Share with friends

Calling all Kubernetes masters! Think you've got what it takes? This section dives into the deep end with security, troubleshooting, and all the new and exciting stuff happening in the Kubernetes world. Answering these questions will prove you're a pro and someone everyone wants on their team.

More on the topic

Kubernetes Interview Questions - Beginner Level

Kubernetes Interview Questions - Medium Level Part 1

Kubernetes Interview Questions - Medium Level Part 2

Kubernetes Interview Questions - Advanced Level Part 1

Kubernetes Interview Questions - Advanced Level Part 2

Kubernetes Interview Questions - Advanced Level Part 3

Kubernetes Interview Questions - Advanced Level Part 4

Medium Kubernetes Interview Questions Part 2

1. Explain the concept of a Kubernetes StatefulSet and how it differs from a Deployment.

A StatefulSet is a Kubernetes resource used for managing stateful applications. It guarantees the ordering and uniqueness of pods. Unlike Deployments, which treat pods as stateless and interchangeable, StatefulSets ensure each pod has a unique, persistent identity and stable network identity across restarts.

Example: Imagine you have a database cluster where each instance must maintain a unique identity (e.g., db-0, db-1, db-2). Using a Deployment for this setup would result in pods without guaranteed ordering or stable identities, potentially leading to data inconsistencies. With a StatefulSet, each pod retains its identity, ensuring the database cluster operates correctly.

2. What are Init Containers, and how do they differ from regular containers in a Pod?

Init Containers are like special containers that get to run before the main app containers in a pod. They perform initialization tasks, such as setting up filesystems or waiting for services to be up, ensuring the main app containers have the required prerequisites to start.

Example: Consider a web application that depends on configuration files generated by another service. An Init Container can be used to wait for the configuration service to be available and then fetch the configuration files before the main web server container starts.

3. How do you implement Blue-Green Deployments in Kubernetes?

Blue-Green Deployment is a strategy that reduces downtime and risk by running two environments: one (blue) running the current version and one (green) running the new version. In Kubernetes, this can be achieved using Services and Deployments.

Example:

  1. Deploy the new version (green) alongside the current version (blue) in a separate Deployment.
  2. Create a new Service pointing to the green Deployment.
  3. Gradually shift traffic from the blue Service to the green Service.
  4. Once satisfied with the new version, decommission the blue Deployment.

4. How do you handle secrets management in Kubernetes?

In Kubernetes, there's this nifty feature called "Secrets" that keeps your sensitive stuff, like passwords, OAuth tokens, and SSH keys, safe and sound. Secrets can be created using kubectl create secret and mounted as volumes or environment variables within pods.

Example:

kubectl create secret generic my-secret --from-literal=username=my-user --from-literal=password=my-pass

In your pod spec:

env:
- name: DB_USERNAME
 valueFrom:
   secretKeyRef:
     name: my-secret
     key: username
- name: DB_PASSWORD
 valueFrom:
   secretKeyRef:
     name: my-secret
     key: password

5. Explain the use of Network Policies in Kubernetes.

Network Policies in Kubernetes are used to control the traffic flow between pods and namespaces, enhancing security by defining rules for inbound and outbound traffic.

Example: To allow traffic only from pods with the label app=frontend to the pods with the label app=backend:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
 name: backend-policy
spec:
 podSelector:
   matchLabels:
     app: backend
 ingress:
 - from:
   - podSelector:
       matchLabels:
         app: frontend

6. What is a DaemonSet, and when would you use it?

A DaemonSet ensures that a copy of a pod runs on all (or some) nodes in a Kubernetes cluster. They are commonly used for logging, monitoring, or other node-level services.

Example: To deploy a log collector on all nodes:

apiVersion: apps/v1
kind: DaemonSet
metadata:
 name: log-collector
spec:
 selector:
   matchLabels:
     name: log-collector
 template:
   metadata:
     labels:
       name: log-collector
   spec:
     containers:
     - name: log-collector
       image: my-log-collector-image

7. How does Kubernetes handle persistent storage, and what are the different types of volumes available?

Kubernetes provides several types of volumes for persistent storage, including:

  • EmptyDir: A temporary directory shared among containers in a pod.
  • HostPath: Mounts a file or directory from the host node's filesystem.
  • PersistentVolume (PV) and PersistentVolumeClaim (PVC): Abstract storage resources with lifecycle independent of pods.

