Best 50 Kubernetes Interview Questions

Home Education Best 50 Kubernetes Interview Questions
Untitled design 9 1
Best 50 Kubernetes Interview Questions 14

Top 50 Kubernetes Interview Questions

1.What’s Kubernetes?

Kubernetes is a distributed open-source technology that helps us to deploy, scheduling ,scalaing and load balance of  application containers within and across clusters. A Kubernetes cluster consists of two types of resources:

The Master => Coordinates all activities in the cluster, for example, => scheduling applications, maintaining applications’ state, scaling applications, and rolling out new updates

Nodes => A node is an instance of an OS that serves as a worker machine in a Kubernetes cluster.

Also, Node will have two components 

Kubelet => Agent for managing and communicating with the master agent will run each and every node

Tool (Docker/containers) => Tools for running container operations

2. How to do maintenance activity on the K8 node?

Whenever there are security patches available the Kubernetes administrator has to perform the maintenance task to apply the security patch to the running container in order to prevent it from vulnerability, which is often an unavoidable part of the administration. The following two commands are useful to safely drain the K8s node.

Kubetctl get pods

Kubectl get nodes

kubectl cordon (Make node in maintenance mode)

kubectl drain nodename –ignore-daemon set

1 1

The first command moves the node to maintenance mode or makes the node unavailable, it will move all the pods to different node with in the cluster . After the drain command is a success you can perform maintenance.

Note: If you wish to perform maintenance on a single pod following two commands can be issued in order:

Once you move verify the pods moved to different node

2 1

Once the maintenance is done do uncordon

3 2

 How is Kubernetes related to Docker?

It’s a known fact that Docker provides the lifecycle management of containers and a Docker image builds the runtime containers. But, since these individual containers have to communicate, Kubernetes is used. So, Docker builds the containers and these containers communicate with each p via Kubernetes. So, containers running on multiple hosts can be manually linked and orchestrated using Kubernetes

3.How do we control the resource usage of POD?

With the use of limit and request resource usage of a POD can be controlled.Apply Pod Security Standards at the Cluster Level. Apply Pod Security Standards at the Namespace Level. Restrict a Container’s Access to Resources with AppArmor. Restrict a Container’s Syscalls with seccomp.

4.what are the various K8’s services running on nodes and describe the role of each service?

Mainly K8 cluster consists of two types of nodes, executor and master.

Executor node: (This runs on master node)

Kube-proxy: This service is responsible for the communication of pods within the cluster and to the outside network, which runs on every node. This service is responsible to maintain network protocols when your pod establishes a network communication.

kubelet: agent for managing and communicating with the master agent will run each and every node that updates the running node accordingly with the configuration(YAML or JSON) file. NOTE: kubelet service is only for containers created by Kuberne

Master services:

Kube-apiserver: Master API service which acts as an entry point to K8 cluster. Api server responsible for getting all requests.Once api receive the requets it will pass to controller manager. responsible for establishing communication between Kubernetes Node and the Kubernetes master components.

Kube-scheduler: Schedule PODs on to the node as per available resources and keeps tracks of the resource utilization on executor nodes.

Kube-controller-manager:  controllers are control loops that watch the state of your cluster, then make or request changes where needed. Each controller tries to move the current cluster state closer to the desired state

or

responsible for receiving the request from  api and performing the required tasks.

5

ETCD:

Distributed key values store where it store all cluster configuration data

5.What is PDB (Pod Disruption Budget)?

A Kubernetes administrator can create a deployment of a kind: PodDisruptionBudget for high availability of the application, it makes sure that the minimum number is running pods are respected as mentioned by the attribute minAvailable spec file. This is useful while performing a drain where the drain will halt until the PDB is respected to ensure the High Availability(HA) of the application. The following spec file also shows minAvailable as 2 which implies the minimum number of an available pod (even after the election).

kubectl get pdb –all-namespaces

A typical pdb looks like

apiVersion: policy/v1

kind: PodDisruptionBudget

metadata:

  name: pdb

spec:

  minAvailable: 1

  selector:

    matchLabels:

      app: nginx

PDBs prevent server downtime/outages by shutting down too many pods at a given period. 

In practical terms, a PDB maintains the minimum amount of pods required to support an SLA (service-level agreement) without incurring losses

6.What’s the init container and when it can be used?

