kubernetes interview questions

British retail giant Tesco employed this strategy with impressive results. convincing lead within the market. Secrets can be injected into pods via environment variables or mounted as files. Secrets should not be injected in ConfigMaps

How do you find which pod is taking more system resources across nodes

using kubectl?

● Answer: Use kubectl top pod --all-namespaces to list resource usage by pods.

Combine it with kubectl describe pod to get detailed resource usage.

4. How do you know which worker node is consuming more resources across

the clusters using kubectl?

● Answer: Use kubectl top nodes to see resource consumption across nodes. This will

show CPU and memory usage on each node.

If 5 pods are running, how do you scale the number of pods to 10 using the

command line in Kubernetes?

To scale the number of pods from 5 to 10, use the following command:

kubectl scale --replicas=10 deployment/

If you want to expose your application to the public internet or access your application within a

cluster, how would you do that in Kubernetes?

● To expose your application to the public internet, you can use a Kubernetes Service of type

LoadBalancer or NodePort. For internal access within the cluster, you can use a

ClusterIP service. Additionally, you might use an Ingress controller for more advanced

routing.

Why do we need a ConfigMap in Kubernetes?

● A ConfigMap is used to store non-confidential configuration data in key-value pairs. It allows

you to decouple configuration artifacts from image content, enabling you to modify

application settings without rebuilding your container images.

Strategies:

○ Auto Scaling: Scale up instances automatically to handle the increased load.

○ Caching: Use a caching layer to reduce the load on your application servers.

○ Load Balancing: Distribute traffic evenly across available instances.

○ Database Optimization: Ensure your database is properly configured and optimized for

performance.

○ Monitoring: Closely monitor system metrics to identify bottlenecks and adjust resources

accordingly.

Have you experienced any challenging issues or incidents in your project? How did you and

your team identify and resolve them?

● Yes, one challenge was a sudden traffic spike causing performance degradation. We

identified the issue using CloudWatch metrics and logs, pinpointing the bottleneck in the

database. The resolution involved scaling the database vertically and adding read replicas to

distribute the load, along with optimizing slow-running queries.

What is a secrets manager?

● Secrets Manager: A tool or service that securely stores and manages sensitive information

such as API keys, passwords, certificates, and tokens. Examples include AWS Secrets

Manager, HashiCorp Vault, and Azure Key Vault.

● Purpose: To securely store and access secrets without hardcoding them into application

code or configuration files.

What is the secure way to manage sensitive information?

● Use a Secrets Manager: Store secrets in a dedicated service like AWS Secrets Manager,

Azure Key Vault, or HashiCorp Vault.

● Environment Variables: Use environment variables to inject secrets at runtime rather than

storing them in code.

● Encrypted Storage: Store sensitive data in encrypted databases or files, ensuring that

encryption keys are managed securely.

● Access Control: Implement strict access controls and auditing to ensure that only authorized

personnel and applications can access sensitive information.

Handling Multiple Microservices: Use Kubernetes namespaces to isolate microservices, and

manage their deployment using Helm charts

. What is a load balancer and its benefits? What is Cloud NAT?

● Load Balancer: A load balancer distributes incoming network traffic across multiple servers

or services to ensure reliability, scalability, and high availability. Benefits include:

○ Increased Fault Tolerance: Distributes traffic to prevent overload on a single server.

○ Scalability: Easily manage increased traffic by adding more servers.

○ Improved Performance: Balances load based on performance metrics, reducing

latency.

● Cloud NAT: Network Address Translation (NAT) service in cloud environments like Google

Cloud. It allows instances in private subnets to connect to the internet without exposing

them to inbound internet traffic, maintaining security while enabling outbound connectivity.

What is blue-green deployment and why is it needed?

● Blue-Green Deployment: A deployment strategy where two identical environments (Blue and Green) are maintained. The Blue environment is the active production environment, while the

Green is the idle one. During deployment, the new version is deployed to the Green

environment. After testing, traffic is switched to Green, making it the new production

environment. ●

Why Needed:

○ Minimal Downtime: Reduces downtime as the switch between environments is i

nstantaneous.

○ Easy Rollback: If issues arise, switching back to the Blue environment is

straightforward.

○ Improved Reliability: Reduces the risk of deployment failures affecting users.

69. What other deployment strategies do you know?

● Canary Deployment: Gradually rolling out the new version to a small subset of users before a

full deployment.

● Rolling Deployment: Incrementally updating instances or servers with the new version,

ensuring at least some instances are always running the old version.

● A/B Testing: Similar to blue-green, but used for comparing different versions/features with

live user traffic to determine which performs better.

● Feature Toggles: Allows features to be turned on/off dynamically, enabling deployment of

incomplete features without impacting the user.

During data loss, what strategy do you use to ensure no data loss, especially in critical applications

like banking?

Data Loss Prevention Strategy

● Strategy: For critical applications like banking, a multi-layered approach is essential:

● Redundancy: Use multiple data centers or cloud regions for replication and failover.

● Backups: Implement frequent and automated backups to multiple locations.

● Version Control: Track changes to data and maintain historical versions.

● Monitoring: Monitor database health and performance to detect potential issues early.

● Disaster Recovery Plan: Develop a comprehensive disaster recovery plan to restore data

and services in case of an outage

Which services can be integrated with a CDN (Content Delivery Network)?

● CDN Integration

● Services: CDNs can integrate with various services, including:

● Web Servers: Apache, Nginx, IIS.

● Content Management Systems (CMS): WordPress, Drupal, Joomla.

● Cloud Storage: AWS S3, Google Cloud Storage, Azure Blob Storage.

● Streaming Services: Netflix, YouTube, Twitch.

● API Gateways: AWS API Gateway, Google Cloud Endpoints.

How do you generate Kubernetes cluster credentials?

A: You can generate Kubernetes cluster credentials using:

● Service Accounts: Create service accounts in Kubernetes to provide access to specific

resources.

● kubeconfig: Generate a kubeconfig file that contains authentication and connection details for

the cluster.