Top 100 Kubernetes Interview Questions and Answers
What is Kubernetes?
Kubernetes is an open-source container orchestration platform that automates the deployment, scaling, and management of containerized applications. It groups containers that make up an application into logical units for easy management and discovery
What is a container?
A container is a lightweight, standalone, executable software package that includes everything needed to run an application, including code, runtime, system tools, libraries, and settings.
What are the benefits of using Kubernetes?
Kubernetes automates application deployment, scaling, and management, making it easy to deploy and manage container-based applications at scale. Other benefits include:
Simplified application management
Improved scaling and availability
Easy deployment and rollback
Improved resource utilization
Increased portability and flexibility
What is a Kubernetes cluster?
A Kubernetes cluster is a set of nodes (machines) that run containerized applications. It has at least one master node and multiple worker nodes. The master node controls the cluster and manages its resources, while worker nodes execute containerized applications and tasks.
How are Kubernetes clusters created?
A Kubernetes (K8s) cluster can be created using a variety of tools, including:
Minikube
An open-source tool that can be used to create a simple cluster with one worker node. It's compatible with Linux, Mac, and Windows.
Kubeadm
A tool that can be used to create a cluster that meets best practices and passes Kubernetes Conformance tests. It can also be used for other cluster lifecycle functions, like bootstrap tokens and cluster upgrades.
Kubectl
A command-line tool that can be used to communicate with a Kubernetes cluster's control plane.
Helm
A tool that can be used to create and deploy resources
🔧 Tool-by-Tool Explanation:
🧱 1. kubeadm – Cluster Installer
✅ Sets up a Kubernetes control plane and worker nodes.
✅ Used to build clusters manually (multi-node setups).
🔧 Requires setting up things like networking (Calico/Flannel) manually.
🧠 Best for learning how real clusters work.
🖥️ 2. minikube – Easiest Local Cluster
✅ Runs a local, single-node Kubernetes cluster inside a VM or container.
✅ Quick to install for testing and learning.
🧠 Ideal for developers or beginners.
🎯 Minikube is the best choice for local development and fast setup.
🛠️ 3. kubectl – Command-Line Tool
✅ Used to control the cluster (deploy apps, get pod logs, scale, etc.).
🧠 Think of it like "Kubernetes remote control".
Works with any cluster:
minikube,kubeadm, or even cloud ones.
📦 4. helm – Kubernetes Package Manager
✅ Deploys pre-packaged apps (called Helm charts).
✅ Example: Easily install NGINX, Prometheus, databases, etc.
🧠 Great for managing complex apps with configs.
🧠 Summary (Easy to Remember)
| Tool | Purpose | Use Case |
kubeadm | Sets up a real Kubernetes cluster | Learning a real-world setup |
minikube | Quick local cluster (1 node) | Development, testing, demos |
kubectl | Manages cluster & apps | Run commands, check status |
helm | Deploys apps using charts | Reusable, templated deployments |
What is a Node in Kubernetes?
A node is a machine—either a virtual or physical machine—where Kubernetes runs the Pods. There are two types of nodes:
● Master Node: Responsible for the management of the Kubernetes cluster.
● Worker Node: Responsible for running the containers and workloads.
What is a Deployment in Kubernetes?
A Deployment is a high-level Kubernetes controller used to manage application updates and lifecycle. It automatically handles:
Creating pods
Maintaining the desired number of replicas
Updating pods (rolling updates)
Rolling back to previous versions
What is manifest in Kubernetes?
A manifest is a YAML or JSON file that specifies the desired state of a Kubernetes object.
Explain the Kubernetes Master components.
● API Server: Exposes the Kubernetes API and acts as the frontend for the Kubernetes control plane.
● Controller Manager: Manages controllers such as the replication controller and node controller. The cloud controller manager is responsible for managing integration with cloud providers, such as AWS, GCP, or Azure.
● Scheduler: The Kubernetes scheduler is responsible for scheduling pods to run on available nodes in the cluster based on available resources and other scheduling requirements.
● etcd: etcd is a distributed, reliable, and highly available key-value store used to store the configuration data for the Kubernetes cluster.