Init containers are specialized containers that run before application containers in a pod. Init containers can contain utilities or custom scripts  that are not present in an app image. init containers will set a stage for you before running the actual POD. For example, there is no need to make an image FROM another image

apiVersion: v1

kind: Pod

metadata:

  name: simple-pod1

  labels:

    purpose: initContainers-demo

spec:

  initContainers:

  – name: init-busybox1

    image: busybox

    command: [“echo”,”I am init-conatiner”]

  – name: init-busybox2

    image: busybox

    command: [“sleep”,”30″]

  containers:

  – name: main-busybox

    image: busybox

    command: [“echo”,”Hello main container”]

  restartPolicy: Never

Now bring this pod up and you must get similar output

$ kubectl apply -f simple-pod.yml

pod/simple-pod1 created

//you can see the status of init-container

$ kubectl get pods

NAME          READY   STATUS     RESTARTS   AGE

simple-pod1   0/1     Init:0/1   0          27s

//and the pod comes to the the completion after a minimun of 30s (sleep time of second init-container)

$ kubectl get po

NAME          READY   STATUS      RESTARTS   AGE

simple-pod1   0/1     Completed   0          36s

7.What is the role of Load Balance in Kubernetes?

Load balancing is a way to distribute the incoming traffic into multiple backend servers, which is useful to ensure the application available to the users.

Load Balancer

In Kubernetes, as shown in the above figure all the incoming traffic lands to a single IP address on the load balancer which is a way to expose your service to outside the internet which routes the incoming traffic to a particular pod (via service) using an algorithm known as round-robin. Even if any pod goes down load balances are notified so that the traffic is not routed to that particular unavailable node. Thus load balancers in Kubernetes are responsible for distributing a set of tasks (incoming traffic) to the pods.

8.What are the various things that can be done to increase Kubernetes security?

By default, POD can communicate with any other POD, we can set up network policies to limit this communication between the PODs.

RBAC (Role-based access control) to narrow down the permissions.

Use namespaces to establish security boundaries.

Set the admission control policies to avoid running the privileged containers.

Turn on audit logging

9. How to monitor the Kubernetes cluster?

Prometheus is used for Kubernetes monitoring. The Prometheus ecosystem consists of multiple components.

Mainly Prometheus server which scrapes and stores time-series data.

Client libraries for instrumenting application code.

Push gateway for supporting short-lived jobs.

Special-purpose exporters for services like StatsD, HAProxy, Graphite, etc.

An alert manager to handle alerts on various support tools.

4 Kubernetes Monitoring Best Practices

  1. Automatically Detect Application Issues by Tracking the API Gateway for Microservices. Granular resource metrics (memory, CPU, load, etc.) …
  2. Always Alert on High Disk Utilization. …
  3. Monitor End-User Experience when Running Kubernetes. …
  4. Prepare Monitoring for a Cloud Environment.

9. How to get the central logs from POD?

This architecture depends upon the application and many other factors. Following are the common logging patterns

Node level logging agent.

Streaming sidecar container.

Sidecar container with the logging agent.

Export logs directly from the application.

In the setup, journalbeat and filebeat are running as daemonset. Logs collected by these are dumped to the kafka topic which is eventually dumped to the ELK stack.

The same can be achieved using EFK stack and fluentd-bit

10.Why use namespaces? What is the problem with using the default namespace?

Namespaces are a way to organize clusters into virtual sub-clusters — they can be helpful when different teams or projects share a Kubernetes cluster. Any number of namespaces are supported within a cluster, each logically separated from others but with the ability to communicate with each other.

11.What is an Operator?

“Operators are software extensions to K8s which make use of custom resources to manage applications and their components. Operators follow Kubernetes principles, notably the control loop.”

or 

A Kubernetes operator is an application-specific controller that extends the functionality of the Kubernetes API to create, configure, and manage instances of complex applications on behalf of a Kubernetes user.

12.why do we require operator?

By removing difficult manual application management tasks, Kubernetes operators make these processes scalable, repeatable, and standardized. For application developers, operators make it easier to deploy and run the require operations.

13.How to run Kubernetes locally?

Kubernetes can be set up locally using the Minikube tool. It runs a single-node bunch in a VM on the computer.

14. What is Kubernetes Load Balancing?

Load Balancing is one of the most common and standard ways of exposing the services. There are two types of load balancing in K8s and they are:

Internal load balancer – This type of balancer automatically balances loads and allocates the pods with the required incoming load.

External Load Balancer – This type of balancer directs the traffic from the external loads to backend pod

15.What is the difference between Docker Swarm and Kubernetes?

6

16.How to troubleshoot if the POD is not getting scheduled?

In K8’s scheduler is responsible to spawn pods into nodes. There are many factors that can lead to unstartable POD. The most common one is running out of resources, use the commands like kubectl describe <POD> -n <Namespace> to see the reason why POD is not started. Also, keep an eye on kubectl to get events to see all events coming from the cluster.

