23 Kubernetes Interview Questions and Answers

Kubernetes has emerged as the leading container orchestration platform, revolutionizing the way applications are deployed, scaled, and managed. Its ability to automate deployment, manage containerized applications, and optimize resource utilization makes it indispensable in modern DevOps practices. Kubernetes is open-source and supported by a robust community, ensuring continuous improvements and a wealth of resources for users.

This article offers a curated selection of Kubernetes interview questions designed to test your understanding and proficiency with the platform. By familiarizing yourself with these questions and their answers, you will be better prepared to demonstrate your expertise and problem-solving abilities in a Kubernetes-focused interview setting.

Kubernetes Interview Questions and Answers

1. Explain the role of the kube-apiserver in a Kubernetes cluster.

The kube-apiserver is the central component of the Kubernetes control plane, serving as the front-end for the Kubernetes API. It processes RESTful API requests, maintains cluster state by interacting with etcd, and handles authentication, authorization, and admission control. It also supports API aggregation for extending Kubernetes with custom resources.

2. What is a ConfigMap and how is it used?

A ConfigMap stores non-confidential data in key-value pairs, allowing configuration to be managed separately from application code. This decoupling facilitates updates without rebuilding container images. ConfigMaps can be referenced in a Pod’s configuration to provide environment variables or configuration files.

Example:

apiVersion: v1
kind: ConfigMap
metadata:
name: example-config
data:
database_url: "mongodb://localhost:27017"
feature_flag: "true"

To use this ConfigMap in a Pod:

apiVersion: v1
kind: Pod
metadata:
name: example-pod
spec:
containers:
- name: example-container
image: example-image
env:
- name: DATABASE_URL
valueFrom:
configMapKeyRef:
name: example-config
key: database_url
- name: FEATURE_FLAG
valueFrom:
configMapKeyRef:
name: example-config
key: feature_flag

3. What is a Secret and why would you use one?

A Secret stores sensitive information like passwords and tokens, enhancing security by keeping such data separate from application code. Secrets are base64-encoded and can be mounted as files or exposed as environment variables to the pods that need them. They provide a secure way to manage sensitive data, allowing for decoupling and fine-grained access control.

4. What is the purpose of Namespaces?

Namespaces provide resource isolation, allowing for separate environments within the same cluster. They enable resource quotas, access control, and logical organization of resources, such as separating development, testing, and production environments.

5. What is a Persistent Volume and how does it differ from a Persistent Volume Claim?

A Persistent Volume (PV) is a storage resource provisioned in the cluster, independent of any pod lifecycle. A Persistent Volume Claim (PVC) is a user’s request for storage, consuming PV resources. When a PVC is created, Kubernetes binds it to a suitable PV, ensuring storage availability for the requesting pod.

6. What is a StatefulSet and when would you use one?

A StatefulSet manages stateful applications, providing stable network identities and storage. It ensures ordered deployment, scaling, and updates, making it suitable for applications like databases and distributed systems that require consistent identity and state.

StatefulSets are ideal for applications needing stable storage and unique network identifiers, such as databases and distributed systems.

7. What is a DaemonSet and what is its primary use case?

A DaemonSet ensures a copy of a pod runs on all (or some) nodes in a cluster. It is used for deploying system-level services like log collection daemons, monitoring agents, and network plugins that need to run on every node.

DaemonSets are useful for tasks requiring consistent deployment across all nodes, ensuring necessary services are running cluster-wide.

8. What are Jobs and CronJobs and how do they differ?

A Job ensures a specified number of pods successfully terminate, suitable for tasks like batch processing. A CronJob runs on a schedule, similar to Unix cron, for recurring tasks like backups. Jobs execute immediately, while CronJobs follow a predefined schedule.

9. What is an Ingress resource and what problem does it solve?

An Ingress resource manages external access to services, typically HTTP and HTTPS, by defining routing rules based on host and path. It consolidates external access management, reducing the need for multiple load balancers.

Example:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example-ingress
spec:
rules:
- host: example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: example-service
port:
number: 80

10. What is RBAC and why is it important?

RBAC, or Role-Based Access Control, defines roles and assigns them to users or groups, specifying permissions for actions on resources. It enhances security by limiting access, aids compliance, simplifies permission management, and scales with organizational growth.

