Cloud Devops Interview Questions Part-2
Cloud Devops Interview Questions Part-2
Question
Answer
Infrastructure as Code (IaC) is the practice of managing and provisioning infrastructure using code
instead of manual processes. It allows automation of resource creation, modification, and deletion in
a cloud environment. IaC helps achieve consistency, reduces human errors, enables version control,
and ensures rapid deployments.
Unset
provider "aws" {
region = "us-west-2"
}
What is Continuous Integration/Continuous Deployment (CI/CD), and why is it important for DevOps?
Answer
CI/CD is a DevOps practice that automates software delivery through continuous integration,
continuous testing, and continuous deployment.
● Continuous Integration (CI) ensures code changes are merged and tested frequently.
● Continuous Deployment (CD) automates deployment to production after passing tests.
● Benefits include faster releases, fewer manual errors, consistent deployments, and improved
software quality.
● Learn how CI/CD works by reading blogs, watching YouTube tutorials, and taking DevOps
courses.
● Set up a Jenkins CI/CD pipeline locally or on AWS/GCP.
● Explore GitHub Actions and create workflows to automate testing and deployment.
● Work on open-source projects using Git and implement CI/CD pipelines.
Examples for this question
Unset
pipeline {
agent any
stages {
stage('Build') {
steps {
sh 'mvn clean package'
}
}
stage('Test') {
steps {
sh 'mvn test'
}
}
stage('Deploy') {
steps {
sh 'scp target/myapp.jar user@server:/opt/app/'
}
}
}
}
Unset
name: CI/CD Pipeline
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Build application
run: mvn clean package
- name: Run tests
run: mvn test
3. What is the difference between Docker and Kubernetes?
Question
What is the difference between Docker and Kubernetes, and how do they complement each other?
Answer
Docker is a containerization platform that allows developers to package applications with all
dependencies into a container, ensuring consistency across environments.
Key Differences:
Unset
FROM node:14
WORKDIR /app
COPY package.json .
COPY . .
EXPOSE 3000
Unset
apiVersion: apps/v1
kind: Deployment
metadata:
name: node-app
spec:
replicas: 2
selector:
matchLabels:
app: node-app
template:
metadata:
labels:
app: node-app
spec:
containers:
- name: node-container
image: my-node-app:latest
ports:
- containerPort: 3000
What are the different types of Kubernetes services, and when should you use each?
Answer
Kubernetes services provide networking and connectivity to pods. There are four main types:
1. ClusterIP (Default) – Exposes the service only within the cluster. Used for internal
communication.
2. NodePort – Exposes the service on a static port on each node, making it accessible externally.
3. LoadBalancer – Creates an external load balancer (in cloud environments) to distribute traffic
to pods.
4. ExternalName – Maps a service to an external DNS name, without proxying traffic through
Kubernetes.
What skills are required to prepare for this question?
Unset
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
selector:
app: my-app
ports:
- protocol: TCP
port: 80
targetPort: 8080
kind: Service
metadata:
name: my-service
spec:
type: NodePort
selector:
app: my-app
ports:
- port: 80
targetPort: 8080
nodePort: 30000
What is the difference between Monolithic and Microservices Architecture, and why is Microservices
preferred in DevOps?
Answer
Fault A failure can crash the whole app A failure in one service does not
Isolation affect others
});
});
JavaScript
const express = require('express');
});
app.listen(4000, () => console.log('User Service Running on Port
4000'));
JavaScript
const express = require('express');
});
Answer
GitOps is a DevOps practice that uses Git as a single source of truth for managing infrastructure and
applications. It automates deployments using Git repositories and CI/CD pipelines.
● Version Control: Every infrastructure change is stored in Git, ensuring history tracking.
● Automation: Changes are automatically applied when pushed to Git.
● Consistency: Ensures that the actual infrastructure matches the desired state.
● Rollback & Recovery: Easy rollback to previous versions if issues arise.
● Security & Auditability: Every change is reviewed via pull requests before deployment.
What skills are required to prepare for this question?
Unset
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app
spec:
replicas: 3
selector:
matchLabels:
app: my-app
template:
metadata:
labels:
app: my-app
spec:
containers:
- name: my-app
image: my-docker-repo/my-app:v1
Unset
argocd app create my-app --repo https://github.com/user/repo.git --path
./k8s --dest-server https://kubernetes.default.svc --dest-namespace
default
What is the Shared Responsibility Model in cloud computing, and how does it impact security
management?
Answer
The Shared Responsibility Model defines the security responsibilities of cloud providers and
customers.
Application Security Provides secure cloud services Configures security settings and
protects applications
Data Protection Offers encryption and backup Responsible for securing and
tools managing access to data
Unset
{
"Version": "2012-10-17",
"Statement": [
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::sensitive-data/*"
Answer
Blue-Green Deployment is a release strategy where two identical environments (Blue & Green) exist:
Deployment Process:
Advantages:
Unset
aws elasticbeanstalk swap-environment-cnames --source-environment-name
blue-env --destination-environment-name green-env
Unset
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: blue-green-ingress
spec:
rules:
- host: myapp.com
http:
paths:
- path: /
backend:
service:
name: green-service
port:
number: 80
Answer
Infrastructure as Code (IaC) is the practice of managing and provisioning infrastructure (servers,
networks, databases) using code instead of manual processes. IaC tools automate infrastructure
deployment, ensuring consistency and repeatability.