Example:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
 name: my-pvc
spec:
 accessModes:
   - ReadWriteOnce
 resources:
   requests:
     storage: 1Gi
---
apiVersion: v1
kind: Pod
metadata:
 name: my-pod
spec:
 containers:
 - name: my-container
   image: my-image
   volumeMounts:
   - mountPath: /data
     name: my-volume
 volumes:
 - name: my-volume
   persistentVolumeClaim:
     claimName: my-pvc

8. Describe the process of scaling applications in Kubernetes.

Scaling in Kubernetes involves adjusting the number of pod replicas. This can be done manually using kubectl scale or automatically with the Horizontal Pod Autoscaler (HPA).

Example: Manual scaling:

kubectl scale deployment my-app --replicas=10

Using HPA:

apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
 name: my-app-hpa
spec:
 scaleTargetRef:
   apiVersion: apps/v1
   kind: Deployment
   name: my-app
 minReplicas: 1
 maxReplicas: 10
 targetCPUUtilizationPercentage: 80

9. What is the role of a Kubernetes Ingress Controller?

An Ingress Controller manages access to the services in a Kubernetes cluster by providing HTTP and HTTPS routing. It allows you to define rules to route external HTTP/S traffic to internal services.

Example:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
 name: my-ingress
spec:
 rules:
 - host: myapp.example.com
   http:
     paths:
     - path: /
       pathType: Prefix
       backend:
         service:
           name: my-service
           port:
             number: 80

10. How do you manage resource limits in Kubernetes?

Resource limits in Kubernetes are defined using requests and limits in pod specifications. Requests guarantee the minimum resources, while limits cap the maximum usage.

Example:

apiVersion: v1
kind: Pod
metadata:
 name: resource-limits
spec:
 containers:
 - name: my-container
   image: my-image
   resources:
     requests:
       memory: "64Mi"
       cpu: "250m"
     limits:
       memory: "128Mi"
       cpu: "500m"

11. Explain the role of the Kubernetes API server.

The API server is the central management entity in Kubernetes. It exposes the Kubernetes API, processes REST operations, and updates the etcd key-value store. It also validates and configures data for the API objects.

Example: When you run kubectl get pods, the command communicates with the API server, which retrieves the information from etcd and returns the details of the pods.

12. How can you ensure high availability of your Kubernetes cluster?

High availability can be achieved by:

  • Deploying multiple master nodes.
  • Distributing nodes across different availability zones.
  • Using load balancers for API servers.
  • Implementing etcd clustering.

Example: If you're working in the cloud, you can use managed Kubernetes services like Google Kubernetes Engine (GKE) or Amazon EKS. These services come with built-in high availability features, so you don't have to worry about them.

13. What is the difference between Horizontal and Vertical Pod Autoscaling?

Horizontal Pod Autoscaling (HPA) adjusts the number of pod replicas based on resource utilization, while Vertical Pod Autoscaling (VPA) adjusts the resource requests and limits of containers in a pod.

Example: HPA:

apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
 name: my-app-hpa
spec:
 scaleTargetRef:
   apiVersion: apps/v1
   kind: Deployment
   name: my-app
 minReplicas: 1
 maxReplicas: 10
 targetCPUUtilizationPercentage: 80

VPA (simplified YAML example):

apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
 name: my-app-vpa
spec:
 targetRef:
   apiVersion: "apps/v1"
   kind:       Deployment
   name:       my-app
 updatePolicy:
   updateMode: "Auto"

14. What are Kubernetes ConfigMaps, and how do you use them?

ConfigMaps store configuration data as key-value pairs. They decouple environment-specific configurations from container images.

