Kubernetes Interview Master

Kubernetes (K8s) is an open-source container orchestration platform that automates the deployment, scaling, and management of containerized applications.

As applications grew from single monoliths to microservices, managing thousands of containers manually became impossible. Kubernetes provides a framework to run...

Kubernetes follows a client-server architecture. It has a control plane (Master Node) consisting of kube-apiserver, etcd, kube-scheduler, and kube-controller-ma...

A Pod is the smallest and simplest execution unit in Kubernetes. It encapsulates one or more containers, storage resources, a unique network IP, and options tha...

A Node is a worker machine in Kubernetes (previously known as a minion). It may be a VM or a physical machine, depending on the cluster. Each node contains the ...

The kubelet is the primary 'node agent' that runs on each worker node. It registers the node with the apiserver and ensures that containers described in PodSpec...

kube-proxy is a network proxy that runs on each node in your cluster, implementing part of the Kubernetes Service concept. It maintains network rules on nodes, ...

The API server is the front end for the Kubernetes control plane. It exposes the Kubernetes API, handles REST operations, and provides the frontend to the clust...

etcd is a consistent, highly-available key-value store used as Kubernetes' backing store for all cluster data. It holds the desired state and current state of t...

The scheduler watches for newly created Pods that have no Node assigned. For every unassigned Pod, the scheduler finds the best Node for that Pod to run on base...

A ReplicaSet's purpose is to maintain a stable set of replica Pods running at any given time. It guarantees the availability of a specified number of identical ...

A Deployment provides declarative updates for Pods and ReplicaSets. You describe a desired state in a Deployment, and the Deployment Controller changes the actu...

A Service is an abstract way to expose an application running on a set of Pods as a network service. It provides a stable IP address and DNS name to access the ...

The main types are: ClusterIP (default, internal only), NodePort (exposes on each Node's IP at a static port), LoadBalancer (provisions a cloud provider's load ...

Namespaces provide a mechanism for isolating groups of resources within a single cluster. They are intended for use in environments with many users spread acros...

kubectl is the command-line tool for interacting with the Kubernetes API server. It allows you to run commands against Kubernetes clusters to deploy apps, inspe...

You use the `kubectl get pods` command.

kubectl get pods

You use the `--all-namespaces` or `-A` flag.

kubectl get pods -A

The container runtime is the software that is responsible for running containers. Kubernetes supports several runtimes: containerd, CRI-O, and any implementatio...

Minikube is a tool that allows you to run a single-node Kubernetes cluster locally on your personal computer (including Windows, macOS, and Linux PCs) so that y...

A DaemonSet ensures that a copy of a Pod runs on all (or some) Nodes in the cluster. As nodes are added to the cluster, Pods are added to them. It is typically ...

StatefulSet is the workload API object used to manage stateful applications. It manages the deployment and scaling of a set of Pods, and provides guarantees abo...

Labels are key/value pairs attached to objects, such as pods, used to specify identifying attributes. Label Selectors are the core grouping primitive in Kuberne...

A ConfigMap is an API object used to store non-confidential data in key-value pairs. Pods can consume ConfigMaps as environment variables, command-line argument...

A Secret is an object that contains a small amount of sensitive data such as a password, a token, or a key. This allows you to manage sensitive information sepa...

A Rolling Update allows Deployments' update to take place with zero downtime by incrementally replacing Pods instances with new ones. The new Pods are scheduled...

Ingress is an API object that manages external access to the services in a cluster, typically HTTP/HTTPS. It provides load balancing, SSL termination, and name-...

An Ingress controller is responsible for fulfilling the Ingress, usually with a load balancer (like NGINX or HAProxy). Unlike other controllers that run as part...

A Liveness probe checks if a container is running. If it fails, kubelet kills the container and it is subject to its restart policy. A Readiness probe checks if...

A Job creates one or more Pods and ensures that a specified number of them successfully terminate. It tracks successful completions. When a specified number of ...

A CronJob creates Jobs on a repeating schedule. It is meant for performing regular scheduled actions such as backups, report generation, etc., similar to the `c...

RBAC is a method of regulating access to computer or network resources based on the roles of individual users within an enterprise. In Kubernetes, it uses Role,...

A Role always sets permissions within a particular namespace; when you create a Role, you have to specify the namespace it belongs in. A ClusterRole, by contras...