Unset
provider "aws" {
region = "us-east-1"
ami = "ami-0c55b159cbfafe1f0"
instance_type = "t2.micro"
tags = {
Name = "WebServer"
Unset
- name: Install Nginx
hosts: webservers
tasks:
apt:
name: nginx
state: present
10. What is Continuous Integration and Continuous Deployment (CI/CD) in DevOps?
Question
What is Continuous Integration and Continuous Deployment (CI/CD), and why is it important in
DevOps?
Answer
CI/CD is a DevOps practice that automates software integration, testing, and deployment.
● Continuous Integration (CI): Developers frequently merge code into a shared repository,
triggering automated builds and tests.
● Continuous Deployment (CD): Code changes are automatically deployed to production if tests
pass, ensuring faster releases.
● Experience with CI/CD tools (Jenkins, GitHub Actions, GitLab CI, CircleCI)
● Knowledge of Docker and Kubernetes for containerized deployments
● Understanding of source control (Git, branching strategies)
● Familiarity with automated testing frameworks (Selenium, JUnit)
Unset
name: CI/CD Pipeline
on:
push:
branches:
- main
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
Unset
pipeline {
agent any
stages {
stage('Build') {
steps {
sh 'npm install'
}
stage('Test') {
steps {
sh 'npm test'
stage('Deploy') {
steps {
Answer
Resource Usage Lightweight, shares OS kernel Heavy, each VM has its own OS
Unset
FROM node:14
WORKDIR /app
COPY package.json .
COPY . .
EXPOSE 3000
Unset
docker build -t my-node-app .
Unset
VBoxManage createvm --name "UbuntuVM" --register
Answer
Unset
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app
spec:
replicas: 3
selector:
matchLabels:
app: my-app
template:
metadata:
labels:
app: my-app
spec:
containers:
- name: my-app
image: my-app-image:latest
ports:
- containerPort: 80
Unset
kubectl apply -f deployment.yaml
Unset
kubectl scale deployment my-app --replicas=5
Answer
Unset
istioctl install --set profile=demo -y
Unset
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: my-service
spec:
hosts:
- my-service
http:
- route:
- destination:
host: my-service
subset: v1
Unset
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
name: default
spec:
mtls:
mode: STRICT
14. What is Canary Deployment, and how does it minimize deployment risks?
Question
What is Canary Deployment, and how does it help reduce risks in software releases?
Answer
Canary Deployment is a DevOps strategy where a new version of an application is gradually rolled out
to a small subset of users before a full release.
Unset
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: my-service
spec:
hosts:
- my-service
http:
- route:
- destination:
host: my-service
subset: stable
weight: 90
- destination:
host: my-service
subset: canary
weight: 10
Unset
aws deploy create-deployment \
--application-name MyApp \
--deployment-group-name CanaryDeploymentGroup \
--revision location={S3Bucket="my-bucket",S3Key="my-app.zip"} \
--deployment-config-name CodeDeployDefault.OneAtATime
JavaScript
const featureFlag = process.env.FEATURE_FLAG === 'true';
if (featureFlag) {
res.send('New feature enabled!');
} else {
res.send('Old version');
});
15. What is Blue-Green Deployment, and how does it ensure zero downtime?
Question
What is Blue-Green Deployment, and how does it ensure zero downtime during releases?
Answer
Blue-Green Deployment is a DevOps deployment strategy that runs two identical production
environments—Blue (current/live version) and Green (new version).
Unset
apiVersion: v1
kind: Service
metadata:
name: my-app
spec:
selector:
ports:
- protocol: TCP
port: 80
targetPort: 8080
● To switch to Green:
Unset
apiVersion: v1
kind: Service
metadata:
name: my-app
spec:
selector:
app: my-app-green # Now routing to Green
Unset
aws deploy create-deployment \
--application-name MyApp \
--deployment-group-name BlueGreenGroup \
--revision location={S3Bucket="my-bucket",S3Key="app.zip"} \
--deployment-config-name CodeDeployDefault.BlueGreen
Unset
upstream blue {
server blue-app:8080;
upstream green {
server green-app:8080;
server {
listen 80;
location / {
}
}
Answer
GitOps is a DevOps approach where Git is the single source of truth for infrastructure and
application deployments. It automates provisioning and updates by applying Git-based version control
principles to infrastructure management.
● Declarative Configuration: Uses YAML/JSON files for defining infrastructure and applications.
● Version Control: All changes are tracked in Git, ensuring traceability.
● Automated Deployments: Continuous deployment is triggered by Git commits.
● Self-Healing Systems: Drift detection ensures environments match Git state.
Unset
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app
spec:
replicas: 2
selector:
matchLabels:
app: my-app
template:
metadata:
labels:
app: my-app
spec:
containers:
- name: my-app
image: my-app:v1.0
Unset
argocd app create my-app \
--repo https://github.com/my-org/my-repo.git \
--path k8s \
--dest-server https://kubernetes.default.svc \
--dest-namespace default
3. Any updates committed to Git (e.g., changing the image version) trigger automatic
deployments.
● Using Flux to sync Kubernetes with Git:
Unset
flux bootstrap github \
--owner=my-org \
--repository=my-repo \
--branch=main \
--path=./clusters/my-cluster
Answer
Infrastructure as Code (IaC) is the practice of managing and provisioning infrastructure using
machine-readable configuration files instead of manual processes. IaC enables automation,
consistency, and scalability in DevOps.