Example:

kubectl create configmap my-config --from-literal=key1=value1 --from-literal=key2=value2

In your pod spec:

env:
- name: CONFIG_KEY1
 valueFrom:
   configMapKeyRef:
     name: my-config
     key: key1
- name: CONFIG_KEY2
 valueFrom:
 

configMapKeyRef:
     name: my-config
     key: key2

15. How does Kubernetes handle container restarts?

Kubernetes restarts containers based on their restartPolicy, which can be Always, OnFailure, or Never.

Example: A pod with a restart policy of Always will have its containers restarted indefinitely if they fail or stop:

apiVersion: v1
kind: Pod
metadata:
 name: my-pod
spec:
 restartPolicy: Always
 containers:
 - name: my-container
   image: my-image

16. Describe the Kubernetes Job and CronJob resources.

Jobs manage batch tasks by creating one or more pods to perform them, ensuring completion. CronJobs schedule jobs to run periodically at specified times.

Example: Job:

apiVersion: batch/v1
kind: Job
metadata:
 name: my-job
spec:
 template:
   spec:
     containers:
     - name: my-container
       image: my-image
     restartPolicy: OnFailure

CronJob:

apiVersion: batch/v1beta1
kind: CronJob
metadata:
 name: my-cronjob
spec:
 schedule: "*/5 * * * *"
 jobTemplate:
   spec:
     template:
       spec:
         containers:
         - name: my-container
           image: my-image
         restartPolicy: OnFailure

17. How do you debug a Kubernetes pod that is not starting?

To debug a pod that is not starting:

  1. Check pod status with kubectl get pods.
  2. Describe the pod to view detailed information with kubectl describe pod <pod-name>.
  3. Check pod logs with kubectl logs <pod-name>.

Example: If a pod is stuck in Pending state, kubectl describe pod <pod-name> might reveal that it's due to insufficient resources. Adjusting resource requests/limits or freeing up resources can resolve the issue.

18. What is the purpose of the Kubernetes scheduler?

The Kubernetes scheduler is like a matchmaker for pods and nodes. It pairs them up based on who has the resources and who needs them, making sure everyone's happy and has what they need. It ensures optimal distribution of workload and adherence to policies.

Example: If a pod requests a specific amount of CPU and memory, the scheduler selects a node that meets these requirements and places the pod there.

19. How can you secure a Kubernetes cluster?

Securing a Kubernetes cluster involves:

  • Using Role-Based Access Control (RBAC) to restrict permissions.
  • Enabling network policies to control traffic flow.
  • Encrypting secrets and sensitive data.
  • Regularly updating and patching components.
  • Using admission controllers for policy enforcement.

Example: To limit access to a specific namespace, create an RBAC policy:

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
 namespace: my-namespace
 name: my-role
rules:
- apiGroups: [""]
 resources: ["pods"]
 verbs: ["get", "watch", "list"]

20. What are Kubernetes Taints and Tolerations, and how do they work?

Taints prevent pods from being scheduled on certain nodes unless the pods have corresponding Tolerations.

Example: Taint a node:

kubectl taint nodes my-node key=value:NoSchedule

Add a toleration to a pod:

tolerations:
- key: "key"
 operator: "Equal"
 value: "value"
 effect: "NoSchedule"

21. Explain the role of etcd in a Kubernetes cluster.

etcd is a distributed key-value store that stores all cluster data, including configurations, state, and metadata. It ensures consistency and reliability across the cluster.

Example: When a pod is created, the configuration is stored in etcd. The API server retrieves this information to manage the pod lifecycle.

22. How do you perform rolling updates in Kubernetes?

Rolling updates are performed using kubectl set image or by updating the deployment spec. This ensures zero downtime by incrementally updating pods.

Example:

kubectl set image deployment/my-deployment my-container=my-image:v2

23. What is a Kubernetes Service, and what are the different types available?

A Service abstracts access to a group of pods, enabling load balancing and discovery. The types include:

  • ClusterIP: Default, accessible only within the cluster.
  • NodePort: Exposes the service on each node's IP at a static port.
  • LoadBalancer: Provisions an external load balancer.
  • ExternalName: Maps to an external DNS name.