Difference between Kubernetes and OpenShift
| Feature | Kubernetes | OpenShift |
| Core Purpose | A container orchestration platform for deploying, scaling, and managing containerized applications. | Enterprise Kubernetes distribution with added features for management, security, and developer workflows. |
| Origin | Developed by Google, now maintained by the Cloud Native Computing Foundation (CNCF). | Developed by Red Hat, based on Kubernetes, with added enterprise-level features. |
| Components | Core Kubernetes components (API server, scheduler, controller manager, etc.). Additional tools can be integrated as needed (e.g., Prometheus, Helm). | Includes Kubernetes plus additional tools (e.g., OpenShift Registry, OpenShift Router, built-in CI/CD, Source-to-Image (S2I), integrated monitoring). |
| Security | Provides basic security features like Role-Based Access Control (RBAC), Network Policies, and PodSecurityPolicies. | Enhanced security out of the box, including non-root containers by default, SELinux integration, OAuth authentication, and integrated security policies. |
| Installation & Setup | Manual setup often requires tools like kubeadm. Highly flexible but can be complex to configure. | Streamlined, opinionated installation with a guided installer. Simplifies setup for enterprise environments. |
| User Interface | No native web UI, but external tools like Kubernetes Dashboard or Lens can be used. | Provides a comprehensive web console with a user-friendly interface for developers and administrators. |
| Developer Tools | Requires integration of third-party tools like Jenkins, GitLab, or Helm for CI/CD and app management. | Built-in developer tools like Source-to-Image (S2I), OpenShift Pipelines (CI/CD), and integrated GitOps. |
| CI/CD Support | No built-in CI/CD. External tools like Jenkins or Tekton are needed. | Built-in OpenShift Pipelines, a Kubernetes-native CI/CD tool with integrated workflows. |
| Container Registry | External container registries like Docker Hub, GCR, or ECR are used. | Built-in internal container registry integrated into the OpenShift platform. |
| Networking | Flexible, with multiple CNI plugins available (e.g., Calico, Flannel). Requires configuration for Ingress and load balancing. | Integrated OpenShift SDN or OVN-Kubernetes networking. Offers pre-configured solutions for Ingress, load balancing, and service discovery. |
| Scaling | Horizontal scaling with native support via Kubernetes' Horizontal Pod Autoscaler (HPA). | Horizontal scaling with enhanced controls through OpenShift Horizontal Pod Autoscaler and integrated metrics. |
| Logging & Monitoring | Typically needs third-party solutions like Prometheus, Grafana, or the ELK stack for monitoring and logging. | Built-in monitoring and logging solutions using Prometheus, Grafana, and the ELK stack for centralized logging and monitoring. |
| Customization | Highly customizable and flexible, but requires additional configuration for features like logging, monitoring, and CI/CD. | Opinionated setup but still allows customization. Pre-integrated solutions are ready out of the box. |
| Multi-cluster Management | Kubernetes can support multi-cluster management using third-party tools like Rancher or Anthos. | OpenShift includes tools for managing multi-cluster environments with Red Hat Advanced Cluster Management (ACM). |
| Community Support | Large open-source community with broad ecosystem support. Extensive documentation and resources. | Backed by Red Hat with enterprise support, plus an active open-source community. |
| Cost | Free to use; costs come from infrastructure and additional tools you need to integrate. | OpenShift is free for small use cases but typically requires a Red Hat subscription for full enterprise support. |
Key Takeaways:
Kubernetes is a highly flexible container orchestration platform that provides the core functionalities of container management, while OpenShift builds on Kubernetes and adds a lot of extra tools and features to simplify enterprise container management, especially around security, CI/CD, and developer workflows.
OpenShift has enterprise-grade features (security, registry, CI/CD, etc.) out of the box, making it easier for large-scale organizations to use Kubernetes effectively.
Kubernetes provides more flexibility and a "DIY" approach, whereas OpenShift offers a more opinionated, integrated solution that's designed to make enterprise container management easier and more secure.
Which one you choose depends largely on your needs:
For flexibility and control over your container ecosystem, Kubernetes is a better fit.
For enterprise-grade features and an out-of-the-box experience, OpenShift is a great choice, especially if you're looking for built-in security, CI/CD, and developer tools.
Explain the Kubernetes Control Plane.
The Kubernetes Control Plane is the collection of processes that control Kubernetes nodes. It consists of the API server, controller manager, scheduler, etcd, and cloud controller manager. It ensures that the desired state of the system matches the current state.
What is a pod in Kubernetes?
A Pod is the smallest and most basic unit in Kubernetes. It represents a single instance of a running process in your cluster. A Pod can contain one or more containers, such as Docker containers, which share storage and network resources.
How do you restrict pod-to-pod communication in a cluster?
To restrict pod-to-pod communication in a Kubernetes cluster, you use Network Policies.
By default, all pods in a cluster can talk to each other freely (i.e., there are no restrictions). Network policies allow you to define rules that control traffic at the IP and port level — much like a firewall between pods.
What is the kube-controller-manager?
The kube-controller-manager is responsible for running various controller processes that monitor the state of the cluster and make changes as necessary.
What is the kubelet in Kubernetes?
kubelet It is a node agent in Kubernetes that manages and coordinates pods and nodes
What is the kube-proxy in Kubernetes?
kube-proxy is a network proxy that runs on each node in the cluster and is responsible for forwarding traffic to the appropriate pods. It implements network rules defined by Kubernetes Services to ensure efficient load balancing and communication.
What is a container runtime in Kubernetes?
A container runtime is responsible for starting and stopping containers on a node. Examples include Docker, containerd, and CRI-O.
Have you upgraded any Kubernetes clusters?
We can use EKS version upgrades or kubeadm with rolling node upgrades while minimizing downtime.
How do you deploy an application in a Kubernetes cluster?
By applying YAML manifests with kubectl, or using Helm charts and CI/CD pipelines.
How do you upgrade a Kubernetes cluster in Production?
Upgrading a production Kubernetes cluster must be done carefully to avoid downtime. I follow a zero-downtime, step-by-step approach, with testing, backups, and node-by-node upgrades.
🔑 Key Steps (for Production Upgrade):
🔹 1. Backup Everything
🔹 2. Test in Staging First
🔹 3. Plan a Maintenance Window (if needed)
🔹 4. Drain One Node at a Time
🔹 5. Upgrade Components
🔹 6. Restart and Rejoin the Node
🔹 7. Repeat for Each Node
🔹 8. Post-Upgrade Validation
🔹 9. Monitor for Issues
If using managed services like EKS or GKE, I use the provider's console or CLI to upgrade the control plane first, then gradually roll out node group upgrades.
Why use a namespace in Kubernetes?
Namespaces are virtual clusters within a Kubernetes cluster that allow for the separation of resources and the organization of workloads. They help in dividing cluster resources among multiple users or teams.
✅ What is kops?
kops (Kubernetes Operations) is a CLI tool to create, manage, upgrade, and delete Kubernetes clusters on cloud platforms like AWS (primary), GCP (experimental), and others.