● Terraform (cloud-agnostic)
● AWS CloudFormation (AWS-specific)
● Ansible (configuration management)
● Pulumi (code-based IaC with Python, TypeScript, etc.)
Unset
provider "aws" {
region = "us-east-1"
ami = "ami-12345678"
instance_type = "t2.micro"
tags = {
Name = "MyServer"
Unset
terraform init
terraform apply
Unset
- name: Install Nginx
hosts: webserver
tasks:
apt:
name: nginx
state: present
Unset
ansible-playbook nginx.yml
MyS3Bucket:
Type: AWS::S3::Bucket
Properties:
BucketName: my-unique-bucket-name
Answer
Immutable Infrastructure is a DevOps practice where servers and infrastructure components are
never modified after deployment. Instead of updating an existing system, a new one is created, and
the old one is decommissioned.
Unset
{
"builders": [{
"type": "amazon-ebs",
"region": "us-east-1",
"source_ami": "ami-12345678",
"instance_type": "t2.micro",
"ssh_username": "ec2-user",
"ami_name": "my-immutable-image"
}]
Unset
packer build template.json
Unset
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app
spec:
replicas: 3
selector:
matchLabels:
app: my-app
template:
metadata:
labels:
app: my-app
spec:
containers:
- name: my-app
ports:
- containerPort: 80
Unset
kubectl set image deployment/my-app my-app=my-app:v1.1
Answer
Chaos Engineering is the practice of intentionally introducing failures in a system to test its
resilience and ability to recover. It helps teams proactively identify weaknesses before they cause
real outages.
Unset
gremlin attack cpu --cores 2 --length 60
kind: ChaosEngine
metadata:
name: pod-delete-experiment
spec:
appinfo:
appns: "default"
applabel: "app=my-app"
experiments:
- name: pod-delete
spec:
components:
env:
- name: TOTAL_CHAOS_DURATION
Unset
kubectl apply -f chaos-experiment.yaml
Unset
aws fis start-experiment --experiment-template-id my-template-id
20. What is a Feature Flag, and how does it help in DevOps?
Question
Answer
A Feature Flag (or Feature Toggle) is a technique used to enable or disable features in an
application without deploying new code. It allows controlled feature rollouts and experimentation.
JavaScript
const featureFlag = process.env.NEW_FEATURE === 'true';
app.get('/new-feature', (req, res) => {
if (featureFlag) {
} else {
});
Unset
{
"version": 1,
"features": [
"name": "new-feature",
"enabled": true,
"strategies": [
"name": "gradualRollout",
"parameters": {
"percentage": "50"
}
]
Python
import ldclient
ldclient.set_config(Config("YOUR_SDK_KEY"))
client = ldclient.get()
else:
21. What is Canary Deployment, and how does it improve software releases?
Question
Answer
Canary Deployment is a progressive release strategy where a new version of an application is
gradually rolled out to a small subset of users before making it available to everyone.
1. Deploy the new version (canary) alongside the current production version.
2. Route a small percentage of traffic to the new version.
3. Monitor logs, metrics, and errors for issues.
4. If the new version is stable, gradually increase traffic.
5. If issues arise, roll back instantly to the old version.
Unset
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: my-app
spec:
hosts:
- my-app.example.com
http:
- route:
- destination:
host: my-app
subset: stable
weight: 90
- destination:
host: my-app
subset: canary
weight: 10
●
This sends 90% of traffic to the stable version and 10% to the canary.
Unset
aws elbv2 modify-target-group-attributes \
--target-group-arn arn:aws:elasticloadbalancing:region:target-group \
--attributes Key=stickiness.enabled,Value=true
●
Using Argo Rollouts for Canary Deployment:
Unset
apiVersion: argoproj.io/v1alpha1
kind: Rollout
metadata:
name: my-app
spec:
strategy:
canary:
steps:
- setWeight: 20
- setWeight: 50
Answer
Unset
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: my-service
spec:
hosts:
- my-service.default.svc.cluster.local
http:
- route:
- destination:
host: my-service
subset: v1
weight: 80
- destination:
host: my-service
subset: v2
weight: 20
Unset
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
name: default
spec:
mtls:
mode: STRICT
Unset
kubectl apply -f
https://github.com/istio/istio/blob/master/samples/addons/prometheus.ya
ml
Answer
GitOps is a DevOps practice that uses Git as the single source of truth for infrastructure and
application deployment. It ensures that infrastructure is managed declaratively and automatically
synced with the desired state in Git.
1. Declare the desired state (e.g., Kubernetes manifests, Terraform configurations).
2. Store everything in Git, including infrastructure and application configurations.
3. Automate deployments using Git triggers (e.g., ArgoCD, Flux).
4. Continuously monitor and reconcile the actual state with the Git repository.
Benefits of GitOps:
kind: Application
metadata:
name: my-app
spec:
destination:
server: https://kubernetes.default.svc
namespace: default
source:
repoURL: https://github.com/my-org/my-app.git
targetRevision: main
path: k8s
syncPolicy:
automated:
prune: true
selfHeal: true
●
Apply the configuration:
Unset
kubectl apply -f argocd-application.yaml
●
FluxCD setup for automatic deployments:
Unset
flux bootstrap github \
--owner=my-org \
--repository=my-app \
--branch=main \
--path=./clusters/my-cluster
Answer
Infrastructure as Code (IaC) is the practice of managing and provisioning infrastructure using code,
rather than manual processes. It enables automation, consistency, and version control for
infrastructure deployment.
