this on the etcd leader node. Here are steps to follow for restoring an etcd cluster from a snapshot: - Stop the API server - Restore the etcd data from the snapshot using etcdctl snapshot restore - Configure etcd to use the new data directory - Start the etcd service - Start the API server

187

What happens when a master fails? What happens when a worker fails?

Reference answer

Kubernetes is designed to be resilient to any individual node failure, master or worker. When a master fails the nodes of the cluster will keep operating, but there can be no changes including pod creation or service member changes until the master is available. When a worker fails, the master stops receiving messages from the worker. If the master does not receive status updates from the worker the node will be marked as NotReady. If a node is NotReady for 5 minutes, the master reschedules all pods that were running on the dead node to other available nodes.

188

What are Taints and Tolerations?

Reference answer

Taints and Tolerations work together to ensure Pods are not scheduled onto inappropriate Nodes. They act as a lock-and-key mechanism for cluster placement. | Concept | Applied To | Primary Function | Example Use Case | |---| | Taints | Nodes | Acts as a repellent, actively rejecting Pods from scheduling unless they have a matching toleration. | Dedicating a Node strictly for Master/Control Plane duties or specialized GPU workloads. | | Tolerations | Pods | Acts as a “VIP pass,” allowing a Pod to bypass a specific taint and schedule on that restricted Node. | Allowing a cluster monitoring agent (DaemonSet) to run on a tainted Master node. |

189

You use emptyDir for temporary data, but after a pod restart, all the data is gone. Why?

Reference answer

That's expected behavior. emptyDir is tied to the pod's lifecycle. It gets wiped whenever the pod terminates or gets rescheduled to another node.

190

Define Cluster IP

Reference answer

The Cluster IP is a Kubernetes service that offers a service inside the cluster that other apps inside cluster can access.

191

Explain the concept of Ingress

Reference answer

Ingress is a Kubernetes API object that manages external access to services, typically via HTTP/HTTPS. Instead of exposing services with LoadBalancer or NodePort, Ingress routes traffic based on hostnames, paths, or TLS settings.

192

Explain the differences between a DaemonSet and a ReplicaSet.

Reference answer

ReplicaSet | DaemonSet | |---|---| | On any node, ReplicaSet will make sure that the number of operating pods in the Kubernetes cluster match the number of pods that is planned. | Every node will have just the minimum of one pod of the application that we deployed because of DaemonSet. | | Replicaset most suitable for applications like web applications which are stateless. | If you want all nodes of the k8s cluster runs a specific pod use daemonset. |

193

What is an Ingress in Kubernetes, and how does it work?

Reference answer

An Ingress is an API object that manages external HTTP/HTTPS access to Services inside a Kubernetes cluster. It allows routing requests based on hostname and paths, acting as a reverse proxy for multiple applications. Example Ingress YAML definition: apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: my-ingress spec: rules: - host: my-app.example.com http: paths: - path: / pathType: Prefix backend: service: name: my-service port: number: 80

194

What is kubectl?

Reference answer

Kubectl is the command-line configuration tool for Kubernetes that communicates with a Kubernetes API server. Using kubectl allows you to create, inspect, update, and delete Kubernetes objects. To learn all the stuff you can do with kubectl, check out our kubectl cheatsheet.

195

What is the difference between containerd and Docker in the context of modern Kubernetes? [2026 Trend]

Reference answer

As of late 2022, Kubernetes officially deprecated Docker as its underlying runtime engine. - Docker is a complete, heavy software stack that includes a CLI, API, and image-building tools. It was not originally designed specifically for Kubernetes orchestration. - containerd is the lightweight, core runtime engine that actually runs the containers (which Docker itself uses under the hood). Modern Kubernetes directly communicates with containerd (or CRI-O) via the Container Runtime Interface (CRI). This eliminates the heavy middleman (“dockershim”), resulting in lower node resource consumption, faster pod startup times, and enhanced cluster security.

196

How do you tie a service to a pod or a set of pods in Kubernetes?

Reference answer

A Kubernetes Service ties to pods using selectors and labels. First, assign a label to the pods: labels: app: my-app Then, define a Service that selects pods with that label: selector: app: my-app This enables Kubernetes to dynamically associate the service with the correct pods, even as they scale.

197

What is a StatefulSet, and when do you need one?

Reference answer

A StatefulSet manages Pods that require stable, unique identities and persistent storage, databases, message queues, or other resources where Pods aren't interchangeable. Unlike a Deployment, a StatefulSet gives each Pod a predictable name (postgres-0 , postgres-1 ), creates them in order, and gives each its own PersistentVolumeClaim. apiVersion: apps/v1 kind: StatefulSet metadata: name: postgres spec: serviceName: postgres replicas: 3 selector: matchLabels: app: postgres template: metadata: labels: app: postgres spec: containers: - name: postgres image: postgres:16 volumeMounts: - name: data mountPath: /var/lib/postgresql/data volumeClaimTemplates: - metadata: name: data spec: accessModes: ["ReadWriteOnce"] resources: requests: storage: 20Gi Each replica gets its own PVC (data-postgres-0 , data-postgres-1 , etc.) that persists even if the Pod is rescheduled.

198

What is a Deployment in Kubernetes?

Reference answer

A Deployment is a Kubernetes resource used to manage the deployment and scaling of replica Pods, ensuring high availability and rolling updates.

199

What is a Deployment, and how do rolling updates work?

Reference answer

A Deployment manages the lifecycle of Pods through ReplicaSets. When you update a Deployment (e.g., changing the image tag), Kubernetes creates a new ReplicaSet, scales it up gradually, and scales down the old one, thereby avoiding downtime. # Update the image kubectl set image deployment/my-app app=nginx:1.28 # Watch the rollout progress kubectl rollout status deployment/my-app # View rollout history kubectl rollout history deployment/my-app # Roll back if something goes wrong kubectl rollout undo deployment/my-app You can control the speed using maxSurge and maxUnavailable in the Deployment's strategy section. For a hands-on walkthrough of rolling updates with a real data pipeline, see our Kubernetes Services and Rolling Updates tutorial.

200

What is a headless service?

Reference answer

A headless service is a special type of Kubernetes service that does not expose a cluster IP address. This means that the service will not provide load balancing to the associated pods. Headless services are useful for applications that require a unique IP per instance or for applications that do not require load balancing. For example, stateful applications such as databases often require a unique IP address per instance. By using a headless service, each instance can be given its own IP address without the need for a load balancer. Headless services can also be used to expose individual instances of an application outside of the Kubernetes cluster. This is often done by using a tool like kubectl to expose individual pods.

DON'T WANT TO MISS A THING?

Latest Cisco, PMP, AWS, CompTIA, Microsoft Materials on SALE
Get Now

Typical Kubernetes Administrator Interview Questions | SPOTO

Earn a certification to make your resume stand out.

DON'T WANT TO MISS A THING?

Latest Cisco, PMP, AWS, CompTIA, Microsoft Materials on SALE Get Now

Typical Kubernetes Administrator Interview Questions | SPOTO

Earn a certification to make your resume stand out.

Latest Cisco, PMP, AWS, CompTIA, Microsoft Materials on SALE
Get Now