17.How to run a POD on a particular node?

nodeName: specify the name of a node in POD spec configuration, it will try to run the POD on a specific node.

You can add the nodeSelector field to your Pod specification and specify the node labels you want the target node to have.

18. What are the different ways to provide external network connectivity to K8?

By default, POD should be able to reach the external network but vice-versa we need to make some changes. Following options are available to connect with POD from the outer world.

Nodeport (it will expose one port on each node to communicate with it)

Load balancers (L4 layer of TCP/IP protocol)

Ingress (L7 layer of TCP/IP Protocol)

Another method is to use Kube-proxy which can expose a service with only cluster IP on the local system port.

19. How can we forward the port ‘8080 (container) -> 8080 (service) -> 80

$ kubectl proxy –port=8080 $ http://localhost:8080/api/v1/proxy/namespaces//services/:/

20.What does controller manager do?

After receiving the request from api server controller manager analyze and take the action

21.what does ci contain?

build it+dockerise tha pplication+test and scan and convert to artefactory(artefact nothing but build package)

22.what does cd(continuous deploy) contain?

deploy artifact to server (in older days) recently we use docker or kubernetes

23. What is kubectl?

kubectl is a utility to connect the kubernetes cluster; it provides CLI to pass the commands over the kubernetes cluster with various way to create and manage kubernetes components.

24.what is a replica set?

Replica set is used to manage group of nodes and which help to scale up and scale down incase pod crashes automatically it creates new pod.

25. what is blue and green environment?

The blue/green step copies your existing deployment and changes its version, creating a second one with the updated Docker image. Note: At this point, both versions (old and new) of your application are deployed in the Kubernetes cluster. All live traffic is still routed to the old application.

26.What is Blue-Green deployment in Devops?

Blue/green deployments enable you to launch a new version (green) of your application alongside the old version (blue), and monitor and test the new version before you reroute traffic to it, rolling back on issue detection.

27.what is service?

service is a kuernetes object responsible for communicating with the end points.

def: service is used to connect application with in the cluster and outside cluster.

types of service:

7

1.cluster ip:

The ClusterIP provides a load-balanced IP address. One or more pods that match a label selector can forward traffic to the IP address. The ClusterIP service must define one or more ports to listen on with target ports to forward TCP/UDP traffic to containers

2.node port:

A NodePort is an open port on every node of your cluster. Kubernetes transparently routes incoming traffic on the NodePort to your service, even if your application is running on a different node.

3.load balanacer?

A load balancer is one of the most common and standard ways of exposing service. There are two types of load 

balancer used based on the working environment i.e. either the Internal Load Balancer or the External Load Balancer. The Internal Load Balancer automatically balances load and allocates the pods with the required configuration whereas the External Load Balancer directs the traffic from the external load to the backend pods.

28.what is namespace?

Namespaces are a way to organize clusters into virtual sub-clusters — they can be helpful when different teams or projects share a Kubernetes cluster. Any number of namespaces are supported within a cluster, each logically separated from others but with the ability to communicate with each other.

29.what is daemonset and why to use?

daemonset is a process if you create daemon process of type(router and network) automatically that process will be copied on all worker nodes.When you add any new node to cluster automatically process will be created on the new worker node.

30.what node affinity?

Node affinity is a set of rules used by the scheduler to determine where the pod can be placed and rules defined base on labels and selector specified in pods.

31.what is pod affinity?

Pod affinity/anti-affinity allows you to constrain which nodes your pod is eligible to be scheduled on based on the labels on other pods

32.how to do the upgrade of the kubernetes cluster and worker node?

first upgrade kubeadm client

upgrade kubenetescluser with kubeadm

upgrade kubelet

note: always do the upgrade in sequential manner

During worker node upgrade cluster will try to move the pod from one worker node to different worknode once upgrade done it move backs the node original worker node in other scenario it will create two worker nodes then move the pods then delete the old worker nodes.

kubeadm version

cat /etc/os-release

to upgrade:

yum install kubeadm-1.21.11-0 –disableexcludes=kubernetes

33.what are sidecar containers?

sidecar containers also called multi containers where two containers will be maintained in the pod one is the main container having the application and the other one can be used for monitoring purposes it shares pod storage and network volumes.

use case:

will use it for monitoring purposes where other containers share the logs to central logging.

34.what is a static pod?

You will create a static pod definition in the worker node even if your control plane down also reads the definition and provision the application.when you create a new node also it can create mirror data of application to new node.

