10 Most Frequently Asked Kubernetes Interview Questions
10 Most Frequently Asked Kubernetes Interview Questions
Kubernetes knowledge has become a standard in DevOps engineering interviews. Here are the 10 questions candidates encounter most frequently and their ideal answers:
1. What is Kubernetes Architecture? Can You Name the Components?
Kubernetes consists of Master Node (Control Plane) and Worker Nodes.
- Control Plane: API Server, etcd, Scheduler, Controller Manager.
- Worker Node: Kubelet, Kube-proxy, Container Runtime (Docker/containerd).
2. What is the Difference Between Pod and Deployment?
- Pod: The smallest unit in Kubernetes. Runs one or more containers. It is mortal; when it dies, it doesn't come back.
- Deployment: Manages the lifecycle of Pods. You say "Run 3 nginx pods", if one dies, Deployment launches a new one (via ReplicaSet).
3. What are Service Types? (ClusterIP vs NodePort vs LoadBalancer)
- ClusterIP: Default type. Service is accessible only within the cluster.
- NodePort: Exposes the service on each node's IP at a static port (30000-32767). Accessible externally via
<NodeIP>:<NodePort>. - LoadBalancer: Triggers the cloud provider's (AWS, Azure) load balancer and gives the service a public IP.
4. What is Ingress?
Ingress is a collection of rules that route external HTTP/HTTPS traffic to services within the cluster. Unlike LoadBalancer, it can serve multiple services (path or domain-based) via a single IP (e.g., example.com/api -> api-service, example.com/web -> web-service).
5. What is Rolling Update?
It is the strategy of slowly shutting down old pods and opening new ones without downtime when deploying a new version of the application. Deployment uses this strategy by default.
6. What is the Difference Between Liveness Probe and Readiness Probe?
- Liveness Probe: Checks "Is the application alive?". If not responding, kills the pod and restarts it.
- Readiness Probe: Checks "Is the application ready to accept traffic?". If not ready (e.g., database connection not established yet), does not send traffic to that pod but does not kill it.
7. What is Namespace? Why is it Used?
Namespace is used to divide a physical cluster into multiple virtual clusters. Critical for resource isolation (Quota), access control (RBAC), and environment separation (Dev, Test, Prod).
8. What is DaemonSet? When is it Used?
DaemonSet guarantees that a copy of a pod runs on every node (or specific nodes). Used for log collectors (Fluentd) or monitoring agents (Node Exporter).
9. What are Taint and Toleration?
- Taint: A stain put on a node saying "Only those allowed can come to me".
- Toleration: Giving a pod the permission "I have tolerance for this stain, I can go to that node". For example, used to ensure only GPU-requiring jobs go to GPU servers.
10. What is the Difference Between PV (Persistent Volume) and PVC (Persistent Volume Claim)?
- PV: Physical storage resource (e.g., AWS EBS volume).
- PVC: Developer's storage request ("I need 10GB space"). Pod requests PVC, Kubernetes matches PVC with suitable PV (Binding).