Kubernetes/OpenShift Interview Questions - Containerization

1. How packet flows from one namespace to another namespace service
2. Taints Tolerations and Node selector, how according to memory taints and Tolerations or node selector can be put to node for pod schedule 
3. What are Deployment strategies
4. What are Canary and Blue green deployment
5. Difference in HTTP and HTTPS protocol
6. Difference in TCP and UDP Protocol
7. Difference in Application firewall and network firewall
8. Difference in Soft link and hard link
9. What are System calls ? 
10. What are Static pod and why needed in Kubernetes ? Examples of Static pod
------- Static Pods are managed directly by the kubelet daemon on a specific node, without the API server observing them. Static Pods are always bound to one Kubelet on a specific node.
11. What is Heapster in Kubernetes
------ Heapster is a cluster-wide aggregator of monitoring and event data. 
It currently supports Kubernetes natively and works on all Kubernetes setups. 
Heapster runs as a pod in the cluster. The Heapster pod discovers all nodes in the cluster and queries usage information from the nodes' Kubelets, the on-machine Kubernetes agent.
12. What are different types of Storage classes in Kubernetes
------- Gold, thin, standard, slow, fast, bronze
13. Can we change service type and if yes then will it affect the cluster internal communications
14. What is the default protocol in service when we create if we don't define the protocol
15. Different types of Secret
------- Opaque, basic-auth, service-account-token, dockercfg, tls
16. How can we use the secret which is stored in a cloud storage/secret service
------- If K8s is already built on the same Cloud where the secret is present then we can pull the secret from the cloud first and then create the secret
17. Difference in Configmap and secret
------- Configmap is to store the confguration in key value pair of the application pod, and secret is to store the credentials in base64 encryption
18. Patching of RHEL 7 if the node is running pods
19. What are the default secrets that are created
20. What is Sidecar container and what is the use of it
21. What are all the Default namespaces when we install the Kubernetes
22. Command to create Kubernetes cluster
23. If we have ingress and external load balancer is there any limitation with ingress in terms of load balancing which requires an external load balancer
24. If we have minikube or Kubernetes Cluster locally, how can we access the services from our local system without externally exposing the service
25. When there are resources and wanted to delete namespace but it stucks in terminating state, what is the thing which stucks and why.
26. Finalizer is for the resources or its associated with namespace only
27. Bootstrapping concept, why the bootstrapping needed
28. Concept of CSR certificates and why they come for approval
29. What is ingress and how certificates works with ingress
30. Difference between limit and limit range
31. What are the Kube state metrics in Kubernetes
-------- kube-state-metrics, a project under the Kubernetes organization, generates Prometheus format metrics based on the current state of the Kubernetes native resources. It does this by listening to the Kubernetes API and gathering information about resources and objects, e.g. Deployments, Pods, Services, and StatefulSets
The metrics are exported on the HTTP endpoint /metrics on the listening port (default 8080). They are served as plaintext.
32. Difference between Entrypoint and CMD in Dockerfile
33. How you copy a directory in a dockerfile while creating an image
34. What are the admission controllers
35. What are the types of Controllers in kubernetes
------- Node Controller, Replication controller, job controller, Endpoints controller, Service Account & Token controllers
36. How to troubleshoot the issue with one etcd if its not able to sync the data with other etcd
37. How to restore etcd
38. What happens when you delete a pod
39. How pod/object created in kubernetes
40. How the kube-scheduler works in kubernetes
41. What is the use of having multicontainer in a pod
42. What are the types of services in Kubernetes
43. What is custom resource definition
44. What is kubernetes operators and why we need it
45. What does helm template command does
46. What is liveness and readiness probe
47. Can we provide the same path /healthz for both liveness and readiness
48. What are major differences in Kubernetes and OpenShift
49. What is Crashloopbackoff and Imagepullback error issues of the pod
------ Imagepullback - image tag issue and if the image is not present in Quay/registry, The image registry requires authentication (we create image pull secret)
