Part 2: Kubernetes Interview Questions for

DevOps Engineers
Written by Zayan Ahmed | 8 min read

Access Part 1 of this doc here

Advanced Kubernetes Questions (Continued)

34. What is a Kubernetes Custom Resource Definition (CRD)?

● A CRD allows users to define custom resources to extend Kubernetes capabilities.
CRDs let you create new resource types in your cluster that behave similarly to
built-in Kubernetes resources like Pods or Services, allowing for more specialized
functionalities within Kubernetes.
35. What is Kubernetes Admission Controller?
● Admission Controllers are plugins in Kubernetes that govern and enforce access
policies on Kubernetes resources. They intercept API requests before they are
persisted in etcd, enabling administrators to validate or modify resource
configurations.
36. How does Kubernetes manage secrets and secure sensitive data?
● Kubernetes Secrets store sensitive data, such as passwords and API keys, and are
base64-encoded. To enhance security, it’s recommended to use tools like
Kubernetes Secrets encryption, HashiCorp Vault, or AWS Secrets Manager for
secure, encrypted storage.
37. Explain the purpose of Kubernetes Jobs and CronJobs.
● Jobs: A Kubernetes Job creates one or more Pods to complete a task and ensures
that it finishes successfully. It is commonly used for batch or one-time tasks.
 ● CronJobs: A CronJob is used to schedule Jobs at specific times or intervals, similar
to cron scheduling in Linux, useful for periodic or recurring tasks.
38. What is Kubernetes RBAC (Role-Based Access Control)?
● RBAC allows you to control access and permissions within your Kubernetes cluster.
It uses roles, role bindings, cluster roles, and cluster role bindings to define who can
access specific resources and perform specific actions.
39. How does Kubernetes handle storage?
● Kubernetes handles storage through Persistent Volumes (PV) and Persistent Volume
Claims (PVC). Storage classes define the type of storage, and dynamic provisioning
creates storage as needed. This helps applications to have persistent storage across
restarts.
40. What is kube-proxy?
● kube-proxy is a network proxy that runs on each node in the cluster, responsible
for forwarding traffic to the appropriate Pods. It implements network rules defined by
Kubernetes Services to ensure efficient load balancing and communication.
41. What are Kubernetes Init Containers?
● Init Containers run before regular containers in a Pod, allowing for tasks like setting
up prerequisites or waiting for dependencies to be ready before the main container
starts. They provide additional flexibility and control over the container startup
sequence.
42. What is the Kubernetes API Aggregation Layer?
● The API Aggregation Layer allows for extending the Kubernetes API with additional
endpoints by enabling external APIs to be managed as part of the cluster. This is
useful for integrating custom applications or services into the Kubernetes ecosystem.

Scenario-Based Kubernetes Questions (Advanced)

43. How would you troubleshoot a Kubernetes Service not reaching its endpoints?
● Use kubectl describe service <service-name> to check if the Service is
correctly set up.
● Verify the associated Pods are running and reachable.
● Ensure the networking layer is functioning properly and check kube-proxy logs.
● Test with kubectl port-forward to confirm Pod accessibility.
44. If a Pod is consuming excessive memory and causing node instability, how
would you resolve it?
● Use resource limits and requests to prevent Pods from consuming excessive
memory.
● Investigate memory usage with kubectl top pod <pod-name> and analyze logs.
● Scale the application using the Horizontal Pod Autoscaler (HPA) to distribute the
load.
45. How would you handle a misconfigured Deployment that causes a failure in
your application?
● Roll back to the previous stable version using kubectl rollout undo.
● Investigate the issue by reviewing the Deployment manifest and logs to prevent
future errors.
● Enable readiness probes to ensure only healthy Pods receive traffic.
 46. What would you do if your Kubernetes cluster experiences network latency
issues?
● Use kubectl get pods --all-namespaces -o wide to analyze Pod
distribution and networking setup.
● Investigate any bottlenecks or misconfigurations in kube-proxy, DNS, or load
balancers.
● Utilize tools like Istio or Linkerd to optimize network communication.
47. How would you configure Kubernetes for a multi-tenant environment?
● Set up Namespaces to isolate resources per tenant.
● Use RBAC to restrict access based on user roles.
● Implement Network Policies to control traffic and provide tenant-specific network
isolation.

Kubernetes Best Practices for DevOps Engineers

1. Optimize Resource Management: Set appropriate CPU and memory requests and
limits for each Pod to prevent resource contention and optimize node utilization.
2. Implement Automated Scaling: Use Horizontal Pod Autoscaler (HPA) for scaling
Pods based on resource usage, and Cluster Autoscaler to manage node scaling
dynamically.
3. Leverage Rolling Updates and Rollbacks: Implement rolling updates for minimal
downtime and use kubectl rollout undo for fast rollback in case of deployment
issues.
4. Use Namespaces for Isolation: Separate environments or teams by using
Namespaces, enhancing security and resource management.
5. Enable Monitoring and Logging: Use Prometheus, Grafana, and Elasticsearch to
monitor cluster health and track logs, identifying and resolving issues proactively.
6. Secure Sensitive Data with Secrets Management: Use Kubernetes Secrets with
encryption, and consider tools like HashiCorp Vault or AWS Secrets Manager for
enhanced security.
7. Utilize Network Policies for Security: Implement Network Policies to define which
Pods can communicate with each other, reducing attack surface within the cluster.
8. Adopt Infrastructure as Code (IaC): Use Helm, Kustomize, or Terraform to manage
Kubernetes configurations, promoting repeatability and version control.
9. Employ Role-Based Access Control (RBAC): Configure RBAC to enforce the
principle of least privilege, ensuring that users and applications have only the
permissions necessary to perform their tasks.
10. Maintain Up-to-Date Cluster Versions: Regularly update Kubernetes to the latest
stable version to benefit from security patches and new features.
11. Plan for Backup and Disaster Recovery: Back up etcd data and create disaster
recovery plans for critical applications.
12. Utilize a Service Mesh for Advanced Communication Needs: If using
microservices, consider a service mesh like Istio or Linkerd for traffic management,
observability, and fault tolerance.

Follow me on LinkedIn for more DevOps insights 😊