Kubernetes Interview Questions

Here are some Kubernetes interview questions. Good Luck!

• What is Kubernetes?
• Explain the basics of Cluster Architecture and Components.
• What are the 2 types of nodes. Which components are running on each of them?
• Explain basic Kubernetes concepts.
• What are the pods?
• What are the nodes?
• What are the services?
• What are deployments?
• How to gracefully remove a node from Kubernetes? 
• How to gracefully remove a node from Kubernetes? - Stack Overflow
• Kubernetes: how to scale my pods - Stack Overflow
• Expose Kubernetes services running on Amazon EKS clusters | AWS re:Post
• What is API Server?
• What is API Server endpoint?
• What are persistent volumes (PV) in a Kubernetes cluster?
• What Is Kubernetes StorageClass?
• Kubernetes StorageClass: Concepts and Common Operations

kubectl

• How to list all contexts present in local kubectl config?
• How to switch kubectl context?
• Introduction to kubectl | My Public Notepad
• kubernetes - How to switch kubectl clusters between gcloud and minikube - Stack Overflow 
• What is the difference between kubectl create and kubectl apply?

Security

• What is role-based access control (RBAC)?
• What are Service Accounts?
• What are 2 distinct ways to authenticate to the API Server?
• How do SAs differ from User Accounts?
• What is their relation to API server, namespace, pods and processes in pods?
• What is a default Service Account? Who creates it and where? What are its permissions? Who it gets assigned to?
• What are use cases for SA?
• How to use service accounts? What is their typical lifecycle?
• How to grant permissions to a ServiceAccount?
• How to assign a ServiceAccount to a Pod?
• Service Accounts | Kubernetes
• Configure Service Accounts for Pods | Kubernetes
• What is Service Account Token?
• How to find its value from command line?
• What does this token contain?
• What is it used for?
• Where is it stored?
• How does pod get it how and when does pod use it?
• Service Accounts | Kubernetes
• What is the process of mounting SA token to a pod? 
• Who does it and when? 
• What is the path in a container to which token is mounted?
• Can auto-mounting of the token be disabled? How?
• Configure Service Accounts for Pods | Kubernetes
• What are the drawbacks of auto-mounting the default ServiceAccount Token in Kubernetes pods?
• What is the best practice around using Service Accounts?
• How to specify using a non-default SA? 
• Can SA be changed for an existing pod?
• Auto-Mounting the Default ServiceAccount Token in Kubernetes Pods
• Best Practices for Deactivating Auto-Mount and Managing ServiceAccounts
• Configure Service Accounts for Pods | Kubernetes
• What are custom resources? [Custom Resources | Kubernetes]
• What are Controllers? [Controllers | Kubernetes]
• Explain controller pattern
• What is Kubernetes Operator pattern. [Operator pattern | Kubernetes, Kubernetes Operators: what are they? Some examples | CNCF]

Workloads

Cron Jobs

...

Daemon Sets

...

Deployments

• What happens if deployment fails for e.g. AWS Secrets Manager does not have a key in some secret and that key's value is used as a value of env var defined in pod template. Does k8s try to restart the pod? Which part of k8s control plane deals with this?

Jobs

...

Pods

...

Replica Sets

...

Replication Controllers

...

Stateful Sets

...

Service

Ingresses

...

Ingress Classes

...

Services

• What are k8s services? Which problem do they solve and how?
• Introduction to Kubernetes Services | My Public Notepad
• Write a typical Service manifest
• Are services namespace-specific? Explain
• How to use kubectl to:
• list all services in some namespace?

Config and Storage

Config Maps

Persistent Volume Claims

Secrets

Storage Classes

Cluster

Cluster Role Bindings

Cluster Roles

Events

Namespaces

Network Policies

Nodes

Persistent Volumes

Role Bindings

Roles

Service Accounts

Custom Resource Definitions

...

Debugging

• Pod stuck in CrashLoopBackOff, no logs, no errors.
• How do you debug beyond kubectl logs and describe?
• A StatefulSet pod won’t reattach its PVC after a node crash.
• How do you recover without recreating storage?
• Pods are Pending, Cluster Autoscaler won’t scale up.
• Walk me through your top 3 debugging steps.
• NetworkPolicy blocks cross-namespace traffic.
• How do you design least-privilege rules and test them safely?
• Service must connect to an external DB via VPN inside the cluster.
• How do you architect it for HA + security?

Security and Architecture

• Running a multi-tenant EKS cluster.
• How do you isolate workloads with RBAC, quotas, and network segmentation?
• Kubelet keeps restarting on one node.
• Where do you look first – systemd, container runtime, or cgroups?
• Critical pod got evicted due to node pressure.
• Explain QoS classes and eviction policies.
• A rolling update caused downtime.
• What went wrong in your readiness/startup probe or deployment config?
• Ingress Controller fails under load.
• How do you debug and scale routing efficiently?

Performance and Reliability

• Istio sidecar consumes more CPU than your app.
• How do you profile and optimise mesh performance?
• etcd is slowing down control plane ops.
• Root causes + how do you tune it safely?
• You must enforce images from a trusted internal registry only.
• Gatekeeper, Kyverno, or custom Admission Webhook – what’s your move?
• Pods stuck in ContainerCreating forever.
• CNI attach delay? OverlayFS corruption? Walk me through your root-cause process.
• Random DNS failures in Pods.
• How do you debug CoreDNS, kube-proxy, and conntrack interactions?

To Be Continued...