A PersistentVolume (PV) is a piece of storage in the cluster that has been provisioned by an administrator or dynamically via Storage Classes. It is an abstract...

A PersistentVolumeClaim (PVC) is a request for storage by a user. It is similar to a Pod (Pods consume node resources, PVCs consume PV resources). PVCs can requ...

A StorageClass provides a way for administrators to describe the "classes" of storage they offer. It enables dynamic provisioning of PersistentVolumes. When a P...

Helm is a package manager for Kubernetes. Helm uses a packaging format called charts (a collection of files that describe a related set of Kubernetes resources)...

HPA automatically updates a workload resource (like a Deployment or StatefulSet), aiming to automatically scale the workload to match demand based on observed C...

The Cluster Autoscaler automatically adjusts the size of the Kubernetes cluster (adding or removing nodes) when there are pods that failed to run due to insuffi...

A Headless Service is a service where `clusterIP` is set to `None`. It does not allocate an IP address or provide load balancing. Instead, it allows direct acce...

Taints allow a node to repel a set of pods (node says "don't schedule here"). Tolerations are applied to pods, and allow them to schedule onto nodes with matchi...

Node affinity is a set of rules used by the scheduler to determine where a pod can be placed. It allows you to constrain which nodes your pod is eligible to be ...

These allow you to constrain which nodes your pod is eligible to be scheduled on based on labels on *other pods* that are already running on the node, rather th...

Init containers are specialized containers that run before app containers in a Pod. They can contain utilities or setup scripts not present in an app image. The...

A Service Account provides an identity for processes that run in a Pod. When you access the cluster (e.g., using kubectl), you are authenticated by the apiserve...

Requests specify the minimum resources guaranteed for a container. The scheduler uses requests to find a node. Limits specify the maximum resources a container ...

A Pod that houses multiple tightly coupled containers sharing resources (like network namespace and volumes). Common patterns include sidecar (e.g., logging age...

In Kubernetes, the pause container (sometimes called the infra container) serves as the 'parent container' for all containers in a Pod. Its primary roles are to...

You can use the `kubectl rollout undo` command to rollback a deployment to a previous revision/state.

kubectl rollout undo deployment/my-deployment

kubeadm is a tool built to provide `kubeadm init` and `kubeadm join` as best-practice "fast paths" for creating Kubernetes clusters. It performs the actions nec...

If the control plane fails, you cannot deploy new Pods, scale applications, or change the cluster state. However, the existing Pods on worker nodes will continu...

Admission controllers intercept requests to the API server prior to persistence. Mutating controllers may modify the objects they admit (e.g., injecting sidecar...

Kubernetes uses CoreDNS (by default). When a Service is created, a DNS record is created (e.g., `my-svc.my-namespace.svc.cluster.local`). Pods can resolve this ...

The CRD API allows you to create custom resources. They are extensions of the Kubernetes API. Once you install a CRD in the cluster, the API server handles the ...

Operators are software extensions to Kubernetes that make use of custom resources (CRDs) to manage applications and their components. They encapsulate human ope...

By default, pods are non-isolated (they accept traffic from any source). NetworkPolicies allow you to specify how a pod is allowed to communicate with various n...

Pod Priority enables you to indicate the importance of a Pod relative to other Pods via PriorityClasses. Preemption is the mechanism where the scheduler evicts ...

1. The pod state is set to Terminating. 2. PreStop hook (if defined) executes. 3. SIGTERM is sent to the main process in each container. 4. Simultaneously, the ...

A PDB limits the number of Pods of a replicated application that are down simultaneously from voluntary disruptions (like node draining during upgrades). It ens...

You cordon the node (marking it unschedulable). Then you drain the node (`kubectl drain`), which safely evicts all pods (respecting PDBs). High-availability dep...

CNI is a Cloud Native Computing Foundation project containing specifications and libraries for writing plugins to configure network interfaces in Linux containe...

CSI is a standard for exposing arbitrary block and file storage storage systems to containerized workloads on Kubernetes. It moves storage volume plugins out of...

etcd holds the entire cluster state. If etcd is lost without a backup, the cluster is irrecoverable. Backing up etcd requires using `etcdctl snapshot save`. It ...

A service mesh (like Istio or Linkerd) is a dedicated infrastructure layer for handling service-to-service communication. It intercepts traffic (usually by inje...

