Kubernetes (K8s) Interview Questions

Mastering orchestration, pods, services, and troubleshooting.

1. What is a Pod in Kubernetes?

A Pod is the smallest deployable unit in Kubernetes. It represents a single instance of a running process in your cluster.

  • Usually contains one container (e.g., your app).
  • Can contain multiple tightly coupled containers (sidecars) that share storage and network (localhost).
  • Pods are ephemeral; they are created and destroyed, not "restarted" in place.

2. Explain the difference between a Deployment and a StatefulSet.

  • Deployment: Best for stateless applications (e.g., web servers). Pods are interchangeable. If one dies, it's replaced by a new, identical one with a random name hash.
  • StatefulSet: Best for stateful applications (e.g., databases). Pods have sticky identities (web-0, web-1) and stable network IDs. Volumes persist even if the Pod is rescheduled.

3. What is a Service and what are the types?

A Service is an abstraction that defines a logical set of Pods and a policy to access them (load balancing).

  • ClusterIP (default): Exposes the service on an internal IP. Only accessible within the cluster.
  • NodePort: Exposes the service on each Node's IP at a static port.
  • LoadBalancer: Exposes the service externally using a cloud provider's load balancer.
  • ExternalName: Maps the service to the contents of the `externalName` field (e.g., `foo.bar.example.com`).
  • Headless Service: Does not provide a cluster IP. Used for direct Pod-to-Pod communication.

4. How does Kubernetes handle configuration and secrets?

  • ConfigMaps: Store non-confidential data in key-value pairs. Can be consumed as environment variables, command-line arguments, or configuration files in a volume.
  • Secrets: Similar to ConfigMaps but intended for sensitive data (passwords, tokens, keys). Data is stored base64 encoded (not encrypted by default, though encryption at rest can be enabled).

4. What is Ingress?

Ingress manages external access to the services in a cluster, typically HTTP/HTTPS. It can provide load balancing, SSL termination, and name-based virtual hosting.

Unlike a Service (Layer 4), Ingress operates at Layer 7 (Application Layer).

5. Explain Liveness vs. Readiness Probes.

  • Liveness Probe: "Is the container alive?" If it fails, Kubernetes kills the container and restarts it. Use this to catch deadlocks.
  • Readiness Probe: "Is the container ready to accept traffic?" If it fails, Kubernetes removes the Pod from the Service's endpoints (stops sending traffic). Use this while the app is warming up (loading cache, DB connection).

6. How do you debug a crashing Pod?

Scenario: A Pod is in `CrashLoopBackOff`.

  1. kubectl describe pod [pod-name]: Check events (OOMKilled, ImagePullBackOff).
  2. kubectl logs [pod-name]: Check application logs.
  3. kubectl logs [pod-name] --previous: Check logs of the previous instance that crashed.

7. What is a DaemonSet?

A DaemonSet ensures that all (or some) Nodes run a copy of a Pod. As nodes are added to the cluster, Pods are added to them. As nodes are removed, those Pods are garbage collected.

Use Cases: Log collection daemons (Fluentd), node monitoring daemons (Prometheus Node Exporter).

8. What are Taints and Tolerations?

They work together to ensure that pods are not scheduled onto inappropriate nodes.

  • Taint: Applied to a Node. "I do not accept any pods that do not tolerate this taint." (e.g., `kubectl taint nodes node1 key=value:NoSchedule`)
  • Toleration: Applied to a Pod. "I can be scheduled on a node with this taint."
Back: Docker Questions Next: CI/CD Questions