🔧 ✅ When You Can Use kops
| Use Case | Supported by kops? | Notes |
| AWS Kubernetes clusters | ✅ Yes | Strong support (the most stable platform for kops) |
| Manage 10s of clusters | ✅ Yes | kops can scale well for small–medium fleets |
| Multi-AZ HA cluster setups | ✅ Yes | Built-in support for HA deployments |
| Self-managed Kubernetes | ✅ Yes | You get full control (vs managed like EKS) |
| Cluster upgrades | ✅ Yes | Manual or scripted using kops upgrade |
| GitOps integration | ✅ Yes | Possible via Git + automation, but not native |
Kubernetes Networking
What is a Kubernetes service?
A Service is how you expose your pods to other pods, external users, or the internet, even if the underlying pods keep changing.
🔍 Why Services Are Needed
Pods in Kubernetes are ephemeral — they come and go.
Each pod gets its own IP address, which changes when pods are recreated.
You can't rely on pod IPs to stay the same.
✅ A Service gives your app a permanent address to connect to, even when the actual pods change behind the scenes
What are the types of Kubernetes Services?
● ClusterIP: Exposes the Service only within the cluster.
● NodePort: Exposes the Service on a static port on each node's IP.
● LoadBalancer: Exposes the Service externally using a cloud provider's load balancer.
● ExternalName: Maps a Service to an external DNS name
● Headless (no cluster IP; used for direct pod access)
What is a headless service in Kubernetes?
A headless service is a service with no cluster IP (clusterIP: None). It’s used when you want direct access to the underlying pods, such as for StatefulSets or service discovery.
What is a ConfigMap in Kubernetes?
ConfigMaps are used to inject configuration data into containers. It lets you separate configuration from your application code, so you can update settings without changing the container image.
You can follow up with a quick example if asked:
For example, I can store environment variables or config files in a ConfigMap and then use them in my pods.
What is the default network model in Kubernetes?
- The default network model in Kubernetes is a flat Pod network. This means that all Pods, regardless of where they are running within the cluster, can communicate directly with each other, assuming no additional network policies are set to restrict traffic
✅ Day-to-Day Activities in Kubernetes
🔧 1. Managing Deployments
Create/update/delete Deployments, ReplicaSets, and Pods
Perform rolling updates and rollbacks
Monitor deployment status:
kubectl rollout status deployment/my-app
📦 2. Pod and Container Monitoring
Check pod status, restarts, and logs:
kubectl get pods kubectl describe pod <pod-name> kubectl logs <pod-name>Watch for issues like:
CrashLoopBackOffImagePullBackOffResource limits are being hit
🔍 3. Debugging and Troubleshooting
Use
kubectl execto get inside a container:kubectl exec -it <pod-name> -- /bin/bashAnalyze logs and events:
kubectl get events
📁 4. Managing Configurations
Work with:
ConfigMaps – externalize app configs
Secrets – store credentials securely
Apply YAML files:
kubectl apply -f config.yaml
🔄 5. Scaling Applications
Manually scale replicas:
kubectl scale deployment/my-app --replicas=5Set up Horizontal Pod Autoscalers (HPA) based on CPU/memory usage.
🔐 6. Managing Access and Security
Create and update RBAC roles, ServiceAccounts, and network policies
Control access to namespaces, services, and resources
🧠 7. Observability
Set up and use:
Prometheus for metrics
Grafana for dashboards
ELK Stack or Fluentd for log aggregation
Kubernetes Dashboard or Lens
🌐 8. Managing Networking
Create and expose Services (
ClusterIP,NodePort,LoadBalancer)Configure and troubleshoot Ingress controllers and rules
📚 9. Maintaining Cluster Health
Check node status:
kubectl get nodesMonitor resource usage (CPU/memory)
Perform cluster upgrades (in managed services like EKS, GKE)
💻 10. CI/CD Integration
Monitor and trigger pipelines that:
Build images
Push to registries
Deploy to the cluster using
kubectl,Helm, orKustomize
What is a Kubernetes DNS?
Kubernetes DNS is a service that provides DNS resolution for services and pods in a Kubernetes cluster.
What is a pod network in Kubernetes?
A pod network is a network overlay that connects pods in a Kubernetes cluster.
What is the Kubernetes CNI (Container Networking Interface)?
The Kubernetes CNI is a specification that defines a standardized interface for integrating with container networking plugins.
Deploying Applications in Kubernetes
What is the difference between CNI, CSI, and CRI in Kubernetes?
● CNI (Container Network Interface): Standard interface for network configuration.
● CSI (Container Storage Interface): Standard interface for storage configuration.
● CRI (Container Runtime Interface): Standard interface for interacting with container runtimes like Docker, CRI-O, or containerd.
What is a Kubernetes pod template?
A Kubernetes pod template defines the desired configuration for a pod, including the container image, environment variables, and other settings.
What is a Kubernetes replica set?
A ReplicaSet ensures that a specified number of identical Pods are running at any given time. If a Pod fails, the ReplicaSet will automatically create a new Pod to replace it.
What is a StatefulSet in Kubernetes?
A StatefulSet is a Kubernetes workload API object used to manage stateful applications. It provides unique identities and stable, persistent storage for each Pod, ensuring order and persistence across Pod restarts and scaling.
What is a Kubernetes daemon set?
A DaemonSet ensures that a copy of a Pod runs on all (or some) worker nodes. It is useful for running background processes like log collection or monitoring on every node.
What is a Kubernetes job?
A Kubernetes job runs a specific task to completion, such as running a batch job or performing a data processing task.
How do you communicate with a Jenkins server and a Kubernetes cluster?
Jenkins connects via kube config or Kubernetes plugins to deploy workloads directly to the cluster.
Application deployed in EKS but not accessible externally — how will you debug?
Check Service type (Load Balancer / Node Port)
Check Ingress configuration.
