35 Kubernetes Interview Questions and Answers

Kubernetes is an open-source container orchestration platform that automates the deployment, scaling, and management of containerized applications. It helps organizations efficiently manage clusters of containers in production environments.

Kubernetes has a master-worker architecture. The control plane (master) manages the cluster and makes global decisions, while worker nodes run the containerized applications. Key components include the API server, etcd, controller manager, scheduler, and kubelet.

A Pod is the smallest deployable unit in Kubernetes. It can contain one or more containers that share storage, network, and a specification for how to run the containers. Pods are ephemeral and are managed by controllers.

Kubernetes provides built-in service discovery and load balancing through Services. A Service exposes a set of Pods as a network service, and can distribute traffic among them using built-in load balancing.

A ReplicaSet ensures that a specified number of pod replicas are running at any given time. If a pod fails or is deleted, the ReplicaSet automatically creates a new one to maintain the desired state.

A Deployment is a higher-level abstraction that manages ReplicaSets and Pods. It provides declarative updates for Pods and ReplicaSets, allowing you to easily roll out, roll back, and scale applications.

A Namespace is a way to divide cluster resources between multiple users or teams. It provides a scope for names and helps organize resources in large clusters, enabling resource isolation and access control.

Kubernetes uses ConfigMaps to manage configuration data and Secrets to manage sensitive information like passwords and API keys. These can be injected into Pods as environment variables or mounted as files.

A Node is a physical or virtual machine that runs containerized applications. Each node contains the necessary services to run Pods and is managed by the control plane.

Kubernetes provides self-healing by automatically restarting failed containers, replacing and rescheduling Pods when nodes die, and killing containers that don't respond to user-defined health checks.

A StatefulSet is used for managing stateful applications, where each pod has a persistent identity and stable storage. Deployments are used for stateless applications, where pods are interchangeable. StatefulSets provide guarantees about the ordering and uniqueness of pods, which is essential for databases and other stateful workloads.

Kubernetes Deployments support rolling updates, allowing you to update applications with zero downtime by incrementally replacing pods with new versions. If an update fails, Kubernetes can automatically roll back to the previous stable version, ensuring application availability.

A DaemonSet ensures that a copy of a specific pod runs on all (or selected) nodes in the cluster. This is useful for running cluster-wide services like log collectors, monitoring agents, or network plugins that need to be present on every node.

Ingress is an API object that manages external access to services in a cluster, typically HTTP. It provides features like load balancing, SSL termination, and name-based virtual hosting. Unlike Services, which expose pods on a stable IP and port, Ingress allows fine-grained routing and centralized management of external access.

Pod-to-pod communication can be secured using Network Policies, which define rules for allowed traffic between pods based on labels and namespaces. Additionally, mutual TLS (mTLS) can be implemented using service meshes like Istio to encrypt and authenticate traffic between services.

etcd is a distributed key-value store that acts as the backing store for all cluster data, including configuration and state. If etcd fails, the cluster loses its source of truth, and the control plane cannot function properly. High availability and regular backups of etcd are critical for cluster reliability.

Resource usage can be restricted using resource requests and limits defined in pod specifications. Requests specify the minimum resources required, while limits set the maximum allowed. Additionally, ResourceQuotas can be applied at the namespace level to control aggregate resource consumption.

A Job is used to run a batch or finite task to completion, ensuring that a specified number of pods successfully terminate. Deployments, on the other hand, are used for long-running, stateless applications that need to be continuously available.

Zero-downtime deployments are achieved using rolling updates, readiness probes, and proper configuration of Deployments. Readiness probes ensure that traffic is only sent to healthy pods, while rolling updates gradually replace old pods with new ones without affecting service availability.

CRDs allow users to define their own custom resources in Kubernetes, extending the API to manage application-specific objects. This enables the creation of Operators and controllers that automate complex application lifecycle management beyond the built-in Kubernetes resources.

Kubernetes Operators are custom controllers that extend Kubernetes functionality to manage complex, stateful applications. They use Custom Resource Definitions (CRDs) to encode operational knowledge, automating tasks like backups, upgrades, and scaling, reducing manual intervention and human error.

Kubernetes supports multi-tenancy through Namespaces, RBAC, and Network Policies. Best practices include strict namespace isolation, granular RBAC permissions, network segmentation, resource quotas, and using admission controllers to enforce security policies.

Running Kubernetes in hybrid or multi-cloud setups involves federating clusters, synchronizing resources, and managing networking across environments. Challenges include consistent policy enforcement, network connectivity, identity management, and handling data locality and latency.

Troubleshooting involves checking pod-to-pod connectivity, service endpoints, DNS resolution, and network policies. Tools like kubectl, network plugins' diagnostics, and packet capture utilities help identify issues. Reviewing CNI plugin logs and cluster events is also essential.

Admission Controllers intercept API requests before persistence, allowing validation, mutation, or rejection of resources. They enforce policies like image whitelisting, resource limits, or security standards. Examples include PodSecurityPolicy, ValidatingWebhook, and MutatingWebhook.

The scheduler assigns pods to nodes based on resource requirements, constraints, affinity/anti-affinity rules, taints, and tolerations. It scores nodes using algorithms considering CPU, memory, topology, and custom policies, then selects the best fit for each pod.

High availability is achieved by running multiple control plane nodes and etcd members, using load balancers for API servers, and distributing nodes across failure domains. Regular etcd backups and monitoring are critical for disaster recovery.

Taints are applied to nodes to repel certain pods, while tolerations allow pods to be scheduled on tainted nodes. This mechanism is used to dedicate nodes for specific workloads, such as running only GPU-intensive jobs or isolating critical applications.

Kubernetes Secrets are base64-encoded and stored in etcd, which should be encrypted at rest and access-controlled. Limitations include lack of strong encryption by default and exposure to users with read access. Integrating with external secret management tools like HashiCorp Vault or AWS Secrets Manager enhances security.

Clusters can be scaled by adding/removing nodes (cluster autoscaler) and workloads by adjusting replica counts (horizontal pod autoscaler). Vertical scaling adjusts pod resources, and custom metrics can drive scaling decisions. Monitoring and resource planning are essential for efficient scaling.

Kubernetes supports stateful workloads using StatefulSets, PersistentVolumes, and PersistentVolumeClaims. Challenges include managing persistent storage, ensuring data consistency, handling failover, and orchestrating upgrades without data loss.

Privileged containers have unrestricted host access, increasing the risk of container breakout and host compromise. Security best practices include avoiding privileged mode, using PodSecurityPolicies, minimizing container capabilities, and running containers as non-root users.

Cluster upgrades involve upgrading control plane components, worker nodes, and workloads. Strategies include using rolling upgrades, cordoning and draining nodes, validating compatibility, and leveraging managed services that automate upgrades to minimize downtime.

A Service Mesh (e.g., Istio, Linkerd) provides advanced traffic management, security, and observability for microservices. It integrates with Kubernetes by injecting sidecar proxies into pods, enabling features like mTLS, traffic shaping, retries, and distributed tracing without modifying application code.

Effective monitoring uses tools like Prometheus for metrics, Grafana for visualization, and Alertmanager for notifications. Logging solutions like EFK (Elasticsearch, Fluentd, Kibana) or Loki aggregate and analyze logs. Integrating tracing tools and setting up cluster-wide dashboards ensures observability and rapid troubleshooting.