Unset
provider "aws" {
region = "us-east-1"
ami = "ami-0c55b159cbfafe1f0"
instance_type = "t2.micro"
●
Deploy the infrastructure:
Unset
terraform init
terraform apply
●
AWS CloudFormation YAML template for an S3 bucket:
Unset
Resources:
MyS3Bucket:
Type: "AWS::S3::Bucket"
Properties:
BucketName: "my-cloudformation-bucket"
●
Ansible playbook to install Nginx on a server:
Unset
- hosts: webservers
tasks:
apt:
name: nginx
state: present
Answer
● Immutable Infrastructure:
Key Differences:
● Immutable Infrastructure using Terraform to deploy a new AWS EC2 instance instead of
modifying the old one:
Unset
resource "aws_instance" "example" {
ami = "ami-12345678"
instance_type = "t2.micro"
●
Instead of updating the instance, create a new one with a new AMI.
Unset
FROM nginx:latest
●
Any change requires building a new Docker image instead of modifying the existing container.
Unset
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app
spec:
replicas: 3
template:
spec:
containers:
- name: my-app
●
Instead of modifying running pods, Kubernetes replaces them with new ones.
Answer
Blue-Green Deployment is a deployment strategy where two identical environments (Blue and
Green) are maintained. The current production version (Blue) runs while the new version (Green) is
deployed and tested. Once verified, traffic is switched from Blue to Green, making it live. If issues
arise, rollback is instant by switching traffic back to Blue.
1. Deploy the new version (Green) alongside the existing (Blue) version.
2. Test the Green environment for stability and correctness.
3. Switch traffic from Blue to Green once testing is complete.
4. Keep the old version (Blue) temporarily for rollback if needed.
Unset
apiVersion: v1
kind: Service
metadata:
name: my-app
spec:
selector:
ports:
- protocol: TCP
port: 80
targetPort: 8080
●
When switching, update the selector from my-app-blue to my-app-green.
Unset
aws elbv2 modify-listener --listener-arn <listener-arn> \
--default-actions Type=forward,TargetGroupArn=<new-target-group-arn>
●
This command switches traffic from the old target group (Blue) to the new one (Green).
Unset
upstream blue {
server blue-app:8080;
upstream green {
server green-app:8080;
}
server {
listen 80;
location / {
Answer
Chaos Engineering is the practice of intentionally introducing failures into a system to test its
resilience and fault tolerance. The goal is to proactively identify weaknesses before they cause
real-world outages.
Unset
chaos-monkey terminate-instance --region us-east-1 --instance-id
i-1234567890abcdef
●
This command simulates instance failures to test how the system recovers.
Unset
gremlin attack cpu --cores 2 --length 60
●
This spikes CPU usage for 60 seconds on 2 cores.
kind: ChaosEngine
metadata:
name: pod-network-latency
spec:
experiments:
- name: pod-network-latency
spec:
components:
env:
- name: NETWORK_LATENCY
●
This test adds network latency to a Kubernetes pod to measure impact.
28. What is Site Reliability Engineering (SRE), and how does it differ from DevOps?
Question
What is Site Reliability Engineering (SRE), and how does it differ from DevOps?
Answer
Site Reliability Engineering (SRE) is a discipline that applies software engineering principles to IT
operations to improve system reliability, scalability, and efficiency. It was pioneered by Google to
ensure highly available services.
Role in Helps improve release process Ensures service reliability & handles
Incidents failures
Unset
- alert: HighRequestLatency
expr: histogram_quantile(0.95,
rate(http_request_duration_seconds_bucket[5m])) > 0.5
for: 10m
labels:
severity: warning
annotations:
●
This rule triggers an alert if 95% of HTTP requests take longer than 0.5 seconds.
Answer
GitOps is a DevOps practice that uses Git as the single source of truth for managing infrastructure
and application deployments. It applies declarative configurations and automated workflows to
ensure consistency and reliability.
1. Store infrastructure and application configurations in Git (e.g., Kubernetes manifests,
Terraform scripts).
2. Monitor Git repositories for changes using automation tools (ArgoCD, FluxCD).
3. Sync changes automatically to the production environment.
4. Rollback easily using Git history in case of failures.
Unset
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: my-app
spec:
destination:
namespace: my-namespace
server: https://kubernetes.default.svc
source:
repoURL: https://github.com/myorg/my-repo.git
path: k8s-manifests
targetRevision: main
●
This setup syncs Kubernetes manifests from a Git repository.
Unset
flux bootstrap github \
--owner=myorg \
--repository=my-gitops-repo \
--branch=main \
--path=clusters/my-cluster
●
This command sets up FluxCD to manage Kubernetes deployments from Git.
30. What is Infrastructure as Code (IaC), and how does it benefit DevOps?
Question
Answer
Infrastructure as Code (IaC) is the practice of managing and provisioning infrastructure using
declarative code instead of manual processes. It enables automation, version control, and
consistency in infrastructure deployment.