Example:

apiVersion: v1
kind: Service
metadata:
 name: my-service
spec:
 selector:
   app: my-app
 ports:
 - protocol: TCP
   port: 80
   targetPort: 8080
 type: ClusterIP

24. How do you implement resource quotas in Kubernetes?

Resource quotas limit the resource usage (CPU, memory, object count) within a namespace.

Example:

apiVersion: v1
kind: ResourceQuota
metadata:
 name: my-quota
spec:
 hard:
   pods: "10"
   requests.cpu: "4"
   requests.memory: "8Gi"
   limits.cpu: "10"
   limits.memory: "16Gi"

25. Describe the Kubernetes Pod lifecycle and the different phases.

The Pod lifecycle includes phases such as Pending, Running, Succeeded, Failed, and Unknown. Each phase indicates the current status of the pod.

Example:

  • Pending: Pod has been accepted but not yet running.
  • Running: Pod has been bound to a node and containers are running.
  • Succeeded: All containers have successfully terminated.
  • Failed: All containers have terminated with at least one failure.
  • Unknown: Pod status could not be obtained.

26. What is the purpose of Kubernetes Labels and Selectors?

Labels are key-value pairs attached to Kubernetes objects for identification. Selectors are used to query objects based on their labels.

Example: Label a pod:

metadata:
 labels:
   app: my-app

Select pods with a specific label:

selector:
 matchLabels:
   app: my-app

27. How do you monitor Kubernetes clusters?

Monitoring involves tracking cluster health, performance, and resource usage using tools like Prometheus, Grafana, and Kubernetes Dashboard.

Example: Prometheus can be deployed to scrape metrics from nodes and pods, while Grafana visualizes these metrics in dashboards.

28. Explain the concept of Service Mesh in Kubernetes.

A Service Mesh manages microservices communication, providing features like load balancing, traffic management, and security. Istio is a popular service mesh for Kubernetes.

Example: Istio can be used to implement traffic routing rules, ensuring requests are distributed across multiple versions of a service for A/B testing.

29. What is the difference between a Deployment and a ReplicaSet?

A Deployment manages ReplicaSets and provides declarative updates to applications, while a ReplicaSet ensures a specified number of pod replicas are running.

Example: Deployments allow rolling updates and rollbacks, making them suitable for managing application lifecycles.

30. How do you handle node failures in Kubernetes?

Kubernetes automatically handles node failures by rescheduling pods on healthy nodes using the node controller. Pods running on the failed node are detected and recreated elsewhere.

Example: If a node becomes unresponsive, the node controller marks it as NotReady, and the scheduler starts placing new pods on available nodes.

31. What are Custom Resource Definitions (CRDs) in Kubernetes?

**With Custom Resource Definitions (CRDs), you can create your own resource types and extend the Kubernetes API. This lets you manage your custom applications and workflows in a way that works best for you.

Example: Creating a CRD for a custom resource called MyResource:

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
 name: myresources.mygroup.example.com
spec:
 group: mygroup.example.com
 versions:
 - name: v1
   served: true
   storage: true
 scope: Namespaced
 names:
   plural: myresources
   singular: myresource
   kind: MyResource
   shortNames:
   - mr

32. How do you perform canary deployments in Kubernetes?

Canary deployments are a cool way to introduce new app versions to a tiny group of users before unleashing it on everyone. This can be achieved using Deployments and Services.

Example:

  1. Create a new Deployment for the canary version.
  2. Split traffic using a Service with multiple backend versions.
  3. Gradually increase traffic to the canary version based on performance and stability.

33. Explain the Kubernetes Pod Security Policies (PSPs).

Pod Security Policies (PSPs) are cluster-level resources that control security-sensitive aspects of pod specifications. They define the conditions pods must meet to be accepted into the cluster.

Example: A PSP might restrict pods from running as the root user:

apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
 name: restricted-psp
spec:
 privileged: false
 runAsUser:
   rule: Must

RunAsNonRoot
 seLinux:
   rule: RunAsAny
 supplementalGroups:
   rule: RunAsAny
 fsGroup:
   rule: RunAsAny

34. How do you handle multi-tenancy in Kubernetes?

Multi-tenancy can be handled using namespaces, RBAC, network policies, and resource quotas to isolate and manage resources for different tenants.