Check Security Groups inbound rules.
Check NACLs / VPC routing.
Check DNS mapping.
Check if pods are running and service endpoints exist
How does communication happen in an EKS cluster?
• Kubernetes network (CNI plugin)
• Service (ClusterIP / NodePort / LoadBalancer)
• CoreDNS
• VPC routing
Do you only update Docker images in Kubernetes, or also update replicas, storage levels, and CPU allocation?
Not only images, but also replicas, storage, and CPU/memory settings are updated via Deployment or Stateful Set manifests.
Kubernetes Scheduling and Scaling
What is Kubernetes scheduling?
Kubernetes scheduling is the process of assigning a running pod to a node in the cluster.
What is Kubernetes' scheduling policy?
Kubernetes scheduling policy is a set of rules and criteria used to determine which node in the cluster should run a specific pod.
Pod Affinity & Pod Anti-Affinity
Pod Affinity is a Kubernetes feature that tells the scheduler to place your pod on a node where certain other pods are already running.
It is used when you want your pod to be close to (co-located with) other specific pods.
Pod Anti-Affinity is a Kubernetes feature that tells the scheduler to avoid placing your pod on a node where certain other pods are already running.
It is used when you want your pods to be spread out (not co-located) for better availability or performance.
Pod Affinity = Place a Pod close to other Pods (on the same node, zone, or region).
Pod Anti-Affinity = Place a Pod away from certain Pods (spread out across nodes or zones). Example: Ensure frontend Pods run on the same node/zone as backend Pods.
Kubernetes taints and toleration
Taint
Taint is applied on a node to restrict pod scheduling.
It tells Kubernetes:
👉 "Do not schedule any pods on this node unless the pod has a matching toleration."
Taints are used to keep unwanted pods off certain nodes.
Toleration
Toleration is applied on pods to allow them to run on tainted nodes.
It tells Kubernetes:
👉 "This pod is allowed to be scheduled on nodes with a matching taint."
Tolerations are like a permission for pods to run on tainted nodes.
Used to Isolate workloads, e.g., run only specific apps on specific nodes.
What is Kubernetes horizontal pod autoscaling (HPA)?
The Horizontal Pod Autoscaler automatically scales the number of Pods in a deployment based on observed CPU utilization, memory usage, or other custom metrics.
What is Kubernetes Vertical Pod Autoscaling (VPA)?
Kubernetes VPA automatically adjusts the resource requirements of a pod based on the current resource usage.
What is Kubernetes cluster autoscaling?
Kubernetes cluster autoscaling automatically scales the number of nodes in a cluster based on the current demand for resources.
Monitoring and Logging in Kubernetes
🚀 How a Kubernetes Cluster is Monitored Using Prometheus and Grafana
🧠 1️⃣ Prometheus — Data Collection Layer
Prometheus is the main monitoring tool that collects and stores metrics from your Kubernetes cluster.
It works by scraping metrics endpoints (usually
/metricsendpoints exposed by components).It gathers metrics from:
Kubelet (node-level metrics)
API Server
kube-state-metrics (for object-level metrics like Pods, Deployments, etc.)
cAdvisor (for container-level metrics like CPU, memory)
Node Exporter (for system-level metrics)
Application metrics (if instrumented)
⚙️ 2️⃣ Grafana — Visualization Layer
Grafana connects to Prometheus as a data source.
It provides beautiful dashboards and visualizations of cluster health, performance, and resource usage.
You can monitor:
Node health and utilization
Pod CPU & memory usage
Cluster-wide resource consumption
Network traffic
Application-specific metrics
🔗 3️⃣ How They Work Together (Flow)
Prometheus scrapes metrics from Kubernetes components and pods.
Prometheus stores this time-series data in its internal database.
Grafana queries Prometheus to visualize data using dashboards.
You can set alerts in Prometheus or Grafana Alerting to trigger notifications (e.g., Slack, email) when thresholds are crossed.
📊 Example Metrics You Can Monitor
| Component | Metric Example | Description |
| Node | node_cpu_usage_seconds_total | CPU usage per node |
| Pod | container_memory_usage_bytes | Pod memory usage |
| Cluster | kube_pod_status_phase | Pod running/pending status |
| Application | Custom metrics (e.g., requests/sec) | App performance metrics |
🧠 Summary
“In Kubernetes, we use Prometheus and Grafana for cluster monitoring. Prometheus scrapes metrics from Kubernetes components like the API server, kubelet, and cAdvisor, and stores them as time-series data. Grafana connects to Prometheus as a data source to visualize these metrics on dashboards. We can monitor pod health, node performance, and cluster utilization, and configure alerts for any performance degradation.
What is Kubernetes logging?
Kubernetes logging is the process of collecting and analyzing the logs generated by the applications and services running in a Kubernetes cluster.
What is Kubernetes Prometheus?
Kubernetes Prometheus is an open-source monitoring and alerting toolkit that collects metrics and data from the Kubernetes API server.
What is Kubernetes Grafana?
Kubernetes Grafana is an open-source data visualization and analysis tool that provides real-time monitoring and analysis of Kubernetes clusters.
What is Kubernetes Fluentd?
Kubernetes Fluentd is an open-source data collection and forwarding tool that aggregates logs and sends them to a central location for analysis and storage.
What is Kubernetes Kibana?
Kubernetes Kibana is an open-source data visualization and analysis tool that provides real-time analysis of logs and other data generated by Kubernetes clusters.
What are Persistent Volumes (PV) and Persistent Volume Claims (PVC)?
● PV: A storage resource in a Kubernetes cluster that is provisioned by an admin or dynamically.