Types of IaC:
1. Declarative (What to achieve) – Defines the desired state (e.g., Terraform, CloudFormation).
2. Imperative (How to achieve it) – Uses step-by-step commands (e.g., Ansible, Chef, Puppet).
Unset
resource "aws_instance" "web" {
ami = "ami-12345678"
instance_type = "t2.micro"
tags = {
Name = "TerraformInstance"
}
●
This automates EC2 provisioning instead of manual setup.
Unset
- hosts: webservers
tasks:
apt:
name: nginx
state: present
●
This ensures Nginx is always installed on the target servers.
Unset
Resources:
MyS3Bucket:
Type: "AWS::S3::Bucket"
Properties:
BucketName: "my-iac-bucket"
●
This creates an S3 bucket using CloudFormation.
31. What are the different types of Kubernetes services, and when should you use
them?
Question
What are the different types of Kubernetes services, and when should you use them?
Answer
In Kubernetes, Services expose applications running in pods to the network (internally or externally).
There are four main types of Kubernetes services:
Unset
apiVersion: v1
kind: Service
metadata:
name: my-internal-service
spec:
selector:
app: my-app
ports:
- protocol: TCP
port: 80
targetPort: 8080
●
This allows pods within the cluster to communicate with my-internal-service.
Unset
apiVersion: v1
kind: Service
metadata:
name: my-nodeport-service
spec:
selector:
app: my-app
ports:
- protocol: TCP
port: 80
targetPort: 8080
type: NodePort
●
Access the service via <NodeIP>:30000.
Unset
apiVersion: v1
kind: Service
metadata:
name: my-loadbalancer-service
spec:
selector:
app: my-app
ports:
- protocol: TCP
port: 80
targetPort: 8080
type: LoadBalancer
●
In AWS, Azure, or GCP, this automatically provisions a public IP address.
Unset
apiVersion: v1
kind: Service
metadata:
name: external-db
spec:
type: ExternalName
externalName: mydb.example.com
●
This redirects traffic to mydb.example.com instead of an internal pod.
Answer
Blue-Green Deployment is a release management strategy that reduces downtime and risk by
running two separate environments:
● Blue (Current Production Environment) – The live system handling real traffic.
● Green (New Version Environment) – The updated version of the application.
How it works:
Challenges:
Unset
upstream blue {
server blue-app:8080;
}
upstream green {
server green-app:8080;
server {
listen 80;
location / {
●
This configuration routes traffic to the Green environment.
Unset
aws elbv2 modify-listener \
--listener-arn arn:aws:elasticloadbalancing:region:listener-id \
●
This command updates the AWS ALB to route traffic to the Green environment.
kind: Service
metadata:
name: my-app
spec:
selector:
ports:
- protocol: TCP
port: 80
targetPort: 8080
●
The service selector determines which deployment (Blue or Green) is active.
33. What is Canary Deployment, and how does it improve release management?
Question
Answer
Canary Deployment is a deployment strategy that gradually rolls out new versions of an application
to a small subset of users before a full release. It minimizes risk by testing changes in production with
real traffic.
1. Deploy the new version to a small percentage (e.g., 5%) of users.
2. Monitor performance, error rates, and user feedback.
3. If successful, gradually increase traffic to the new version.
4. If issues arise, rollback to the stable version immediately.
Benefits of Canary Deployment:
● Reduces risk – New releases affect only a small user base at first.
● Real-time validation – Detects issues in a live environment.
● Fast rollback – Stops bad releases before full impact.
● A/B testing – Can be used to test features on select users.
Challenges:
Unset
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: canary-route
spec:
hosts:
- my-app.example.com
http:
- route:
- destination:
host: my-app
subset: stable
weight: 90
- destination:
host: my-app
subset: canary
weight: 10
●
This routes 90% of traffic to the stable version and 10% to the new version.
Unset
apiVersion: flagger.app/v1beta1
kind: Canary
metadata:
name: my-app
spec:
targetRef:
apiVersion: apps/v1
kind: Deployment
name: my-app
progressDeadlineSeconds: 60
canaryAnalysis:
interval: 1m
threshold: 5
maxWeight: 50
stepWeight: 10
●
This gradually shifts traffic in 10% increments until 50% of traffic is on the new version.
Answer
Chaos Engineering is the practice of intentionally injecting failures into a system to test its
resilience and improve reliability. The goal is to identify weaknesses before they cause real-world
outages.
Unset
apiVersion: litmuschaos.io/v1alpha1
kind: ChaosEngine
metadata:
name: pod-delete-chaos
spec:
appinfo:
appns: "default"
applabel: "app=my-app"
appkind: "deployment"
chaosServiceAccount: litmus-admin
experiments:
- name: pod-delete
spec:
components:
env:
- name: TOTAL_CHAOS_DURATION
value: "60"
- name: CHAOS_INTERVAL
value: "10"
●
This randomly deletes pods in a Kubernetes cluster every 10 seconds for 60 seconds.
Unset
gremlin attack cpu --target "my-instance" --length 300 --cores 2
●
This causes a high CPU spike for 5 minutes on a selected instance.
Unset
kubectl apply -f - <<EOF
apiVersion: chaos-mesh.org/v1alpha1
kind: NetworkChaos
metadata:
name: delay-traffic
spec:
action: delay
duration: "60s"
mode: all
selector:
namespaces:
- default
delay:
latency: "500ms"
EOF
●
This delays all network traffic by 500ms for 60 seconds in a Kubernetes namespace.