Or

Static pods are managed directly by kubelet daemon on a specific node, without API server observing it. It does not have associated any replication controller, kubelet daemon itself watches it and restarts it when it crashes. There is no health check though. Static pods are always bound to one kubelet daemon and always run on the same node with it.

https://unofficial-kubernetes.readthedocs.io/en/latest/concepts/cluster-administration/static-pod/

apiVersion: v1

kind: Pod

metadata:

  name: static-web

  labels:

    role: myrole

spec:

  containers:

    – name: web

      image: nginx

      ports:

        – name: web

          containerPort: 80

          protocol: TCP

35.what is the config map?

it is used to store configuration files to maintain the application, config map always overwrite the values which are present on local 

why to use config map?

keep your application code separate from your configuration

36.what is statefulset?

used to manage stateful applications  and provides guarantees about the ordering and uniqueness of these Pods. Like a Deployment, a StatefulSet manages Pods that are based on an identical container spec.

StatefulSet is the workload API object used to manage stateful applications. Manages the deployment and scaling of a set of Pods, and provides guarantees about the ordering and uniqueness of these Pods. Like a Deployment, a StatefulSet manages Pods that are based on an identical container spec

37.difference between deployement and statefulset?

Deployments are used for stateless applications, StatefulSets used or stateful applications. The pods in a deployment are interchangeable, whereas the pods in a StatefulSet are not. Deployments require a service to enable interaction with pods, while a headless service handles the pods’ network ID in StatefulSets

Or

A StatefulSet is better suited to stateful workloads that require persistent storage on each cluster node, such as databases and other identity-sensitive workloads. A Deployment, on the other hand, is suitable for stateless workloads that use multiple replicas of one pod, such as web servers like Nginx and Apache

38.

8

39

9

40.What is heapster?

Its a monitoring and event data tool and it support kubetnetes and its run on each and every pod in the cluster. 

41.What is a Headless Service?

Headless Service is similar to that of a ‘Normal’ services but does not have a Cluster IP. This service enables you
A diagram of a security system
Description automatically generated with low confidence

43.What are federated clusters?

Multiple Kubernetes clusters can be managed as a single cluster with the help of federated clusters.

44.what is PV and PVC?

PVs are cluster resources provisioned by an administrator, whereas PVCs are a user’s request for storage and resources. PVCs consume PVs resources, but not vice versa. 

45.what is taint and toleration:

Taints are opposite to node affinity which allows the nodes to repel set of pods.

  • Toleration is applied to pods and allows (but does not require) the pods to schedule onto nodes with matching taints.
  • Node affinity makes sure that pods are scheduled in particular nodes. 
10
11

Need Of Taint and Toleration:

Nodes with different Hardware: If you have a node that has different hardware (example: GPU ) and you want to schedule only the pods on it which need GPU. Example: Consider there are 2 applications APP 1: A simple dashboard application and APP 2: A data-intensive application both has different CPU and memory requirements. APP1 does not require much memory and CPU whereas APP 2 needs high memory and  CPU (GPU machine ). Now with help of taints and tolerations + Node affinity, we can make sure that APP 2 is deployed on a node that has high CPU and memory, while APP1 can be scheduled on any Node with low CPU and Memory.

Limit the number of pods in a node: If you want a node to schedule a certain number of pods to reduce the load on that node then Taints/Tolerations + Node Affinity can help us achieve it. Example: Consider there is a pod that consists of a database application that needs to be fast in queries the data and highly available.  So, we will dedicate a node with high memory and CPU for this pod. Now the node will have only one pod in it, which makes it faster and more efficient to use node resources. 

 46.which deployment strategy use in dveops?

A deployment strategy is a way to change or upgrade an application. The aim is to make the change without downtime in a way that the user barely notices the improvements. The most common strategy is to use a blue-green deployment.

47.what is ingress?

Kubernetes Ingress is an API object that provides routing rules to manage external users’ access to the services in a Kubernetes cluster, typically via HTTPS/HTTP. With Ingress, you can easily set up rules for routing traffic without creating a bunch of Load Balancers or exposing each service on the node

48.what is headless service?

With a Headless Service, clients can connect to it’s pods by connecting to the service’s DNS name. But using headless services

49.Difference between config maps and secrets?

Config maps ideally stores application configuration in a plain text format whereas Secrets store sensitive data like password in an encrypted format.

Both config maps and secrets can be used as volume and mounted inside a pod through a pod definition file.

50.what is readiness probe?

readinessProbe. Indicates whether the container is ready to respond to requests. If the readiness probe fails, the endpoints controller removes the Pod’s IP address from the endpoints of all Services that match the Pod.

51.what is livenessprobe?

