Top Kubernetes Interview Questions and Answers
This section covers frequently asked Kubernetes interview questions, focusing on its architecture, core components, and key concepts related to container orchestration.
What is Kubernetes?
Kubernetes (often shortened to K8s) is an open-source platform for automating deployment, scaling, and management of containerized applications across clusters of machines. It simplifies deploying and managing applications in a distributed environment.
Uses of Kubernetes
Kubernetes simplifies the management of containerized applications. It handles tasks like scheduling containers onto nodes, managing resources, scaling applications up or down based on demand, and ensuring high availability.
Creator of Kubernetes
Kubernetes was originally developed by Google and is now maintained by the Cloud Native Computing Foundation (CNCF).
What are K8s?
K8s is simply a shorthand for Kubernetes.
Kubernetes Development Goals
The primary goal was to create a platform for automating the deployment, scaling, and management of containerized applications across clusters of hosts.
Orchestration in Software and DevOps
Orchestration in DevOps means automating and managing the interactions between multiple services. In Kubernetes, it's automating the deployment and management of containers across a cluster.
Docker and Kubernetes
Docker creates and manages individual containers. Kubernetes orchestrates and manages multiple containers across a cluster of machines. They often work together—Docker creates the containers, and Kubernetes manages them.
Docker Swarm vs. Kubernetes
| Feature | Docker Swarm | Kubernetes |
|---|---|---|
| Setup Complexity | Easier | More complex |
| Cluster Robustness | Less robust | More robust |
| Auto-scaling | Limited | Advanced |
| Scaling Speed | Faster | Slower |
| GUI | No built-in GUI | Provides a dashboard |
| Load Balancing | Automatic | Requires manual configuration |
| Logging and Monitoring | Requires third-party tools | Integrated tools |
| Storage | Easy to share volumes across containers | Storage volumes are shared within pods |
| Rollbacks | No automatic rollbacks | Supports automatic rollbacks |
Kubernetes Nodes
A node in Kubernetes is a worker machine (physical or virtual) in the cluster. Nodes run containers and communicate with the master node. They are interchangeable, increasing system reliability.
Kube-scheduler
The kube-scheduler is responsible for assigning pods (groups of containers) to nodes in the cluster based on resource availability and other constraints.
Daemon Sets
Daemon sets ensure that a pod runs on every node in the cluster. They're often used for system-level tasks like monitoring or logging.
Heapster
Heapster is a tool for collecting and visualizing metrics from Kubernetes clusters. It aggregates data from various sources to provide performance insights.
Reasons for Using Kubernetes
- Works on various infrastructures (on-premises, cloud).
- Avoids vendor lock-in.
- Allows for zero-downtime deployments and updates.
Kubernetes Node Status
A node's status includes its address, conditions (ready, not ready, etc.), capacity (resources available), and other information.
Kubernetes Network Policies
Network policies control network traffic within a Kubernetes cluster. They specify which pods can communicate with each other.
Process on the Master Node
The kube-apiserver runs on the master node. It's the main control plane component, handling all API requests.
Kubernetes and Distributed Systems
Kubernetes is well-suited for managing applications in distributed systems, providing a consistent platform for managing and deploying these applications across multiple machines.
Kubernetes Controller Manager
The controller manager is a daemon process running on the master node. It handles various control loops (like managing replication controllers and services) and performs essential cluster management tasks.
Namespaces in Kubernetes
Namespaces provide a way to logically separate resources within a cluster. This allows multiple teams or users to share the same cluster without interfering with each other's resources.
Pods in Kubernetes
Pods are the smallest deployable units in Kubernetes. They wrap one or more containers, sharing resources and a network namespace. Containers within a pod can communicate easily with each other.
Kube-scheduler's Role
The kube-scheduler assigns pods to nodes based on resource constraints and other factors.
Clusters in Kubernetes
A Kubernetes cluster is a collection of nodes working together to run applications. The cluster provides a shared pool of resources.
Types of Controller Managers
- Endpoints controller
- Service accounts controller
- Namespace controller
- Node controller
- Replication controller
- ResourceQuota controller
- Service controller
- Token controller
Google Container Engine (GKE)
GKE is Google Cloud Platform's managed Kubernetes service.
Disadvantages of Kubernetes
- Complexity
- Security concerns
- Cost
- Learning curve
Kubelet
The kubelet is an agent running on each node in the cluster. It communicates with the master and manages pods on the node.