● PVC: A request for storage by a user that links to a PV to provide persistent storage for Pods
Kubernetes Security
What is Kubernetes RBAC (Role-Based Access Control)?
Kubernetes RBAC (Role-Based Access Control) is a security mechanism that controls who can do what in a Kubernetes cluster.
It governs permissions for users, groups, and service accounts to interact with Kubernetes resources—like pods, deployments, secrets, etc.
A Service Account in Kubernetes is an identity automatically assigned to a pod or workload, allowing it to interact with the Kubernetes API securely, without using a user login or password.
RBAC is controlled through Kubernetes resources like:
| Resource | Purpose |
Role | Defines permissions within a namespace |
ClusterRole | Defines permissions cluster-wide |
RoleBinding | Assigns a Role to a user/service account |
ClusterRoleBinding | Assigns a ClusterRole to a user/Service Account/group |
What is Kubernetes TLS (Transport Layer Security)?
Kubernetes TLS is a security protocol used to secure client-server communications within a Kubernetes cluster.
What are Kubernetes network policies?
Network Policies are used to control traffic between Pods, namespaces, or external entities. They allow you to define rules for what type of traffic is allowed to flow in and out of the Pods.
What are Kubernetes pod security policies?
Kubernetes pod security policies are a set of policies that control the security settings for pods deployed in a Kubernetes cluster.
What are Kubernetes secrets?
Kubernetes secrets are a secure way to store sensitive information, such as passwords, API keys, OAuth tokens, SSH keys, and other authentication tokens, used by applications running in a Kubernetes cluster. Secrets can be mounted as volumes or exposed as environment variables to Pods.
What is a Kubernetes pod security context?
Kubernetes pod security context provides a way to set security-related attributes on a per-pod basis, such as user and group IDs, and file permissions.
Kubernetes Tools and APIs
What is kubectl?
kubectl is the command-line tool used to interact with a Kubernetes cluster.
What is the Kubernetes API?
The Kubernetes API is a RESTful API used to manage and operate Kubernetes clusters.
What is Kubernetes Helm?
Helm is a package manager for Kubernetes.
A Helm chart bundles YAML files (Deployments, Services, Ingress) into one reusable template..
With Helm
Helm packages and deploys Kubernetes applications using reusable, versioned charts for easy installation, upgrades, and rollbacks.
Without Helm
Without Helm, you manually apply multiple Kubernetes YAML files using kubectl, making deployments harder to maintain and update.
What is the difference between Helm and Kustomize?
● Helm: Template-based package manager that allows creating, managing, and upgrading Kubernetes applications.
● Kustomize: Kustomize is a Kubernetes-native configuration management tool used to customize Kubernetes YAML files without copying or modifying the original files.
What is Kubernetes Dashboard?
Kubernetes Dashboard is a web-based user interface for managing and monitoring Kubernetes clusters.
Debugging and Troubleshooting in Kubernetes
What is a Kubernetes pod readiness probe?
Kubernetes pod readiness probe is used to determine if a pod is ready to serve traffic.
What is a Kubernetes pod liveness probe?
Kubernetes pod liveness probe is used to determine if a pod is alive and running.
How do you troubleshoot a Kubernetes pod?
Troubleshooting a Kubernetes pod involves checking logs, investigating resource utilization, and inspecting the pod status and events.
What are Kubernetes kubectl logs?
Kubernetes kubectl logs are the commands to retrieve the logs generated by a specific pod.
What does Kubernetes kubectl describe?
Kubernetes kubectl is the command that gets detailed information about a Kubernetes object, such as a pod, replication controller, or service.
Kubernetes Cluster Administration
What is Kubernetes cluster management?
Kubernetes cluster management involves configuring and maintaining the Kubernetes control plane, worker nodes, and network settings.
What is Kubernetes API server authorization?
Kubernetes API server authorization controls who can access and perform actions against the Kubernetes API server.
What is Kubernetes cluster backup and restore?
Kubernetes cluster backup and restore involve backing up and restoring the configuration and data stored in the Kubernetes objects, such as pods, services, and deployments.
How does Kubernetes perform a rolling update?
A rolling update can be performed using Kubernetes kubectl apply or by updating the deployment manifest. It replaces Pods incrementally with new versions to avoid downtime.
Kubernetes Best Practices
What are the best practices for deploying applications in Kubernetes?
Best practices for deploying applications in Kubernetes include:
Using declarative deployment methods, such as Deployments or Helm charts
Separating concerns between services by deploying them in separate namespaces
Using liveness and readiness probes to ensure the health of the application
Setting resource limits and requests to ensure adequate resources for the application
Securing Microservices in Kubernetes
Network Policies to control Pod-to-Pod communication (zero trust).
RBAC to limit access.
Secrets in Kubernetes for storing sensitive data.
TLS/SSL everywhere (Ingress, service-to-service).
Image security tools like Trivy, Clair for scanning.
Pod Security Standards (restricted, baseline)
Secrets Management: Secure storage of sensitive data like passwords and API keys.
Audit Logs: Logs API calls to monitor actions for compliance and security.
What are the best practices for Kubernetes performance optimization?
Best practices for Kubernetes performance optimization include:
Setting resource limits and requests to ensure adequate resources for the application
Using horizontal and vertical pod autoscaling
Optimizing container images for size and performance
Monitoring and tuning the system and application performance
Developing with Kubernetes
What is the Kubernetes operator?
An Operator is a method of packaging, deploying, and managing a Kubernetes application. Operators extend Kubernetes' functionality by managing the lifecycle of complex applications and automating common tasks such as configuration, scaling, and backup.
What is Kubernete's custom resource definition?
A CRD allows users to define custom resources to extend Kubernetes capabilities. CRDs let you create new resource types in your cluster that behave similarly to built-in Kubernetes resources like Pods or Services, allowing for more specialized functionalities within Kubernetes..