Example: Create a namespace for each tenant and apply resource quotas and network policies to ensure isolation and resource limits:

apiVersion: v1
kind: Namespace
metadata:
 name: tenant-namespace

35. Describe the concept of Federation in Kubernetes.

Federation enables the management of multiple Kubernetes clusters from a single control plane, providing a unified view and ensuring consistency across clusters.

Example: Federation can be used to deploy applications across multiple regions for high availability and disaster recovery.

36. How do you manage cluster upgrades in Kubernetes?

Cluster upgrades involve updating the control plane and worker nodes. This can be done using tools like kubeadm, kops, or managed services that provide automated upgrades.

Example: With kubeadm, you can upgrade the control plane by following the upgrade documentation, ensuring minimal downtime and maintaining compatibility.

37. What is a Kubernetes Operator, and how does it work?

An Operator is a custom controller that extends Kubernetes functionality, managing complex applications and automating operational tasks.

Example: An Operator for a database might handle tasks like backup, restore, scaling, and updates, ensuring the database runs smoothly within the cluster.

38. Explain the use of Kubernetes Admission Controllers.

Admission Controllers are API request-intercepting plugins, for modifying or validating them before they are persisted. They enforce policies and enhance security.

Example: A MutatingAdmissionWebhook might inject sidecar containers into pods for logging or monitoring:

apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
 name: my-webhook
webhooks:
 - name: my-webhook.example.com
   clientConfig:
     service:
       name: my-webhook-service
       namespace: my-namespace
     caBundle: <ca-bundle>
   rules:
     - apiGroups: [""]
       apiVersions: ["v1"]
       operations: ["CREATE"]
       resources: ["pods"]

39. How do you handle data backup and restore in Kubernetes?

Data backup and restore can be managed using tools like Velero, which supports backup and recovery of Kubernetes clusters, including persistent volumes.

Example: Velero can be used to create scheduled backups of cluster resources and persistent volumes, providing a safety net for disaster recovery.

40. What is the role of the kube-proxy component?

kube-proxy maintains network rules on nodes, enabling communication between services and pods. It implements load balancing and network policies.

Example: kube-proxy uses iptables or IPVS to route traffic to the appropriate pod, ensuring service discovery and load balancing.

41. How do you handle configuration changes in a running Kubernetes application?

Configuration changes can be managed using ConfigMaps and Secrets, updating them as needed and triggering rolling updates of deployments to apply the changes.

Example: Updating a ConfigMap and triggering a rolling update:

kubectl create configmap my-config --from-literal=key1=new-value1
kubectl rollout restart deployment my-deployment

42. Explain the use of Helm in Kubernetes.

Helm, a package manager for Kubernetes, facilitates the deployment, versioning, and management of applications through the utilization of charts. These charts serve as collections of files that provide a comprehensive description of a specific set of resources.

Example: To deploy an application using Helm:

helm install my-release my-chart

43. How do you implement logging and monitoring in Kubernetes?

Logging and monitoring can be implemented using tools like Fluentd for log aggregation, Prometheus for metrics collection, and Grafana for visualization.

Example: Deploying Prometheus and Grafana for monitoring cluster metrics:

kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/master/bundle.yaml
kubectl apply -f https://raw.githubusercontent.com/grafana/grafana/master/deploy/kubernetes/grafana.yaml

44. What are the benefits of using Kubernetes namespaces?

Namespaces provide a way to divide cluster resources between multiple users, ensuring isolation, resource management, and access control.

Example: Creating a namespace for a development environment:

kubectl create namespace dev

45. How do you handle service discovery in Kubernetes?

Service discovery in Kubernetes is managed using DNS and environment variables. Services are assigned a DNS name and can be discovered by other pods.

Example: A service named my-service in the default namespace can be accessed using my-service.default.svc.cluster.local.

46. What is the purpose of Kubernetes Annotations?

Annotations store arbitrary non-identifying metadata, such as build information, contact details, or pointers to external resources.