NodePort Service
A NodePort service exposes a service on a static port on each node in the cluster, allowing external access.
Cluster IP
A ClusterIP service is accessible only from within the Kubernetes cluster.
Kubernetes Services
- ClusterIP
- NodePort
- LoadBalancer
- ExternalName
Ingress Network
An Ingress network manages external access to services within a Kubernetes cluster using rules defined in Ingress resources.
Kubernetes Architecture
Kubernetes is a powerful container orchestration platform designed to automate the deployment, scaling, and management of containerized applications. Its architecture is based on a master-worker model. Below is a diagram and explanation of the main components of a Kubernetes cluster:
Diagram: Kubernetes Cluster Architecture
Main Components of Kubernetes
Master Node
The master node is responsible for managing the Kubernetes cluster. It houses the control plane components that make cluster-level decisions and manage workloads.
- Kube-apiserver: The main entry point to the control plane. It provides a REST API for interaction with the cluster.
- Scheduler: Responsible for assigning pods to worker nodes based on resource requirements and constraints.
- Controller Manager: Ensures that the desired state of the cluster is maintained (e.g., replacing failed pods).
- etcd: A distributed key-value store that holds all cluster data, such as configuration, state, and metadata.
Worker Nodes
Worker nodes run the application workloads. Each worker node communicates with the master node and provides the runtime environment for containers.
- Kubelet: An agent that runs on each worker node, ensuring that containers are running in a pod.
- Kube-proxy: A network proxy that manages network communication within and outside the cluster.
- Containers: The actual application workloads running inside pods on the worker nodes.
Additional Concepts
- Pod: The smallest deployable unit in Kubernetes, typically consisting of one or more containers.
- Cluster: A group of nodes (master and worker) that work together to run applications.
- Namespace: A virtual cluster within a physical cluster to isolate resources and workloads.
How Kubernetes Ensures Scalability and Resilience
- Auto-scaling: Automatically adjusts the number of pods based on load and resource usage.
- Self-healing: Automatically replaces or restarts failed containers to ensure the desired state is maintained.
- Load balancing: Distributes network traffic across pods to optimize resource utilization.
Kubelet
The kubelet is an agent that runs on each node in a Kubernetes cluster. It communicates with the Kubernetes master to receive instructions and manages the pods running on that node. It ensures that the containers specified in the pod definitions are running and healthy.
Docker Containers in Kubernetes
Docker containers are the runtime units that execute within pods in a Kubernetes cluster.
Pods
Pods are the smallest deployable units in Kubernetes. A pod can contain one or more containers that share resources and a network namespace.
Kube-proxy
Kube-proxy is a network proxy and load balancer that runs on each node. It directs traffic to the correct containers based on the service definitions and IP addresses/ports.
Kubectl
Kubectl is the command-line tool for interacting with and managing Kubernetes clusters. It's essential for all Kubernetes-related operations.
Google Kubernetes Engine (GKE)
GKE (Google Kubernetes Engine) is Google Cloud Platform's managed Kubernetes service. It simplifies deploying and managing Kubernetes clusters in Google Cloud.
Daemon Set vs. Deployment vs. Replication Controller
| Component | Daemon Set | Deployment | Replication Controller |
|---|---|---|---|
| Purpose | Run one pod per node | Declarative updates and rollouts | Maintain a specified number of pods |
| Features | No advanced features | Health checks, rollbacks, rollouts | Basic pod management; less robust |
Load Balancers in Kubernetes
Load balancers distribute incoming network traffic across multiple pods, improving performance and high availability. They ensure that requests are evenly distributed among available instances of a service.
Running Kubernetes Locally
Minikube is a tool for running a single-node Kubernetes cluster locally on your machine (in a virtual machine). This is useful for learning and testing.
Sidecar Containers
A sidecar container runs alongside a main container in a pod. It provides support services (like logging, monitoring, or specialized tasks) without directly interfering with the main application container.
Headless Services
Headless services provide access to the underlying pods in a service without a virtual IP address or load balancing. The client connects directly to the pods.