What is a Kubernetes CRD controller?
Kubernetes CRD controller is used to define the behavior of the custom resources and their interactions with other Kubernetes components.
What is Kubernetes Istio?
Kubernetes Istio is an open-source service mesh that provides traffic management, observability, and security for microservices-based applications.
What is Kubernetes service mesh?
A Service Mesh, like Istio or Linkerd, provides traffic management, observability, and security between microservices within a Kubernetes cluster. It abstracts the communication between services and offers features like load balancing, service discovery, and failure recovery.
What is Kubernetes Ingress, and how do we access applications deployed on-premises?
A Kubernetes object that manages external HTTP/HTTPS access to services within a cluster, typically via URL routing or host-based routing. To access on-prem applications:
Use an Ingress Controller (e.g., NGINX).
Combine with DNS + reverse proxy or use VPN/Direct Connect for network access.
🔁 Ingress vs TLS (in context of Kubernetes):
| Feature | Ingress | TLS |
| Purpose | Routes external traffic to internal services | Secures traffic with encryption |
| Works with | HTTP/HTTPS | HTTPS only |
| Use case | Define access rules (host/path-based) | Encrypt Ingress traffic using certificates |
| Example | Route example.com/app to a service | Secure https://example.com With a cert |
What is a Kubernetes gateway?
Kubernetes gateway is a network entry point that manages incoming and outgoing traffic for a service mesh.
Kubertenes Runtime
What is Kubernetes containerd?
Kubernetes containerd is a lightweight, non-intrusive container runtime for Kubernetes.
What is Kubernetes CRI-O?
Kubernetes CRI-O is a container runtime designed specifically for Kubernetes, providing a lightweight and fast container runtime for Kubernetes environments.
What is Kubernetes KubeVirt?
Kubernetes KubeVirt is an open-source virtual machine runtime for Kubernetes, allowing users to deploy and manage virtual machines alongside Kubernetes workloads.
What are Kubernetes Kata Containers?
Kubernetes Kata Containers is a secure container runtime option for Kubernetes, providing hardware-implemented isolation to ensure security and isolation between containers.
Kubernetes Cloud-Native Development
What is Kubernetes cloud-native development?
Kubernetes cloud-native development is a software development methodology that maximizes the use of Kubernetes to build, deploy, and manage cloud-native applications.
What is the Kubernetes software development kit (SDK)?
Kubernetes software development kit (SDK) is a set of tools and libraries that help developers build, deploy, and manage cloud-native applications on Kubernetes.
Miscellaneous
What is the difference between a deployment and a stateful set in Kubernetes?
● Deployment: Best for stateless applications, provides scaling and rolling updates.
● StatefulSet: Best for stateful applications requiring persistent storage and ordered deployment
What is Kubernetes Configuration Management?
Kubernetes Configuration Management is the automated management of configuration files and settings across a Kubernetes cluster.
What is Kubernetes container orchestration?
Kubernetes container orchestration is the automated process of deploying, scaling, and managing containerized applications in a Kubernetes cluster.
What is Kubernetes containerization?
Kubernetes containerization is the process of packaging an application and all its dependencies into a container for deployment and management.
What is Kubernetes cloud deployment?
Kubernetes cloud deployment is the deployment of Kubernetes clusters on cloud platforms, such as AWS, Azure, or GCP.
What is a Kubernetes on-premises deployment?
Kubernetes on-premises deployment is the deployment of Kubernetes clusters on private or enterprise servers and data centers.
Scenario-Based Kubernetes Questions
How would you troubleshoot a Kubernetes Pod stuck in the CrashLoopBackOff state?
● Check logs using kubectl logs
● Investigate the events using kubectl describe pod
● Ensure there are no misconfigurations in the Pod definition (like wrong image names, missing config maps, etc.)
What would you do if a Kubernetes node becomes NotReady?
● Use kubectl get nodes to check the node status
● Inspect the node using kubectl describe node
● Check logs on the node (journalctl, dmesg)
● Investigate kubelet and networking issues.
How would you handle a high CPU usage issue in your Kubernetes cluster?
● Use kubectl top to check Pod and node-level resource consumption.
● Set resource limits and requests in the Pod definitions.
● Implement Horizontal Pod Autoscaler (HPA) for automatic scaling.
Explain the purpose of Kubernetes Jobs and CronJobs.
● Jobs: A Kubernetes Job creates one or more Pods to complete a task and ensures that it finishes successfully. It is commonly used for batch or one-time tasks.
● CronJobs: A CronJob is used to schedule Jobs at specific times or intervals, similar to cron scheduling in Linux, and is useful for periodic or recurring tasks.
Kubernetes Best Practices for DevOps Engineers
1. Optimize Resource Management: Set appropriate CPU and memory requests and limits for each Pod to prevent resource contention and optimize node utilization.
2. Implement Automated Scaling: Use Horizontal Pod Autoscaler (HPA) for scaling Pods based on resource usage, and Cluster Autoscaler to manage node scaling dynamically.
3. Leverage Rolling Updates and Rollbacks: Implement rolling updates for minimal downtime and use kubectl rollout undo for fast rollback in case of deployment issues.
4. Use Namespaces for Isolation: Separate environments or teams by using Namespaces, enhancing security and resource management.
5. Enable Monitoring and Logging: Use Prometheus, Grafana, and Elasticsearch to monitor cluster health and track logs, identifying and resolving issues proactively.
6. Secure Sensitive Data with Secrets Management: Use Kubernetes Secrets with encryption, and consider tools like HashiCorp Vault or AWS Secrets Manager for enhanced security.