35. What is Infrastructure as Code (IaC), and how does it benefit DevOps?
Question
Answer
Infrastructure as Code (IaC) is the practice of managing and provisioning infrastructure using code
instead of manual processes. It allows developers to define, deploy, and manage cloud resources in a
repeatable and automated manner.
Unset
provider "aws" {
region = "us-east-1"
}
ami = "ami-0abcdef1234567890"
instance_type = "t2.micro"
tags = {
Name = "MyTerraformInstance"
●
This Terraform script provisions an EC2 instance in AWS.
Unset
Resources:
MyS3Bucket:
Type: "AWS::S3::Bucket"
Properties:
BucketName: "my-cloudformation-bucket"
●
This CloudFormation template creates an S3 bucket in AWS.
tasks:
apt:
name: nginx
state: present
●
This Ansible playbook installs Nginx on all servers in the web_servers group.
Answer
GitOps is a DevOps practice that uses Git as the single source of truth for managing infrastructure
and application deployments. It enables declarative infrastructure management, automated
deployments, and version-controlled operations.
Unset
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: my-app
spec:
destination:
namespace: default
server: https://kubernetes.default.svc
source:
repoURL: https://github.com/my-org/my-app.git
path: manifests
targetRevision: main
syncPolicy:
automated:
prune: true
selfHeal: true
●
This configuration automatically syncs Kubernetes manifests from a Git repo.
Unset
flux bootstrap github \
--owner=my-org \
--repository=my-gitops-repo \
--path=clusters/my-cluster \
--personal
●
This command initializes FluxCD and syncs a repository for Kubernetes deployments.
Answer
Challenges:
● AWS Elastic Load Balancer (ELB) – Switches traffic between two environments.
● Kubernetes Services & Istio – Routes traffic dynamically.
● Nginx/HAProxy – Acts as a traffic switcher.
● Spinnaker/ArgoCD – Automates Blue-Green rollouts.
TargetGroupBlue:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Name: BlueTG
Port: 80
Protocol: HTTP
VpcId: vpc-123456
TargetGroupGreen:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
Name: GreenTG
Port: 80
Protocol: HTTP
VpcId: vpc-123456
ListenerRuleSwitch:
Type: AWS::ElasticLoadBalancingV2::ListenerRule
Properties:
Priority: 1
Conditions:
- Field: path-pattern
Values: ["/"]
Actions:
- Type: forward
●
This CloudFormation config switches ALB traffic to the Green environment.
Unset
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-app
spec:
rules:
- host: my-app.example.com
http:
paths:
- path: /
backend:
service:
name: my-app-green
port:
number: 80
●
This routes traffic to the Green version of the app in Kubernetes.
38. What is a Canary Deployment, and how does it differ from Blue-Green
Deployment?
Question
What is a Canary Deployment, and how does it differ from Blue-Green Deployment?
Answer
1. Deploy a small percentage (e.g., 5%) of traffic to the new version.
2. Monitor performance and logs for errors, latency, or crashes.
3. If everything is stable, gradually increase traffic to 25%, 50%, and finally 100%.
4. If issues arise, rollback quickly to the old version.
Traffic Distribution Gradual rollout (small % first) Instant switch (100% at once)
Risk Level Lower (only a few users Higher (full traffic shift)
affected)
● Lower risk – Only a small portion of users are affected by potential failures.
● Faster feedback loop – Bugs can be caught early before full rollout.
● Better performance testing – Allows gradual scaling based on real traffic.
Challenges:
● Requires monitoring & observability – Need tools like Prometheus, Datadog, or AWS
CloudWatch.
● Traffic routing complexity – Must configure load balancers or service meshes (Istio, Linkerd).
● Takes longer than Blue-Green – Since rollout happens in stages.
Unset
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: my-app
spec:
hosts:
- my-app.example.com
http:
- route:
- destination:
host: my-app-v1
weight: 80
- destination:
host: my-app-v2
weight: 20
●
This routes 80% of traffic to the stable version (my-app-v1) and 20% to the Canary version
(my-app-v2).
Unset
{
"TargetGroups": [
"TargetGroupArn":
"arn:aws:elasticloadbalancing:us-east-1:1234567890:targetgroup/my-app-v
1",
"Weight": 80
},
"TargetGroupArn":
"arn:aws:elasticloadbalancing:us-east-1:1234567890:targetgroup/my-app-v
2",
"Weight": 20
●
This gradually shifts traffic to the new version using AWS ALB weighted target groups.
39. What is a Rolling Deployment, and how does it compare to Blue-Green and
Canary Deployments?
Question
What is a Rolling Deployment, and how does it compare to Blue-Green and Canary Deployments?
Answer
Traffic Gradually updates Switches all traffic Routes small % first, then
Handling instances at once increases
Time to Longer (depends on fleet Fast (all at once) Medium (staged rollout)
Deploy size)
Best for Large distributed systems Major version Feature testing, API
upgrades changes
Challenges:
Unset
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app
spec:
replicas: 5
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
template:
spec:
containers:
- name: my-app
image: my-app:v2
●
This configuration updates one instance at a time, ensuring a rolling update strategy.
Unset
{
"deploymentConfiguration": {
"minimumHealthyPercent": 50,
"maximumPercent": 200
●
This setting ensures at least 50% of tasks remain running while rolling out new updates.
