K8s Interview Questions

Basic Questions:

1. Main components of a Kubernetes cluster?

   • Master Node (API Server, Controller Manager, Scheduler, etcd)
     
   • Worker Nodes (Kubelet, Kube Proxy, Container Runtime)
     

2. What is a Pod?

   • The smallest deployable unit in Kubernetes, encapsulating one or more containers.
     

3. How does Kubernetes handle service discovery?

   • Through Services (ClusterIP, NodePort, LoadBalancer) and DNS resolution via kube-dns or CoreDNS.
     

4. Deployment vs. DaemonSet vs. StatefulSet?

   • Deployment: Manages stateless applications.
     
   • DaemonSet: Ensures one Pod per node.
     
   • StatefulSet: Manages stateful applications with persistent identity.
     

5. Role of etcd?

   • A distributed key-value store for cluster state and configuration.
     

6. Namespaces in Kubernetes?

   • Logical partitions for resource isolation within a cluster.
     

7. Service vs. Ingress?

   • Service: Exposes Pods internally or externally.
     
   • Ingress: Manages HTTP/S traffic via rules.
     

8. ConfigMaps vs. Secrets?

   • ConfigMap: Stores non-sensitive config data.
     
   • Secret: Stores sensitive data, encoded in Base64.
     

Intermediate Questions:

1. What happens when a node fails?

   • Pods are rescheduled on other nodes; node-controller detects failure.
     

2. Rolling updates and rollbacks?

   • Deployments update Pods gradually; rollbacks restore previous versions.
     

3. How does HPA work?

   • Adjusts replica count based on CPU, memory, or custom metrics.
     

4. ClusterIP vs. NodePort vs. LoadBalancer?

   • ClusterIP: Internal access.
     
   • NodePort: Exposes service on node IPs.
     
   • LoadBalancer: Uses cloud provider’s LB.
     

5. Persistent Volumes (PVs) and Persistent Volume Claims (PVCs)?

   • PV: A provisioned storage resource.
     
   • PVC: A request for storage by a Pod.
     

6. Readiness vs. Liveness probe?

   • Readiness: Checks if Pod is ready to accept traffic.
     
   • Liveness: Checks if Pod is alive and should restart.
     

7. kubectl exec vs. kubectl logs?

   • kubectl exec: Run a command in a Pod.
     
   • kubectl logs: Fetch container logs.
     

8. How does RBAC work?

   • Defines access control using Roles, ClusterRoles, RoleBindings, ClusterRoleBindings.
     

Advanced Questions:

1. How does Kubernetes schedule Pods?

   • Uses Scheduler based on node availability, resource requests, affinity rules.
     

2. How to troubleshoot a failing Pod?

   • Check logs (kubectl logs), events (kubectl describe), and probe failures.
     

3. How do Network Policies work?

   • Control Pod-to-Pod and Pod-to-external traffic using rules.
     

4. What is a sidecar pattern?

   • A helper container (e.g., logging, proxy) running alongside the main app in a Pod.
     

5. How does Kubernetes implement multi-tenancy?

   • Via Namespaces, RBAC, Network Policies, and Resource Quotas.
     

6. How to secure a Kubernetes cluster?

   • RBAC, Network Policies, TLS, Secrets encryption, Pod Security Policies.
     

7. How does Istio enhance networking?

   • Provides service mesh capabilities (traffic management, security, observability).
     

8. Challenges with Kubernetes in production?

   • Security, networking, monitoring, resource limits, auto-scaling complexities.
     

9. TLS in an air-gapped Kubernetes cluster?

   • Use cert-manager, custom CA, Vault, or manual certificate management.