Crashloopbackoff - due to overutilization of PVC, due to change in the value of secret or the configuration of the application, node issue, in multicontainer pod case both the containers are running on same port, due to Liveness and readiness issue (We need to check the value of initialDelaySeconds, periodSeconds, timeoutSeconds & failureThreshold and change accordingly)
50. If liveness probe fails, will pod fails to run and if it fails what will be the error and state of the pod
51. If the situation comes when the running pod with 1/1 went down to 0/1 what will be the issue and how to troubleshoot
52. If one master node went down, will it maintain high availability with 2 master nodes
53. Why 3 master nodes or master nodes in odd numbers are required for high availability
54. If 3 master nodes maintain the high availability then why can't 2 master nodes maintain the high availability
55. Difference between clusterole and role
56. What is clusterrolebinding and rolebinding for
57. What is GitOps and Why is needed to have a GitOps model
58. What are the tools used for Continuous Deployment in GitOps model
59. Difference between flux and ArgoCD
60. Difference between Jenkins and Tekton
61. How Prometheus works
62. What is Fluentd
63. Build the application deployment architecture with Apache webserver, springboot middleware, mysqldb
64. What needs to be done to make apache webserver communicate to springboot middleware only and not with mysqldb
65. What is the reason for the Pod to get into pending state
----- If the nodeselector is defined and the node is not available or in NotReady state, resource utilization is high, limit and requests are more than availability of the resources, due to taint & tolerations
66. What are all the pod restart policies  in pod specs
--- 
always - always restart the
never - once the process is deleted it not restart the pod/container again
onfailure -   
67. Difference between deployment and deploymentconfig in OpenShift
68. Explain Kubernetes/Openshift architecture
69. What is the reason to get the PVC in pending state
---- due to access mode missmatch or its not getting the exact mentioned PV/storageclass, PVC claim missmatch
70. What are the Access modes in Persistent Volume
----- ReadWriteMany, Readwriteonce, Readonlymany
71. What is the function of the nodeController
------ Node controller function is to check the health of the node in every 5 sec, before marking the node unreachable it will wait for 40 sec and it will give 5 minute for the node to come up.
72. How to expand PVC which is provisioned through storageclass
------ Allowvolumeexpansion should be true in storage class to expand the PVC size
73. How to expand PVC with staticPV
------ Create one container and mount the old pvc to that container, then create new pvc and mount it to the same pod then using rsync migrate the data from old PVC to new PVC
74. What are the Reclaiming policies in Persistent Volume:
------ 
Retain - POD and PVC delete then the status of PV is released and then we have to delete manually
Delete - PV and PVC gets deleted as well as storage asset in Cloud Infra such as AWS EBS.
Recycle - deprecated
75. What is the range of nodeport
------- nodeport range = 30000 - 32767
76. What are the Two ways to call the secret and configmap in Pod YAML
--------
1. To pass the configmap and secret in pod YAML as valueFrom
2. Volume mounts to mount the configmap and secret as volumes
77. What is Service account
-------- Service accounts provide a flexible way to control API access without sharing a regular user’s credentials. Service accounts are for processes, which run in pods.
Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).
78. What are PostStart and prestop hooks
79. How to add repo in helm
80. What is Helm template
81. How to schedule a Jenkins job
82. If a pod is in terminated state will it get the traffic
83. How to manage the traffic that is coming to the pod before the pod gets terminated
84. What is terminationGracePeriod
85. How does a pod gets created and terminated
86. Explain Kubernetes Architecture
87. What is imagestream in OpenShift
------ An imagestream provide an abstraction for referencing container images from within OpenShift Container Platform. The imagestream and its tags allow you to see what images are available and ensure that you are using the specific image you need even if the image in the repository changes. Imagestreams do not contain actual image data, but present a single virtual view of related images, similar to an image repository.

Comments

Popular posts from this blog

DevOps Interview Questions

Calico Certified Operator: AWS Expert Questions & Answers

CKAD Certification Exam Preparation Guide and Tips