Answer
Infrastructure as Code (IaC) is the practice of managing and provisioning infrastructure (servers,
networks, databases) using machine-readable configuration files instead of manual processes. IaC
enables automation, consistency, and scalability in cloud and DevOps environments.
○ Running the same configuration multiple times results in the same state, preventing
drift.
Unset
provider "aws" {
region = "us-east-1"
ami = "ami-12345678"
instance_type = "t2.micro"
tags = {
Name = "MyTerraformInstance"
●
This code provisions an EC2 instance on AWS using Terraform.
MyS3Bucket:
Type: AWS::S3::Bucket
Properties:
BucketName: my-cloudformation-bucket
●
This defines an S3 bucket using AWS CloudFormation.
Answer
GitOps is a DevOps methodology that uses Git as the single source of truth for managing
infrastructure and application deployments. It automates deployments by continuously synchronizing
Git repositories with the desired infrastructure state using CI/CD pipelines and Kubernetes
controllers.
✅
automatically.
✅ Better Collaboration: Developers, ops, and security teams can work together in Git.
✅ Rollback & Disaster Recovery: Just revert a Git commit to restore a previous version.
✅ Security & Compliance: All changes are logged and auditable in Git.
Improved Deployment Speed: Declarative definitions eliminate inconsistencies.
Tool Description
Unset
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: my-app
namespace: argocd
spec:
destination:
namespace: default
server: https://kubernetes.default.svc
source:
repoURL: https://github.com/my-org/my-repo.git
targetRevision: main
path: k8s-manifests
syncPolicy:
automated:
prune: true
selfHeal: true
●
This ArgoCD configuration deploys and auto-syncs Kubernetes manifests from a Git
repository.
Unset
name: Terraform GitOps
on:
push:
branches:
- main
jobs:
terraform-apply:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
uses: hashicorp/setup-terraform@v1
run: |
terraform init
●
This GitHub Actions workflow automates Terraform deployments using GitOps.
Answer
Deployment Method New instances replace old ones Updates applied to live systems
✅
✅
Faster Rollbacks – If an update fails, deploy the previous version instantly.
Improved Security – Reduces risks from unauthorized or untracked changes.
✅ Better Scalability – Easily spin up new instances instead of modifying old ones.
Easier CI/CD Pipelines – Works well with containers and Kubernetes.
Tool Purpose
Docker Containerization
Unset
provider "aws" {
region = "us-east-1"
}
resource "aws_instance" "web" {
instance_type = "t3.micro"
lifecycle {
create_before_destroy = true
●
This Terraform code ensures instances are replaced instead of modified.
Unset
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app
spec:
replicas: 3
strategy:
type: RollingUpdate
template:
spec:
containers:
- name: my-app
●
Kubernetes ensures immutable container deployments with rolling updates.
Answer
In contrast, Canary Deployment gradually rolls out the new version to a small percentage of users
before full release.
Traffic Handling Switches all traffic at once Routes small % of traffic first
Risk Level Higher (if Green has issues) Lower (affects fewer users)
Infrastructure Cost Requires duplicate infra Can use same infra with
routing
✅ Simple Traffic Management – A single DNS or Load Balancer switch updates traffic.
Easy Testing – The Green environment is fully tested before switching.
Tool Purpose
AWS Elastic Load Balancer (ELB) Directs traffic between Blue and Green
Kubernetes Service Updates Switches between Blue (old pods) and Green (new
pods)
Terraform & AWS Route 53 Automates DNS switching for Blue-Green
Unset
resource "aws_route53_record" "blue_green" {
zone_id = "Z123456789"
name = "app.example.com"
type = "A"
alias {
name = aws_lb.green_lb.dns_name
zone_id = aws_lb.green_lb.zone_id
evaluate_target_health = true
}
}
●
This Terraform setup switches traffic from Blue to Green using Route 53.
Unset
apiVersion: v1
kind: Service
metadata:
name: my-app
spec:
selector:
ports:
- protocol: TCP
port: 80
targetPort: 8080
●
This updates Kubernetes Service to direct traffic to the Green environment.
Answer
A Service Mesh is a dedicated infrastructure layer that manages service-to-service communication
in a microservices architecture. It provides observability, security, and traffic control without
changing application code.
In Kubernetes, a service mesh helps manage complex microservices by handling service discovery,
load balancing, security policies, retries, and observability at the network layer.
✅
✅
Traffic Management – Enables circuit breaking, retries, and rate limiting.
Observability & Monitoring – Provides distributed tracing, logging, and metrics.
Tool Features
Unset
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: my-app
spec:
hosts:
- my-app.default.svc.cluster.local
http:
- route:
- destination:
host: my-app
subset: v1
weight: 80
- destination:
host: my-app
subset: v2
weight: 20
●
This routes 80% of traffic to v1 and 20% to v2, enabling Canary Deployment.
Unset
linkerd install | kubectl apply -f -
linkerd check
linkerd dashboard
●
This installs Linkerd on Kubernetes for lightweight service-to-service communication.
45. What is Infrastructure as Code (IaC), and how does it benefit DevOps?
Question
Answer
Infrastructure as Code (IaC) is the practice of managing and provisioning infrastructure (servers,
networks, databases) using declarative or script-based configuration files instead of manual
processes. IaC ensures consistent, repeatable, and automated infrastructure management.
✅
✅
Faster Deployments – Automates provisioning, reducing setup time from hours to minutes.