Example: Adding annotations to a pod:

metadata:
 annotations:
   build.version: "1.0.0"
   contact.email: "[email protected]"

47. Explain the concept of Kubernetes RBAC.

Role-Based Access Control (RBAC) manages permissions within a cluster, defining roles and role bindings to control access to resources.

Example: Creating a role and role binding to allow read access to pods:

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
 namespace: default
 name: pod-reader
rules:
- apiGroups: [""]
 resources: ["pods"]
 verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
 name: read-pods
 namespace: default
subjects:
- kind: User
 name: jane
 apiGroup: rbac.authorization.k8s.io
roleRef:
 kind: Role
 name: pod-reader
 apiGroup: rbac.authorization.k8s.io

48. How do you use Kubernetes Volumes for persistent storage?

Kubernetes Volumes provide persistent storage for pods. They can be backed by different storage types, such as NFS, AWS EBS, or GCE Persistent Disk.

Example: Using an AWS EBS volume in a pod:

apiVersion: v1
kind: Pod
metadata:
 name: my-pod
spec:
 containers:
 - name: my-container
   image: my-image
   volumeMounts:
   - mountPath: /data
     name: my-ebs-volume
 volumes:
 - name: my-ebs-volume
   awsElasticBlockStore:
     volumeID: <volume-id>
     fsType: ext4

49. Describe the Kubernetes lifecycle hooks.

Lifecycle hooks allow you to execute code at specific points in a container's lifecycle, using PostStart and PreStop hooks.

Example: Adding lifecycle hooks to a container:

lifecycle:
 postStart:
   exec:
     command: ["/bin/sh", "-c", "echo Hello World"]
 preStop:
   exec:
     command: ["/bin/sh", "-c", "echo Goodbye World"]

50. How do you use Kubernetes ConfigMaps to manage application configuration?

ConfigMaps are like little storage boxes that keep configuration data in a key-value format. You can plug them into containers as volumes or even sneak them in as environment variables.

Example: Creating a ConfigMap and using it in a pod:

kubectl create configmap my-config --from-literal=key1=value1

In your pod spec:

env:
- name: CONFIG_KEY1
 valueFrom:
   configMapKeyRef:
     name: my-config
     key: key1

51. What are Kubernetes Probes and how do they work?

Probes are used to check the health of containers. Kubernetes has three types of probes: liveness, readiness, and startup.

Example: Adding probes to a container:

livenessProbe:
 httpGet:
   path: /healthz
   port: 8080
 initialDelaySeconds: 3
 periodSeconds: 3
readinessProbe:
 httpGet:
   path: /readiness
   port: 8080
 initialDelaySeconds: 3
 periodSeconds: 3

52. Explain the concept of Kubernetes Horizontal Pod Autoscaler (HPA).

HPA automatically scales the number of pod replicas based on observed CPU utilization or other custom metrics.

Example:

apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
 name: my-app-hpa
spec:
 scaleTargetRef:
   apiVersion: apps/v1
   kind: Deployment
   name: my-app
 minReplicas: 1
 maxReplicas: 10
 targetCPUUtilizationPercentage: 80

53. How do you implement a Kubernetes StatefulSet?

A StatefulSet manages stateful applications, ensuring pod uniqueness and ordered, graceful deployment and scaling.

Example:

apiVersion: apps/v1
kind: StatefulSet
metadata:
 name: my-statefulset
spec:
 serviceName: "my-service"
 replicas: 3
 selector:
   matchLabels:
     app:

my-app
 template:
   metadata:
     labels:
       app: my-app
   spec:
     containers:
     - name: my-container
       image: my-image
       volumeMounts:
       - name: my-storage
         mountPath: /data
 volumeClaimTemplates:
 - metadata:
     name: my-storage
   spec:
     accessModes: ["ReadWriteOnce"]
     resources:
       requests:
         storage: 1Gi

54. What is the Kubernetes Cluster Autoscaler?

Cluster Autoscaler makes sure your cluster is the right size for the job. It adds or takes away nodes based on how much work needs to be done.

