Here are some Kubernetes interview questions. Good Luck!
- What is Kubernetes?
- Explain the basics of Cluster Architecture and Components.
- What are the 2 types of nodes. Which components are running on each of them?
- Explain basic Kubernetes concepts.
- What are the pods?
- What are the nodes?
- What are the services?
- What are deployments?
- How to gracefully remove a node from Kubernetes?
- Kubernetes: how to scale my pods - Stack Overflow
- Expose Kubernetes services running on Amazon EKS clusters | AWS re:Post
- What is API Server?
- What is API Server endpoint?
- What are persistent volumes (PV) in a Kubernetes cluster?
- What Is Kubernetes StorageClass?
kubectl
- config
- How to list all contexts present in local kubectl config?
- How to add a new context?
- How to switch kubectl context?
- Introduction to kubectl | My Public Notepad
- kubernetes - How to switch kubectl clusters between gcloud and minikube - Stack Overflow
- What is the difference between kubectl create and kubectl apply?
Security
- What is role-based access control (RBAC)?
- What are Service Accounts?
- What are 2 distinct ways to authenticate to the API Server?
- How do SAs differ from User Accounts?
- What is their relation to API server, namespace, pods and processes in pods?
- What is a default Service Account? Who creates it and where? What are its permissions? Who it gets assigned to?
- What are use cases for SA?
- How to use service accounts? What is their typical lifecycle?
- How to grant permissions to a ServiceAccount?
- How to assign a ServiceAccount to a Pod?
- Service Accounts | Kubernetes
- Configure Service Accounts for Pods | Kubernetes
- What is Service Account Token?
- How to find its value from command line?
- What does this token contain?
- What is it used for?
- Where is it stored?
- How does pod get it how and when does pod use it?
- Service Accounts | Kubernetes
- What is the process of mounting SA token to a pod?
- Who does it and when?
- What is the path in a container to which token is mounted?
- Can auto-mounting of the token be disabled? How?
- What are the drawbacks of auto-mounting the default ServiceAccount Token in Kubernetes pods?
- What is the best practice around using Service Accounts?
- How to specify using a non-default SA?
- Can SA be changed for an existing pod?
- Auto-Mounting the Default ServiceAccount Token in Kubernetes Pods
- Best Practices for Deactivating Auto-Mount and Managing ServiceAccounts
- Configure Service Accounts for Pods | Kubernetes
- What are custom resources? [Custom Resources | Kubernetes]
- What are Controllers? [Controllers | Kubernetes]
- Explain controller pattern
- What is Kubernetes Operator pattern. [Operator pattern | Kubernetes, Kubernetes Operators: what are they? Some examples | CNCF]
Workloads
Cron Jobs
...
Daemon Sets
...
Deployments
- What happens if deployment fails for e.g. AWS Secrets Manager does not have a key in some secret and that key's value is used as a value of env var defined in pod template. Does k8s try to restart the pod? Which part of k8s control plane deals with this?
Jobs
...
Pods
- What are the IDs in the pod name like in this example: my-app-29361181-apzjq
- Explain each pod status type:
- ContainerCreating
- Completed
- Running
- Container
Replica Sets
...
Replication Controllers
...
Stateful Sets
...
Service
Ingresses
...
Ingress Classes
...
Services
- What are k8s services? Which problem do they solve and how?
- Write a typical Service manifest
- Are services namespace-specific? Explain
- How to use kubectl to:
- list all services in some namespace?
Config and Storage
Config Maps
Persistent Volume Claims
- How to check the total storage allocated for nodes in a cluster?
- Which kubectl command shows all PVCs?
- Explain each column that kubectl get pv shows in its output:
- NAME
- CAPACITY
- ACCESS MODES
- RECLAIM POLICY
- STATUS
- CLAIM
- STORAGECLASS
- VOLUMEATTRIBUTESCLASS
- REASON
- AGE
Secrets
Storage Classes
Cluster
Cluster Role Bindings
Cluster Roles
Events
Namespaces
Network Policies
Nodes
Persistent Volumes
Role Bindings
Roles
Service Accounts
Custom Resource Definitions
Debugging
- Pod stuck in CrashLoopBackOff, no logs, no errors.
- How do you debug beyond kubectl logs and describe?
- A StatefulSet pod won’t reattach its PVC after a node crash.
- How do you recover without recreating storage?
- Pods are Pending, Cluster Autoscaler won’t scale up.
- Walk me through your top 3 debugging steps.
- NetworkPolicy blocks cross-namespace traffic.
- How do you design least-privilege rules and test them safely?
- Service must connect to an external DB via VPN inside the cluster.
- How do you architect it for HA + security?
Security and Architecture
- Running a multi-tenant EKS cluster.
- How do you isolate workloads with RBAC, quotas, and network segmentation?
- Kubelet keeps restarting on one node.
- Where do you look first – systemd, container runtime, or cgroups?
- Critical pod got evicted due to node pressure.
- Explain QoS classes and eviction policies.
- A rolling update caused downtime.
- What went wrong in your readiness/startup probe or deployment config?
- Ingress Controller fails under load.
- How do you debug and scale routing efficiently?
Performance and Reliability
- Istio sidecar consumes more CPU than your app.
- How do you profile and optimise mesh performance?
- etcd is slowing down control plane ops.
- Root causes + how do you tune it safely?
- You must enforce images from a trusted internal registry only.
- Gatekeeper, Kyverno, or custom Admission Webhook – what’s your move?
- Pods stuck in ContainerCreating forever.
- CNI attach delay? OverlayFS corruption? Walk me through your root-cause process.
- Random DNS failures in Pods.
- How do you debug CoreDNS, kube-proxy, and conntrack interactions?
No comments:
Post a Comment