Main Kubernetes Objects
- Pods
- Replication controllers and sets
- Jobs and CronJobs
- Daemon sets
- Deployments
- Stateful sets
- Services
- Namespaces
- Persistent volumes
- ConfigMaps
- Secrets
Types of Pods
- Single-container pods
- Multi-container pods
Prometheus in Kubernetes
Prometheus is a popular monitoring and alerting system for Kubernetes. It collects metrics from applications and the cluster itself, providing real-time insights into system performance.
Replica Sets vs. Replication Controllers
Both manage the desired number of pod replicas. Replica sets use set-based selectors; replication controllers use equality-based selectors.
Set-Based vs. Equality-Based Selectors
| Selector Type | Description |
|---|---|
| Equality-Based | Matches pods with specific label key-value pairs. |
| Set-Based | Matches pods that have any of the specified key-value pairs. |
Recommended Security Measures for Kubernetes
- Resource quotas
- Auditing
- Restricting etcd access
- Regular security updates
- Network policies
- Regular vulnerability scanning
- Using trusted container images
Static IP for Kubernetes Load Balancers
You typically configure this by modifying the DNS records or using cloud provider-specific features to assign a static IP address to your load balancer.
kube-apiserver and kube-scheduler
The kube-apiserver manages the Kubernetes API; it's the central control point. The kube-scheduler is responsible for assigning pods to nodes.
Minikube
Minikube is a tool for running a single-node Kubernetes cluster locally for development and testing.
Important kubectl Commands
[List and briefly describe some commonly used kubectl commands (e.g., get, describe, apply, delete, create, rollout).]
Labels in Kubernetes
Labels are key-value pairs attached to Kubernetes objects (pods, services, etc.). They're used for selecting and grouping objects.
Replication Controller Objectives
- Manages pod lifecycle
- Maintains the desired number of replicas
- Monitors pod health
- Allows for scaling
Sematext Docker Agent
The Sematext Docker Agent is a containerized tool for collecting logs, metrics, and events from Docker containers and Kubernetes nodes.
Persistent Volumes
Persistent volumes provide persistent storage that's independent of pods. This ensures data survives even if the pod is deleted or rescheduled.
Node Sizes in a Cluster
Nodes in a Kubernetes cluster don't have to be the same size; a mix of sizes can optimize resource utilization.
ContainerCreating Pods
A ContainerCreating pod is in a transitional state; it's been scheduled but hasn't started its containers yet.
Types of Kubernetes Volumes
[List the different types of Kubernetes volumes, including EmptyDir, HostPath, PersistentVolumeClaim, and cloud provider-specific volumes.]
Secrets in Kubernetes
Secrets are Kubernetes objects for securely storing sensitive information (passwords, API keys, etc.).
OpenShift
OpenShift is Red Hat's container platform built on Kubernetes.
K8s
K8s is an abbreviation for Kubernetes.
Federated Clusters
Federated clusters are multiple Kubernetes clusters managed as a single unit.
Kubernetes Volumes vs. Docker Volumes
| Volume Type | Kubernetes Volumes | Docker Volumes |
|---|---|---|
| Scope | Cluster-level; can be shared across multiple pods | Container-level; specific to a single container |
Kubernetes Volumes vs. Docker Volumes
| Feature | Kubernetes Volumes | Docker Volumes |
|---|---|---|
| Scope | Cluster-wide; can be shared across pods | Specific to a single container within a pod |
| Persistence | Can be persistent | May or may not be persistent |
API Security in Kubernetes
Securing the Kubernetes API is crucial. Methods include:
- Configuring appropriate authentication methods for the kube-apiserver.
- Using authorization (e.g., RBAC - Role-Based Access Control) to restrict access to resources.
- Regular security audits and vulnerability scanning.
Persistent Volume Claims (PVCs)
A Persistent Volume Claim (PVC) is a request for storage by a pod. It abstracts away the underlying storage provision. A pod requests storage via a PVC without needing to know the specifics of where the storage is located.
Container Resource Monitoring
Container resource monitoring tracks the performance and resource utilization (CPU, memory, network, etc.) of containers and other Kubernetes components. This is vital for performance tuning and troubleshooting.
Container Resource Monitoring Tools
- Heapster: Collects metrics from containers and pods.
- InfluxDB: A time-series database for storing metrics.
- Grafana: A visualization tool for monitoring data.
- CAdvisor (Container Advisor): A built-in kubelet tool for monitoring containers.
- Prometheus: A CNCF project for monitoring and alerting.