7. Utilize Network Policies for Security: Implement Network Policies to define which Pods can communicate with each other, reducing the attack surface within the cluster.
8. Adopt Infrastructure as Code (IaC): Use Helm, Kustomize, or Terraform to manage Kubernetes configurations, promoting repeatability and version control.
9. Employ Role-Based Access Control (RBAC): Configure RBAC to enforce the principle of least privilege, ensuring that users and applications have only the permissions necessary to perform their tasks.
10. Maintain Up-to-Date Cluster Versions: Regularly update Kubernetes to the latest stable version to benefit from security patches and new features.
11. Plan for Backup and Disaster Recovery: Back up etcd data and create disaster recovery plans for critical applications.
12. Utilize a Service Mesh for Advanced Communication Needs: If using microservices, consider a service mesh like Istio or Linkerd for traffic management, observability, and fault tolerance.
Advance Questions
Q1: Take me through a full cycle of an app deployment from code to an app running on a pod/deployment.
Write the application code (e.g., Python, Node.js, Go, etc.).
Create a Dockerfile to containerize the app.
FROM node:18-alpine WORKDIR /app COPY package*.json ./ RUN npm install COPY . . CMD ["npm", "start"]Build the container image
docker build -t my-app:v1 .Push the image to a container registry (e.g., Docker Hub, ECR, GCR, etc.)
docker push myrepo/my-app:v1Create Kubernetes manifests
Deployment.yaml defines how many replicas (Pods) to run
Service.yaml exposes the app inside or outside the cluster
Apply manifests to the cluster
kubectl apply -f deployment.yaml kubectl apply -f service.yamlKubernetes actions:
The Deployment controller creates a ReplicaSet
The ReplicaSet creates Pods
The Scheduler assigns Pods to worker nodes
The Kubelet on each node pulls the image, starts containers, and reports health
App is now running and accessible via Service (ClusterIP, NodePort, or Ingress).
Q2: Can you mention some good practices to follow when creating containers?
✅ Best practices:
Use small, minimal base images (e.g.,
alpine,distroless)Run as a non-root user for better security
Use multi-stage builds to reduce image size
Keep one main process per container
Avoid storing state inside containers (use volumes or external storage)
Pin versions (of base images and dependencies) for reproducibility
Use health checks (liveness/readiness probes in K8s)
Don’t hardcode configs/secrets — use ConfigMaps and Secrets
Scan images for vulnerabilities (e.g., Trivy, Clair)
Use
.dockerignoreto exclude unnecessary files
Q3: Can you explain a simple K8s cluster architecture and the components within it?
🧠 Control Plane (Master Node)
Responsible for managing the entire cluster.
API Server – Front door to the cluster (accepts
kubectl& other API calls)etcd – Key-value store for cluster state and configuration
Controller Manager – Ensures desired state (e.g., number of Pods) matches actual state
Scheduler – Assigns Pods to suitable worker nodes
Cloud Controller Manager (optional) – Integrates with cloud providers
⚒️ Worker Nodes
Where your applications actually run.
Kubelet – Agent that manages Pods and reports to control plane
Kube Proxy – Handles networking and Service routing
Container Runtime – Runs the containers (e.g., containerd, CRI-O)
🔄 Cluster Networking
CNI Plugin (e.g., Calico, Cilium) – Enables Pod-to-Pod communication
CoreDNS – Provides internal service discovery
Q4: What happens when a master node fails?
The API Server and control plane components on that node become unavailable.
The cluster state in etcd remains intact (if etcd is healthy).
Existing workloads continue running on worker nodes — Kubernetes is declarative, so Pods already running are unaffected.
However, no new scheduling, scaling, or API operations can occur until the control plane is restored.
In an HA setup, other control plane nodes automatically take over.
Q5: What happens when a worker node fails?
The Kubelet stops sending heartbeats to the control plane.
After a grace period (default ~5 minutes), the node is marked “NotReady.”
The Controller Manager then:
Evicts Pods from that node.
Reschedules them onto healthy nodes.
If PersistentVolumes were used, data can be reattached depending on the storage type (e.g., EBS, CSI).
Q6: What is an Ingress controller?
Ingress is a Kubernetes object that defines HTTP/HTTPS routing rules for external access to Services.
Ingress Controller is the component that implements those rules.
It acts as an L7 (application layer) reverse proxy — examples:
NGINX Ingress Controller
Traefik
HAProxy
AWS Load Balancer Controller
You use it to expose multiple apps via a single external IP and route requests by domain or path.
🧩 Example:
rules:
- host: myapp.com
http:
paths:
- path: /api
backend:
service:
name: backend-service
port:
number: 80
Q7: How can one build a highly available (HA) cluster in K8s?
To make Kubernetes fault-tolerant and resilient:
✅ Control Plane HA:
Run multiple master nodes (usually 3 or 5)
Place etcd in a cluster (odd number of members for quorum)
Use a load balancer in front of API servers
Store etcd data on persistent storage
✅ Worker Node HA:
Deploy workloads across multiple nodes, zones, and regions
Use ReplicaSets or Deployments with multiple replicas
Use Pod anti-affinity to spread replicas across nodes
✅ Network and Storage HA:
Use multi-zone storage backends
Use highly available CNI plugins and Ingress controllers
Q8: What is the role of ETCD in K8s?
etcd is a distributed key-value store that holds all cluster data:
Pod states
Configurations
Secrets
Node info
Events, etc.
The API Server is the only component that interacts directly with etcd.
It’s the “source of truth” for Kubernetes state.
It uses Raft consensus algorithm to ensure consistency across replicas.
🧩 If etcd fails or becomes corrupted, the entire cluster’s state is at risk — hence, regular backups are critical.