Example: Cluster Autoscaler can be deployed using Helm, adjusting the number of nodes based on the resource needs of scheduled pods.

55. Explain the Kubernetes Ingress resource.

An Ingress component facilitates external access to services while offering load balancing, SSL termination, and the capability to host virtual websites based on domain names.

Example:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
 name: my-ingress
spec:
 rules:
 - host: my-app.example.com
   http:
     paths:
     - path: /
       pathType: Prefix
       backend:
         service:
           name: my-service
           port:
             number: 80

56. How do you manage Kubernetes secrets?

Secrets store sensitive information, such as passwords or tokens, securely.

Example: Creating a secret and using it in a pod:

kubectl create secret generic my-secret --from-literal=username=admin --from-literal=password=secret

In your pod spec:

env:
- name: USERNAME
 valueFrom:
   secretKeyRef:
     name: my-secret
     key: username
- name: PASSWORD
 valueFrom:
   secretKeyRef:
     name: my-secret
     key: password

57. What is the purpose of the Kubernetes DaemonSet?

A DaemonSet ensures that a copy of a pod runs on all (or some) nodes in the cluster. It is typically used for cluster-wide services.

Example: Deploying a logging agent on all nodes:

apiVersion: apps/v1
kind: DaemonSet
metadata:
 name: logging-agent
spec:
 selector:
   matchLabels:
     app: logging-agent
 template:
   metadata:
     labels:
       app: logging-agent
   spec:
     containers:
     - name: logging-agent
       image: logging-agent:latest

58. Explain the concept of Network Policies in Kubernetes.

Network Policies control the communication between pods and other network endpoints based on rules.

Example: Allowing traffic from pods with a specific label:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
 name: allow-app
spec:
 podSelector:
   matchLabels:
     app: my-app
 ingress:
 - from:
   - podSelector:
       matchLabels:
         app: my-app
   ports:
   - protocol: TCP
     port: 80

59. How do you use Kubernetes Persistent Volumes and Persistent Volume Claims?

Persistent Volumes (PVs) and Persistent Volume Claims (PVCs) are like storage spaces for your pods. They keep your data safe, even when your pods come and go.

Example: Creating a PV and a PVC:

apiVersion: v1
kind: PersistentVolume
metadata:
 name: my-pv
spec:
 capacity:
   storage: 5Gi
 accessModes:
   - ReadWriteOnce
 persistentVolumeReclaimPolicy: Retain
 nfs:
   path: /mnt/data
   server: nfs-server.example.com
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
 name: my-pvc
spec:
 accessModes:
   - ReadWriteOnce
 resources:
   requests:
     storage: 5Gi

60. What is the purpose of Kubernetes Resource Limits and Requests?

Resource limits and requests define the minimum and maximum amount of CPU and memory a container can use. They ensure fair resource allocation and prevent resource contention.

Example:

resources:
 requests:
   memory: "64Mi"
   cpu: "250m"
 limits:
   memory: "128Mi"
   cpu: "500m"

61. How do you implement blue-green deployments in Kubernetes?

Blue-green deployments involve running two identical environments (blue and green) and switching traffic between them to achieve zero-downtime updates.

Example:

  1. Deploy the new version (green) alongside the existing version (blue).
  2. Switch the service to point to the green deployment.
  3. After verifying the new version, delete the blue deployment.

Next Steps

Kubernetes Interview Questions - Beginner Level

Kubernetes Interview Questions - Medium Level Part 1

Kubernetes Interview Questions - Medium Level Part 2

Kubernetes Interview Questions - Advanced Level Part 1

Kubernetes Interview Questions - Advanced Level Part 2

Kubernetes Interview Questions - Advanced Level Part 3

Kubernetes Interview Questions - Advanced Level Part 4

Share with friends

Priyansh Khodiyar's profile

Written by Priyansh Khodiyar

Priyansh is the founder of UnYAML and a software engineer with a passion for writing. He has good experience with writing and working around DevOps tools and technologies, APMs, Kubernetes APIs, etc and loves to share his knowledge with others.

Life is better with cookies 🍪

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt out if you wish. Cookie Policy