CI/CD & Automation Interview Questions

Pipelines, Infrastructure as Code, and Deployment Strategies.

1. What is the difference between Continuous Delivery and Continuous Deployment?

  • Continuous Delivery: Code changes are automatically built, tested, and prepared for a release to production. However, the final deployment to production is a manual step (approval gate).
  • Continuous Deployment: Every change that passes all stages of your production pipeline is released to your customers automatically. There is no human intervention.

2. Explain Blue/Green Deployment vs. Canary Deployment.

  • Blue/Green: You have two identical environments. Blue is running production. You deploy the new version to Green. Once tested, you switch the router to point to Green. Instant rollback is possible by switching back.
  • Canary: You roll out the update to a small subset of users (e.g., 5%) first. If metrics look good, you gradually increase the percentage until 100% of traffic is on the new version. Reduces risk of a total outage.

3. What is Infrastructure as Code (IaC)?

IaC is the practice of managing and provisioning infrastructure through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools.

Tools: Terraform, Ansible, CloudFormation, Pulumi.

Benefits: Consistency, Version Control, Speed, and Reduced Human Error.

4. How do you secure a CI/CD pipeline?

Answer:

  • Secrets Management: Never store credentials in git. Use tools like HashiCorp Vault, AWS Secrets Manager, or GitHub Secrets.
  • Least Privilege: The CI/CD runner should only have the permissions necessary to deploy (e.g., it shouldn't have admin access to the entire cloud account).
  • Static Analysis (SAST): Run security scans on the code during the build process.
  • Image Scanning: Scan Docker images for vulnerabilities before pushing to the registry.

5. What is a "Self-Hosted Runner"?

A self-hosted runner is a machine (VM or container) that you manage and maintain to run your CI/CD jobs, instead of using the cloud provider's shared runners.

Use Cases:

  • Security: You need to deploy to a private network that is not accessible from the public internet.
  • Performance: You need specialized hardware (GPU) or more powerful specs than the standard runners.
  • Cost: For very high volume pipelines, it might be cheaper.

6. What is GitOps?

GitOps is a set of practices where the entire state of your infrastructure and applications is defined in a Git repository.

Workflow:

  1. Developer pushes a change to the Git repo (e.g., updating a Docker image tag in a YAML file).
  2. An automated operator (like ArgoCD or Flux) running in the cluster detects the divergence between Git and the live cluster.
  3. The operator automatically syncs the cluster to match the state defined in Git.

Key Benefit: Git becomes the "Single Source of Truth".

7. Explain the concept of "Immutable Infrastructure".

Definition: Once a server (or container) is deployed, it is never modified. If you need to update it, you replace it with a new version.

Old Way (Mutable): SSH into a server, run `apt-get update`, edit config files. Leads to "Configuration Drift" and "Snowflake Servers".

New Way (Immutable): Build a new VM image (AMI) or Docker image with the updates baked in. Terminate the old instance and launch the new one.

8. What is a "Pipeline as Code"?

Defining your build, test, and deploy steps in a file (usually YAML) that is stored in the same repository as your source code.

Examples: `.gitlab-ci.yml`, `Jenkinsfile`, `.github/workflows/main.yml`.

Benefits: The pipeline is versioned with the code. You can test changes to the pipeline in a separate branch before merging.

Next: Terraform Interview Questions →