Q9: Explain what are Taints and Tolerations in K8s.
Used to control which Pods can be scheduled on which Nodes.
🧩 Taint (on Node):
Repels certain Pods from being scheduled unless they tolerate the taint.
kubectl taint nodes node1 key=value:NoSchedule
Meaning:
- Pods without a matching toleration won’t be scheduled on
node1.
🧩 Toleration (on Pod):
Allows specific Pods to “tolerate” that taint.
tolerations:
- key: "key"
operator: "Equal"
value: "value"
effect: "NoSchedule"
👉 Used for:
Dedicated nodes (e.g., GPU, logging, monitoring)
Isolating workloads for performance or security
Preventing regular workloads from landing on system nodes
✅ Summary Table
| Concept | Description |
| Deployment Cycle | Code → Image → Registry → K8s Manifests → Deployment → Pods |
| Container Best Practices | Lightweight, secure, non-root, stateless |
| Cluster Components | Control Plane (API, etcd, Scheduler, Controller) + Workers (Kubelet, Proxy) |
| Master Node Failure | Control plane unavailable, workloads keep running |
| Worker Node Failure | Pods rescheduled to healthy nodes |
| Ingress Controller | HTTP/HTTPS reverse proxy for routing traffic |
| HA Cluster | Multi-master + etcd cluster + load balancer |
| etcd | Cluster’s persistent key-value store |
| Taints/Tolerations | Control pod scheduling behavior |
Kubernetes Terminology
Cluster: A group of connected computers (nodes) that run applications.
Node: A single computer in a cluster that runs applications.
Pod: The smallest unit in Kubernetes that can run one or more containers.
Namespace: A way to divide resources in a cluster for different projects or teams.
Deployment: Manages a set of identical pods to ensure the correct number is running.
ReplicaSet: Ensures a specified number of pod copies are running at all times.
DaemonSet: Ensures a pod runs on all or some nodes.
StatefulSet: Manages stateful applications, keeping track of each pod’s identity.
Job: Runs a task until it completes successfully.
CronJob: Runs tasks on a scheduled basis, like a cron job in Unix.
Service: Exposes a set of pods as a network service.
Ingress: Manages external access to services, usually HTTP.
ConfigMap: Stores configuration data as key-value pairs.
Secret: Stores sensitive data, like passwords and tokens
Volume: Provides storage for containers.
Persistent Volume (PV): A piece of storage that an administrator sets up.
PersistentVolumeClaim (PVC): A request for storage by a user.
Kubelet: The agent that runs on each node to manage pods.
Kube-Proxy: Manages network rules on nodes.
Controller Manager: Manages controllers that regulate the state of the cluster.
Scheduler: Decides which nodes will run new pods.
Etcd: A key-value store that stores all cluster data.
Kubectl: The command-line tool that interacts with the Kubernetes API.
Helm: A package manager for Kubernetes applications.
Label: Key-value pairs are attached to objects to organize and select them.
Annotation: Metadata attached to objects to provide additional information.
Taints: Prevents specific pods from running on certain nodes.
Tolerations: Allows pods to run on nodes with specific taints.
Affinity/Anti-Affinity: Rules that specify which nodes can or cannot run specific pods.
Role-Based Access Control (RBAC): Manages who can do what in the cluster
ServiceAccount: An identity for processes running in pods to interact with the Kubernetes API.
ClusterRole: Defines permissions that apply across the entire cluster.
Role: Defines permissions within a specific namespace.
NetworkPolicy: Controls the traffic between pods in the cluster.
PodSecurityPolicy: Defines security rules that pods must follow.
PodDisruptionBudget (PDB): Limits the number of pods that can be unavailable during maintenance.
Ingress Controller: Manages Ingress resources to provide HTTP and HTTPS routing.
CoreDNS: A DNS server for the cluster, providing name resolution for services.
StorageClass: Describes different types of storage available in the cluster.
Init Containers: Special containers that run before the main containers in a pod start.
Sidecar Container: A helper container that runs alongside the main container in a pod.
Readiness Probe: Checks if a container is ready to start accepting traffic.
Liveness Probe: Checks if a container is still running and should be restarted if not.
Headless Service: A service without a cluster IP, used to directly access pods.
LoadBalancer Service: Exposes a service externally using a cloud provider's load balancer.
ClusterIP Service: Exposes a service internally within the cluster.
NodePort Service: Exposes a service on a static port on each node.
Endpoints: A list of IP addresses and ports that a service forwards traffic to.
Resource Quotas: Limits the amount of resources a namespace can use.
LimitRange: Defines resource usage limits for containers in a namespace.
Finalizer: Ensures that specific cleanup steps are completed before an object is deleted.
Horizontal Pod Autoscaler (HPA): Automatically scales the number of pods based on CPU/memory usage.
Vertical Pod Autoscaler (VPA): Adjusts the resource limits and requests for running pods.
Cluster Autoscaler: Automatically adjusts the size of the Kubernetes cluster by adding or removing nodes.
Affinity Rules: Specify rules about which nodes can host a pod.
Master Node: Controls and manages the Kubernetes cluster.
Worker Node: Runs applications and workloads in pods.
Helm Chart: Pre-configured Kubernetes resources packaged for easy deployment.
Kustomize: Tool for customizing Kubernetes YAML configurations.
Admission Controller: Intercepts requests to the Kubernetes API for validation and mutation.
Custom Resource Definition (CRD): Extends Kubernetes by defining custom resources.
Operator: Custom controllers for managing complex applications.
Kubeadm: A Tool for initializing and managing Kubernetes clusters.
Minikube: A Tool for running a single-node Kubernetes cluster locally for testing and development.