Version Control & Auditing – Infrastructure changes are stored in Git, enabling rollback.
✅ Scalability – Easily replicate infrastructure across multiple environments (Dev, Staging, Prod).
Cost Efficiency – Optimizes resource usage by automating infrastructure provisioning and scaling.
Tool Features
Terraform Cloud-agnostic, declarative syntax
Unset
provider "aws" {
region = "us-east-1"
ami = "ami-12345678"
instance_type = "t2.micro"
tags = {
Name = "Terraform-Server"
●
This automates EC2 instance provisioning with Terraform.
Unset
- name: Install Apache
hosts: webservers
tasks:
yum:
name: httpd
state: present
service:
name: httpd
state: started
●
This automates web server setup using Ansible.
Answer
GitOps is a DevOps practice that uses Git as the single source of truth for managing infrastructure
and application deployments. It enables declarative, version-controlled, and automated
deployments using pull-based workflows.
Instead of manually applying changes, GitOps tools (like ArgoCD or Flux) continuously monitor Git
repositories and apply changes automatically to the infrastructure or Kubernetes cluster.
✅ Version Control – All changes are tracked in Git, enabling rollback and auditability.
✅ Pull-Based Deployment – Agents running inside Kubernetes or cloud environments pull changes,
Automated Syncing – GitOps tools detect changes in Git and apply them automatically.
Change Controlled via Git commits & PRs Manual pipeline triggers
Management
Tool Features
Unset
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: my-app
namespace: argocd
spec:
destination:
namespace: default
server: https://kubernetes.default.svc
source:
repoURL: https://github.com/my-org/my-repo.git
targetRevision: main
path: k8s-manifests
syncPolicy:
automated:
prune: true
selfHeal: true
Answer
Chaos Engineering is the practice of intentionally injecting failures into a system to test its
resilience and identify weaknesses before they cause real outages. It helps teams build highly
available, fault-tolerant systems by simulating unexpected failures.
✅
✅
Improves System Resilience – Helps applications recover automatically from failures.
Reduces Downtime Costs – Prevents expensive outages by testing failure scenarios early.
✅ Enhances Monitoring & Observability – Ensures logging and alerts work as expected.
Validates Auto-Healing & Redundancy – Tests failover strategies in a controlled way.
Tool Features
AWS Fault Injection Simulator (FIS) AWS-native chaos testing for EC2, RDS, and
Lambda
Unset
apiVersion: litmuschaos.io/v1alpha1
kind: ChaosExperiment
metadata:
name: pod-delete
namespace: litmus
spec:
definition:
scope: Namespaced
level: pod
selector:
apps: my-app
duration: "30s"
●
This randomly deletes a Kubernetes pod to test resilience.
Unset
gremlin attack cpu --cores 2 --length 60
●
This stresses 2 CPU cores for 60 seconds to test system behavior.
Answer
Blue-Green Deployment is a zero-downtime deployment strategy where two identical environments
(Blue and Green) run simultaneously. One environment serves live traffic while the other is updated
with the new release. After successful testing, traffic is switched to the new environment, ensuring
seamless rollouts and instant rollbacks.
Tool Features
kind: Service
metadata:
name: my-app
spec:
selector:
ports:
- protocol: TCP
port: 80
targetPort: 8080
●
This switches traffic between Blue and Green versions instantly.
Unset
aws route53 change-resource-record-sets --hosted-zone-id ZONE_ID \
--change-batch file://switch_to_green.json
●
This updates the DNS record to point to the Green environment.
Instead of deploying the update to all users at once, a small percentage (e.g., 5%) gets the new
version first. If everything works well, the rollout is gradually expanded.
Traffic Strategy Gradual rollout (5%, 10%, 50%, 100%) Switches 100% instantly
Tool Features
kind: VirtualService
metadata:
name: my-app
spec:
hosts:
- my-app.example.com
http:
- route:
- destination:
host: my-app
subset: stable
weight: 90
- destination:
host: my-app
subset: canary
weight: 10
●
This routes 10% of traffic to the Canary version and 90% to Stable.
Unset
aws elbv2 modify-target-group-attributes \
--target-group-arn TARGET_GROUP_ARN \
--attributes Key=canary-weight,Value=10
●
This routes 10% of traffic to the Canary version using AWS ALB.
Answer
Infrastructure as Code (IaC) is the practice of managing and provisioning infrastructure using
declarative code instead of manual processes. With IaC, infrastructure resources (servers, databases,
networks) are defined in code, version-controlled, and deployed automatically.
IaC eliminates manual configuration, reduces human errors, and enables fast, consistent, and
scalable infrastructure management.
Approach Description
Declarative Defines what the final infrastructure state should be (e.g., Terraform,
CloudFormation)
Imperative Defines how to achieve the desired infrastructure state (e.g., Ansible,
Python scripts)
Unset
provider "aws" {
region = "us-east-1"
ami = "ami-0abcdef1234567890"
instance_type = "t2.micro"
tags = {
Name = "Terraform-Instance"
Unset
- name: Install Apache
hosts: webservers
become: yes
tasks:
apt:
name: apache2
state: present
●
This playbook automates Apache installation on multiple servers.
Unset
Resources:
MyS3Bucket:
Type: AWS::S3::Bucket
Properties:
BucketName: my-iac-bucket
●
This provisions an S3 bucket automatically in AWS.