Indicates whether the application is running or not in aContainer in healthy state. If the liveness probe fails, the kubelet kills the Container, and the Container is subjected to its restart policy. If a Container does not provide a liveness probe, the default state is Success

52.how to access other pods in a cluster?

Run a pod, and then connect to a shell in it using kubectl exec. Connect to other nodes, pods, and services from that shell.

53.How to get pod ip address?

Kuectll exec -it podname /bin/bash

Then run ipaddress

54. how you will make sure that in rolling update strategy 2 pods are always available?

Rolling Deployment. A rolling deployment is the default deployment strategy in Kubernetes. It replaces the existing version of pods with a new version, updating pods slowly one by one, without cluster downtime.

12
  • maxSurge: The number of pods that can be created above the desired amount of pods during an update

55) crashloopbackoff, what are the possible reasons?

A CrashLoopBackOff error can happen for several reasons, such as:

CrashLoopBackOff is a Kubernetes state representing a restart loop that is happening in a Pod: a container in the Pod is started, but crashes and is then restarted, over and over again. Kubernetes will wait an increasing back-off time between restarts to give you a chance to fix the error.

An error happens when deploying the software.

General system misconfiguration.

Incorrect assigned managed identity on your Pod.

Incorrect configuration of container or Pod parameters.

Lack of memory resources.

56) why you are using 3 master node in production?

A multi-master setup protects against a wide range of failure modes,By providing redundancy, a multi-master cluster serves a highly available system for your end users.

57) how you will make sure that pod should be running on a specific node?

You can add the nodeSelector field to your Pod specification and specify the node labels you want the target node to have. Kubernetes only schedules the Pod onto nodes that have each of the labels you specify.

58) how to check what are the activities performed by the container while creating the pod?

Once the scheduler assigns a Pod to a Node, the kubelet starts creating containers for that Pod using a container runtime. There are three possible container states: Waiting , Running , and Terminated . To check the state of a Pod’s containers, you can use kubectl describe pod <name-of-pod>

59) how to get the ip of a pod ?

kubectl exec -it pod /bin/bash

kubectl get pod command -o wide

60) which network plugin you are using?

You must use a CNI plugin that is compatible with your cluster and that suits your needs.

61) how you are monitoring the kubernetes cluster and the containers

Kubernetes cluster is by using a combination of Heapster to collect metrics, InfluxDB to store it in a time series database, and Grafana to present and aggregate the collected information

62) Job should be terminated after 40 seconds ? 

ActiveDeadLineSeconds: 40

63.how to rollback the deployment?

kubectl rollout undo command

64) what is the reason for pod eviction?

due to unavailability of resources like memory and diskspace which make node press as pod is evicted still it use kubernetes resources

65) pod is in pending state ,what are the possible reasons?

due to insufficient resources

66) Update the password in secret without restarting the pod or deployment ,is it possible ?

Currenly when updating a kubernetes secrets file, in order to apply the changes, I need to run kubectl apply -f my-secrets.yaml. If there was a running container, it would still be using the old secrets. In order to apply the new secrets on the running container, I currently run the command kubectl replace -f my-pod.yaml

Or

If you are mounting the secret as a volume into your pod, when the secret is updated the content will be updated in your pod, without the pod restarting.

67) 2 containers are running inside a pod if one container goes down then will it affect other running container?

No

68.which storage class type used in your project?

In Kubernetes, the most basic type of storage is non-persistent—also known as ephemeral. Each container has ephemeral storage by default—this storage uses a temporary directory on the machine that hosts the Kubernetes pod. 

69.what is service account usage?

Giving authorization to services to use your kubernetes cluster

70.Once the deployment is done how can you access the application

Couple of methods by creating a service using node port from that you can able to access application or with ingress controller you can access your application out side of the cluster.

71.what is cluster ip?

If you have a data base that should not be access from outside world so basically it will access with in the cluster.

72. How to copy the files to pod?

  1. Copy files from your local machine to the container(pod) using the command: kubectl cp /<path-to-your-file>/<file-name> <pod-name>:<folder>/<file-name> -c <container-name>

Other answers helm and config maps.

73.how to make sure that application up and running?

By using readiness and live probs?

74.Can you deploy the nodes on master ?

Yes its possible but one node will be training by default.

75.Where to get complete kubernetes cluster logs?

Here’s how you can look at these logs.

  1. Default Logs. kubectl logs podname -n namespace. The above kubectl command shows you the logs of the pod in the specified namespace. …
  2. Specific Container Logs. kubectl logs podname -n namespace -c container_name. …
  3. All Containers. Kubectl logs podname -n namespace –all-containers=true.

If yo want Demo on Kubernetes contact us

Leave a Reply

Your email address will not be published. Required fields are marked *