Kubernetes Interview Questions

• Pod vs Deployment vs StatefulSet? Pod: smallest unit, one or more containers. Deployment: manages replicated stateless Pods, rolling updates. StatefulSet: for stateful apps (DB) — stable network IDs, ordered deployment, persistent storage per replica

• How does service discovery work? kube-dns resolves service names to ClusterIP. Services route to Pods via label selectors. Type ClusterIP (internal), NodePort (node IP:port), LoadBalancer (cloud LB), ExternalName (DNS alias)

• Liveness vs readiness probes? Liveness: is container alive? Failure → restart. Readiness: is container ready for traffic? Failure → remove from Service endpoints (no traffic). Use startup probe for slow-starting apps to prevent premature liveness restarts

• How does HPA work? HorizontalPodAutoscaler watches metrics (CPU, memory, custom). Adjusts Deployment replicas between min and max. Metrics via metrics-server. For event-driven scaling, use KEDA (e.g., scale on queue depth)

• ConfigMap vs Secret? ConfigMap: non-sensitive config (env vars, config files). Secret: sensitive data (passwords, tokens) — base64 encoded (not encrypted by default). Encrypt Secrets at rest with KMS envelope encryption in production

• Rolling update vs Recreate strategy? RollingUpdate (default): gradually replaces old Pods — zero downtime, but both versions run simultaneously. Recreate: kills all old Pods then creates new — brief downtime, no version coexistence. Use for incompatible schema changes

• What is a namespace? Virtual cluster within a cluster — resource isolation, access control, quota enforcement. Common: default, kube-system, production, staging. Resources in different namespaces communicate via FQDN: service.namespace.svc.cluster.local