Kubernetes
Pods, services, deployments, probes, scaling, and orchestration.
What is the difference between a Deployment and a StatefulSet?
Deployment is for stateless apps, while StatefulSet is for workloads that need stable identity and storage.
What is the difference between a ConfigMap and a Secret in Kubernetes?
ConfigMap stores non-sensitive configuration, while Secret stores sensitive data.
What are the main Kubernetes Service types?
The common Service types are ClusterIP, NodePort, and LoadBalancer.
What happens when a pod crashes in Kubernetes?
Kubernetes tries to restart or replace the pod based on its controller.
What is an Ingress in Kubernetes?
Ingress is a way to route external HTTP/HTTPS traffic to services inside the cluster.
What is the difference between liveness probe and readiness probe?
Liveness checks if a container should be restarted, while readiness checks if it can receive traffic.
What is a DaemonSet in Kubernetes?
A DaemonSet ensures that a copy of a pod runs on each node or a selected set of nodes.
What is a namespace in Kubernetes?
A namespace is a logical partition inside a Kubernetes cluster.
Why are resource requests and limits important in Kubernetes?
They help the scheduler place pods correctly and prevent workloads from consuming uncontrolled resources.
What is Horizontal Pod Autoscaler (HPA)?
HPA automatically scales pods based on metrics like CPU or memory.
What is CrashLoopBackOff?
CrashLoopBackOff means a container is repeatedly crashing and restarting.
How does service discovery work in Kubernetes?
Kubernetes uses DNS to allow pods to communicate using service names.
How do you inject configuration into a pod?
Using environment variables, ConfigMaps, or mounted volumes.
What is a Pod in Kubernetes?
A Pod is the smallest deployable unit in Kubernetes and usually contains one or more containers.
What is a Deployment in Kubernetes?
A Deployment manages stateless application replicas and rolling updates.
What is a ReplicaSet?
A ReplicaSet ensures that a specified number of identical Pods are running.
What is a Service in Kubernetes?
A Service provides stable networking access to a set of Pods.
What is ClusterIP service type?
ClusterIP exposes a service only inside the Kubernetes cluster.
What is NodePort service type?
NodePort exposes a service on a static port on each Kubernetes node.
What is LoadBalancer service type?
LoadBalancer exposes a service externally through a cloud provider load balancer.
What is etcd in Kubernetes?
etcd is the key-value store that holds cluster state and configuration.
What does kube-apiserver do?
kube-apiserver is the main entry point for managing Kubernetes resources.
What does kube-scheduler do?
kube-scheduler decides on which node a Pod should run.
What is kube-controller-manager?
It runs controllers that continuously reconcile the actual cluster state with the desired state.
What is kubelet?
kubelet is the agent running on each node that manages Pods and containers there.
What is a container runtime in Kubernetes?
A container runtime is the software that actually runs containers on a node.
What are labels and selectors in Kubernetes?
Labels are key-value metadata, and selectors are used to match resources by labels.
What is a rollout in Kubernetes?
A rollout is the process of gradually applying an update to a Deployment or similar resource.
How does rollback work in Kubernetes?
Rollback restores a previous Deployment revision if an update causes issues.
What is a rolling update in Kubernetes?
A rolling update replaces old Pods with new Pods gradually instead of all at once.
How is persistent storage handled in Kubernetes?
Persistent storage is handled through PersistentVolumes and PersistentVolumeClaims.
What is the difference between PV and PVC?
A PV is the storage resource, while a PVC is a request for storage.
What is a StorageClass?
A StorageClass defines how dynamic storage should be provisioned.
What are taints and tolerations?
Taints keep Pods away from nodes, while tolerations allow specific Pods to be scheduled there.
What is node affinity in Kubernetes?
Node affinity controls which nodes a Pod prefers or requires for scheduling.
What is a NetworkPolicy in Kubernetes?
A NetworkPolicy controls traffic allowed between Pods and namespaces.
How are Secrets used in Kubernetes?
Secrets store sensitive values and can be mounted as files or injected as environment variables.
What are init containers?
Init containers run before the main application containers start.
What is a sidecar container pattern?
A sidecar is a helper container running alongside the main application container in the same Pod.
What is a ResourceQuota?
A ResourceQuota limits how much CPU, memory, storage, or object count a namespace can consume.
What is a LimitRange?
A LimitRange sets default or maximum/minimum resource values for containers in a namespace.
What is RBAC in Kubernetes?
RBAC controls who can perform which actions on Kubernetes resources.
What is the difference between Role and ClusterRole?
A Role is namespace-scoped, while a ClusterRole can apply cluster-wide.
What is the difference between a Job and a CronJob?
A Job runs a task once until completion, while a CronJob runs tasks on a schedule.
What does OOMKilled mean in Kubernetes?
OOMKilled means a container was terminated because it exceeded its memory limit.
What is the control plane in Kubernetes?
The control plane manages the cluster and maintains its desired state.
What is a worker node in Kubernetes?
A worker node is a machine that runs application workloads in the cluster.
What is the difference between Ingress and Service?
A Service exposes Pods, while an Ingress provides HTTP/HTTPS routing to Services.
What happens if a readiness probe fails?
The Pod stays running, but it is removed from service endpoints and stops receiving traffic.
What happens if a liveness probe fails?
Kubernetes restarts the container because it is considered unhealthy.
What does ImagePullBackOff mean?
ImagePullBackOff means Kubernetes cannot pull the requested container image.
Do Pods automatically restart when a ConfigMap changes?
No, Pods do not automatically restart just because a ConfigMap changes.
What are topology spread constraints in Kubernetes?
They help distribute Pods evenly across nodes, zones, or other topology domains.
What is a PodDisruptionBudget?
A PodDisruptionBudget limits how many Pods can be voluntarily disrupted at once.
What is a headless Service?
A headless Service is a Service without a cluster IP, often used for direct Pod discovery.
What is the difference between cordon and drain?
Cordon marks a node unschedulable, while drain also evicts running Pods from it.
What is an admission controller in Kubernetes?
An admission controller intercepts API requests to validate or mutate Kubernetes objects before they are stored.
What is an Operator in Kubernetes?
An Operator is software that extends Kubernetes to manage complex applications automatically.
What is a CustomResourceDefinition (CRD)?
A CRD lets you add your own custom resource types to Kubernetes.
What is pod eviction in Kubernetes?
Eviction is the process of removing Pods from a node due to policy or resource pressure.
What is cert-manager commonly used for in Kubernetes?
cert-manager automates certificate issuance and renewal in Kubernetes.
What are the first steps to debug a failing Pod?
Check pod status, describe the pod, inspect logs, and verify recent configuration changes.