Unlike Deployments which share exactly the same PVCs among replicas, StatefulSets feature a `volumeClaimTemplates` field. It dynamically provisions a unique PV/...

OOMKilled stands for Out Of Memory Killed. It happens when a container tries to consume more memory than its assigned `limits.memory` in the Pod spec, causing t...

A LimitRange is a policy to constrain resource allocations (to Pods or Containers) in a namespace. It is used to enforce minimum/maximum resource usage per cont...

While LimitRange applies constraints to individual Pods/Containers, a ResourceQuota provides constraints that limit aggregate resource consumption per Namespace...

In the default `iptables` proxy mode, kube-proxy watches the control plane for Service and Endpoint objects. It then creates iptables rules on the host node to ...

Ephemeral containers are a special type of container that runs temporarily in an existing Pod to accomplish user-initiated actions such as troubleshooting or de...

It determines when kubelet should attempt to pull the image: `Always` (pull every time, forces registry check), `IfNotPresent` (pull only if not cached locally)...

EndpointSlices provide a more scalable and extensible alternative to Endpoints. In large clusters, a single Endpoints object containing thousands of IPs becomes...

Kubernetes uses PKI (Public Key Infrastructure) internally. Components authenticate to the API server using x509 certificates. The cluster has a CA (Certificate...

Server-Side Apply moves the responsibility of merging and conflict resolution of object configuration from the `kubectl` client to the Kubernetes API server its...

The Downward API allows containers to consume information about themselves or the cluster without coupling to the Kubernetes API. You can expose details like th...

You use the `--force` and `--grace-period=0` flags.

kubectl delete pod <pod-name> --grace-period=0 --force

You use the `kubectl top` command (requires metrics-server to be installed).

kubectl top pods

Use `kubectl logs` and specify the container name using the `-c` flag.

kubectl logs <pod-name> -c <container-name>

1. Check the logs (`kubectl logs pod-name`). 2. Look at previous container logs (`kubectl logs pod-name --previous`). 3. Describe the pod to see events (`kubect...

Use the imperative `kubectl run` command.

kubectl run test-pod --image=nginx --restart=Never

Use `kubectl exec` with the interactive (`-it`) flags.

kubectl exec -it <pod-name> -- /bin/bash

Use `kubectl port-forward` to map a local port to the pod port.

kubectl port-forward pod/<pod-name> 8080:80

Use the `--dry-run=client` and `-o yaml` flags.

kubectl create deploy web --image=nginx --dry-run=client -o yaml > deployment.yaml

Use the `kubectl scale` command.

kubectl scale deployment/web --replicas=5

A 'Pending' pod usually means the scheduler cannot find a suitable node to place the pod. Common causes are lack of CPU/Memory resources on nodes, untolerated t...

Use the `kubectl set image` command.

kubectl set image deployment/web nginx=nginx:1.19

Use the `-w` or `--watch` flag with the get command.

kubectl get pods -w

Get the secret in JSON/YAML, extract the base64 string, and pipe it to `base64 -d`. Or use go-templates directly.

kubectl get secret my-secret -o jsonpath='{.data.password}' | base64 --decode

Use `kubectl drain`. You may need to ignore daemonsets.

kubectl drain <node-name> --ignore-daemonsets --delete-emptydir-data

Use the `kubectl uncordon` command.

kubectl uncordon <node-name>

Use the `kubectl rollout pause` command. Subsequent updates to the deployment will not trigger a rollout until resumed.

kubectl rollout pause deployment/web

Describe the node. The output includes an 'Allocated resources' section which lists requests and limits for the node.

kubectl describe node <node-name>

Use the `kubectl cp` command.

kubectl cp ./localfile.cfg <pod-name>:/path/in/container/

Use the `kubectl rollout status` command.

kubectl rollout status deployment/web

Use `kubectl apply` pointing to the directory.

kubectl apply -f ./my-manifests/

Use `kubectl top pods` and sort by memory.

kubectl top pods --sort-by=memory

Use the `kubectl edit` command. It opens the resource manifest in your default terminal editor (like vi).

kubectl edit deployment/web

The standard kubelet configuration file (kubeconfig) is located at `~/.kube/config`. If you are using Cloud providers, you fetch it via their CLI (e.g., `aws ek...

Use the `kubectl rollout history` command.

kubectl rollout history deployment/web

Use the `-l` selector flag.

kubectl get pods -l app=nginx