11. What is a Custom Resource Definition (CRD) and how is it used?

A Custom Resource Definition (CRD) extends the Kubernetes API, allowing users to create custom resources that behave like native Kubernetes objects. CRDs enable custom controllers and operators to automate complex application management by defining new resource types and ensuring desired state matches actual state.

12. What is a Helm chart and how does it simplify application deployment?

A Helm chart is a blueprint for deploying applications, containing resource definitions for Kubernetes. Helm charts ensure consistent deployment, promote reusability, support versioning, and simplify configuration management and dependency handling.

13. How does Kubernetes handle networking between Pods?

Kubernetes uses a flat network model, where each Pod has a unique IP address, enabling seamless communication. Container Network Interface (CNI) plugins provide networking capabilities, while Services offer stable IPs and DNS names for accessing Pods, with kube-proxy managing network rules.

14. What are some best practices for securing a cluster?

Securing a Kubernetes cluster involves several practices:

• Use RBAC for permissions and ensure authentication.
• Implement network policies for traffic control.
• Store sensitive data in Secrets, ensuring encryption and restricted access.
• Enforce pod security policies to control security contexts.
• Use trusted container images and scan for vulnerabilities.
• Enable audit logging for tracking access and changes.
• Implement monitoring and alerts for incident detection.
• Keep the cluster updated with security patches.

15. How can you monitor and log activities in a cluster?

Monitoring and logging are essential for cluster health. Prometheus collects metrics, which can be visualized with Grafana. The ELK stack (Elasticsearch, Logstash, Kibana) or Fluentd can be used for logging. Kubernetes also provides built-in logging capabilities accessible via kubectl.

16. What are some common troubleshooting techniques for issues in a cluster?

Troubleshooting techniques include:

• Inspecting Pod logs with kubectl logs.
• Describing resources using kubectl describe.
• Checking Pod status with kubectl get pods.
• Examining events with kubectl get events.
• Using port forwarding for local access.
• Checking node and cluster health with kubectl get nodes and kubectl top.
• Running network diagnostics with kubectl exec.
• Verifying ConfigMaps and Secrets.
• Reviewing Deployment and ReplicaSet status.
• Using monitoring and logging tools for deeper insights.

17. Write a YAML file to create a Role and a RoleBinding that grants read access to Pods in a specific Namespace.

To create a Role and a RoleBinding that grants read access to Pods in a specific Namespace:

# Role definition
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: example-namespace
name: pod-reader
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "watch", "list"]

# RoleBinding definition
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: read-pods
namespace: example-namespace
subjects:
- kind: User
name: example-user
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: Role
name: pod-reader
apiGroup: rbac.authorization.k8s.io

18. Write a YAML file to create a Namespace and then create a Pod within that Namespace.

To create a Namespace and a Pod within it:

Namespace YAML:

apiVersion: v1
kind: Namespace
metadata:
name: my-namespace

Pod YAML:

apiVersion: v1
kind: Pod
metadata:
name: my-pod
namespace: my-namespace
spec:
containers:
- name: my-container
image: nginx

19. Write a YAML file to create a Persistent Volume and a Persistent Volume Claim.

To create a Persistent Volume and a Persistent Volume Claim:

apiVersion: v1
kind: PersistentVolume
metadata:
name: my-pv
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/mnt/data"

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: my-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi

20. Write the commands to deploy an application using a Helm chart.

To deploy an application using a Helm chart:

# Add the Helm repository
helm repo add stable https://charts.helm.sh/stable

# Update the local repository cache
helm repo update

# Install the chart
helm install my-release stable/my-chart

21. Describe Kubernetes Operators and their role in managing complex applications.

Kubernetes Operators extend functionality to manage complex applications by automating deployment, scaling, and management tasks. They use CRDs and Controllers to ensure the desired state of applications matches the actual state, reducing manual intervention and applying best practices consistently.

22. Explain the Horizontal Pod Autoscaler (HPA) and how it works.

The Horizontal Pod Autoscaler (HPA) automatically scales pods based on metrics like CPU utilization. It adjusts the number of replicas to handle varying loads efficiently, scaling out during high loads and scaling in to save resources during low loads.

Example:

apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
name: example-hpa
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: example-deployment
minReplicas: 1
maxReplicas: 10
targetCPUUtilizationPercentage: 50

23. What are Kubernetes Admission Controllers and why are they important?

Kubernetes Admission Controllers intercept API server requests, modifying or rejecting them based on criteria. They enforce security policies, resource management, and organizational policies, maintaining a consistent cluster state.