A focused set of Kubernetes interview questions with concise, correct answers, covering the control plane, pods, deployments, services, networking, storage, and troubleshooting. Useful for interview prep or screening candidates.
What is Kubernetes? An open-source platform for automating deployment, scaling, and management of containerized applications across a cluster of machines.
What are the main components of the control plane?
- kube-apiserver, the front door; all operations go through it.
- etcd, distributed key-value store holding all cluster state.
- kube-scheduler, assigns pods to nodes.
- kube-controller-manager, runs controllers that drive actual state toward desired state.
What runs on each worker node?
- kubelet, agent that runs pods and reports status.
- kube-proxy, handles pod networking and service routing.
- container runtime, containerd/CRI-O that actually runs containers.
What is the difference between desired state and current state? You declare desired state (manifests); controllers continuously reconcile the current state to match it. This reconciliation loop is the heart of Kubernetes.
What is a Pod? The smallest deployable unit, one or more containers sharing network and storage. You rarely create pods directly; controllers manage them.
Pod vs Deployment vs ReplicaSet? A Deployment manages ReplicaSets, which manage Pods. The Deployment gives you declarative updates, rollouts, and rollbacks. You almost always use Deployments.
What is a StatefulSet? Like a Deployment but for stateful apps, gives pods stable network identities and persistent storage (databases, queues).
What is a DaemonSet? Ensures a copy of a pod runs on every (or selected) node, used for log collectors, monitoring agents, network plugins.
Deployment vs Job vs CronJob? Deployment = long-running services. Job = run-to-completion tasks. CronJob = scheduled Jobs.
How do pods communicate? Every pod gets its own IP; pods can reach each other directly within the cluster network (the CNI plugin implements this).
What is a Service and why is it needed? Pods are ephemeral with changing IPs. A Service gives a stable virtual IP and DNS name that load-balances across matching pods.
Service types?
- ClusterIP, internal only (default).
- NodePort, exposes a port on every node.
- LoadBalancer, provisions an external load balancer (cloud).
- ExternalName, maps to an external DNS name.
What is an Ingress? An API object that manages external HTTP/HTTPS access, routing by host/path to services, typically backed by an ingress controller (nginx, Traefik).
ConfigMap vs Secret? Both inject configuration into pods. ConfigMaps hold non-sensitive data; Secrets hold sensitive data (base64-encoded, can be encrypted at rest).
What is a PersistentVolume (PV) and PersistentVolumeClaim (PVC)? A PV is a piece of cluster storage; a PVC is a request for storage by a pod. The claim binds to a matching volume, decoupling pods from storage details.
What are namespaces? Virtual clusters within a cluster, used to isolate teams/environments and scope resource quotas.
What is the difference between liveness and readiness probes? Liveness restarts a container that's stuck. Readiness controls whether a pod receives traffic. A pod can be alive but not ready.
What is the Horizontal Pod Autoscaler (HPA)? Automatically scales the number of pod replicas based on CPU/memory or custom metrics.
What are requests and limits? Requests are guaranteed resources used for scheduling; limits cap usage. Exceeding a memory limit gets the container OOM-killed.
How do rolling updates work?
Deployments replace pods gradually (controlled by maxSurge/maxUnavailable) so there's no downtime. kubectl rollout undo reverts.
A pod is stuck in Pending, why?
Usually no node has enough resources, an unschedulable taint, or an unbound PVC. Check kubectl describe pod.
CrashLoopBackOff, what does it mean?
The container keeps starting and crashing. Check kubectl logs --previous and the liveness probe / command.
ImagePullBackOff?
Kubernetes can't pull the image, wrong name/tag, private registry without credentials, or rate limits.
| Topic | Can they explain… |
|---|---|
| Control plane | apiserver, etcd, scheduler, controllers |
| Reconciliation | desired vs current state |
| Workloads | Deployment vs StatefulSet vs DaemonSet |
| Services | ClusterIP/NodePort/LoadBalancer + Ingress |
| Probes | liveness vs readiness |
| Troubleshooting | Pending / CrashLoopBackOff / ImagePullBackOff |
Maintained by the team at EchoGlobal. Hiring Kubernetes talent? See our curated lists of Top Kubernetes Developers, Top Docker Developers, and Top DevOps Engineers on GitHub, or hire pre-vetted engineers in days.