Kubernetes Interview Questions Answers (From Container Specialist) | Moderate to Advanced

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello guys and girls raj here back with another video so kubernetes is super hot right now in job market so in this video we are going to go over some kubernetes interview questions and answers uh i have given timestamps with the video for your viewing convenience so let's jump into it so the questions we are going to cover is how do you automate kubernetes deployment how do you secure kubernetes application how do you cost or performance optimize kubernetes app tell me about a challenge you face in kubernetes application how do you scale kubernetes and how do you expose a kubernetes microservice to consumers and do you have to use kubernetes uh to run your containerized app for each of these questions i'm going to give you like a real-world tip that you can say that so the interview interviewer will understand that you actually worked in kubernetes and not just uh learn from theory uh so what about the basic questions uh like what is kubernetes what is content orchestrator etc so for those i'm gonna give some video links in the description check them out for those basic questions with that being said let's jump into question number one so first question is how do you automate kubernetes deployment uh so the important thing to realize here is to understand the devops flow for kubernetes uh so let's say developer checks in the application code into the code repository and then somehow you have to dockerize that application code create a container image and put that container image into a container emails repository from there you have to deploy the container image at a kubernetes cluster where the image will run as a container the first part is called the build and the next part is called deploy so keeping this in mind what you need to do is let's say you put your code in the git such as code repo as in github now you need to have a tool where you can run commands because if you think about it at the end of the day when you say you dockerize something all you are doing is running your docker file right so you need a tool that will allow you to run those commands after that you save the container image into the container image repository and for deployment again you need another tool to run commands so how do you deploy into kubernetes cluster so either you use a helm or you can use direct commands like cube ctl apply right so on the deploy phase as well you need a mechanism which will allow you to run this so if you transform these requirements into actual stack so how it would look like is a developer putting code into code repo such as git and then you need tools like either jenkins code build or gitlab which will allow you to dockerize it after you put it put the container image into the repository again you can use jenkins code build gitlab which will let you run helm commands or cube ctrl commands to deploy into kubernetes cluster so this is the high level flow if you understand this flow you can implement any kubernetes devops i have a separate video on eks how to implement a ci cd with eks uh so feel free to check that out i'll give the link up top okay moving on to the next question how do you secure kubernetes application so when it comes to security there are two aspects for kubernetes security one is the security of your application running on the cluster and the other is devsecops so basically devops plus security security of the container devops lifecycle so for the application security uh you secure your pod namespace node using role-based access control irsa etc so i have a this is a big topic the application security so i have a separate video on this i'll give it up top the link as well feel free to check it out it is super important that you understand this rbac and irsa for any interviews or real world applications next is the security of the devops so the first thing is authorization what i mean by that is you need to enforce that im user or role uh has proper authorization to run your devops cycle like if a project a is trying to deploy something for project b it should be stopped right so for aws you can you you can utilize iam for this next is scanning um the container images for vulnerability so there are multiple ways to do this so there are different tools like sysdig falco to do this if you are using elastic container registry on aws uh aws released a feature where you can scan the images for vulnerability for free of charge and next is once your container image is running as container you can also keep scanning those there are multiple tools available such as twist lock etc that you can utilize so again uh for interviews you have to keep your answers succinct right so make sure you hit these two points like hey there are two aspects to it application depth checkups and then give like a little bit of description and then interviewer will probably if they want to go deep they will ask questions on our back irs etc and then you can go super granular and on top of that there is another uh factor for security one is the security compliance that your application needs uh so if you are if your application is highly secure and it requires uh federal compliance hipaa sock etc so you can mention that hey maybe if you're running in a blue s if you need fedramp high run it in golf cloud keep in mind some of the things like amazon ecs is fair drum high compliant eks is federal moderate etc so this last part is kind of real world if you just learn theory you can talk about application and dev checkouts but the security compliance thing most of the people probably won't mention okay moving on a super important topic how do you cost or performance optimize kubernetes application so when it comes to kubernetes cost the first component is control plane cost however for good or bad this cost is fixed let's say for example eks you pay 10 cents per hour it scales automatically and the and the right is fixed so there is not much room for improvement most of your kubernetes cost will come from your worker node number of worker nodes and the types of worker nodes right so how does the number of worker nodes gets chosen so basically when you define your container image in a pod spec you will define pod resource specification like how much cpu how much memory you want this container image to use this is where a lot of cost optimization comes in because most of the time you will see unused cpu and memory allocation so just like easy to think about it like ac2 where you will allocate more cpu and ram for your ec2 like a select a high tier ec2 even though you are not using it so the way to optimize cost and performance is to detect the cpu and memory waste from the pod so how do you do this so kubernetes you utilize metric server so once you install metric server metric server can tell you how much cpu and memory is being utilized in average uh like it gives you like 10 hours per day etc now if you want to do this manually using all this data it will be super difficult right so you should utilize some tools which gathers this metric server data and then gives you actionable cost and performance uh insights so some of these tools are cloud watch container insights so cloudwatch container insights works with eks which gets the data and will show you top 10 memory intensive pods etc and then you can dive deep and optimize the cpu memory specification some of the other third party tools cubecast i really like this tool cubecast you can try it out for free it actually gives you like the dollar amount how much you are wasting and gives you hey if you reduce this allocation you will save this much money cloudhealth super popular third party tool kubernetes resource report these are the few popular ones but there are many more so it's very important for you to explain to the interviewer that what is the cost biggest cost component mention that unused cpu memory and then go into your thought process that how do you detect cpu memory using these tools okay moving on to uh another question so this is a question where a lot of you guys and girls probably struggle uh especially if you haven't worked in a real world kubernetes app uh tell me about a challenge you face in kubernetes so one thing to keep in mind is um mention a challenge so mentioning a challenge is okay but important is you also have to answer how you solved it right because that's where the interviewer is trying to see whether you actually worked on it or not so i'm going to give you a challenge on the answer and then couple of other ideas that you can mention so let's say the challenge is you are running your kubernetes application on eks let's say you have hundreds of nodes and then kubernetes released a new version so to upgrade your cluster to new kubernetes version there is a lot that you have to do first you have to create and rehydrate the amis with the new kubernetes version number two big challenge you face is while you creating and rehydrating the amis for the worker nodes you have to keep your application up and running uh keeping application highly available while you are doing this and maintaining pod disruption budget so you can say that um it's like a lot of overhead in your devops tool chain uh keeping the same number of pods up and running while you are draining so it's one of the challenge you faced so how did you solve it you can say that you used eks managed node group where aws provided the patched mi so you do not have to worry about patching as soon as possible you don't have to go create ami all that stuff aws is in charge of giving you the ami that you can grab it and apply it regarding the application part aws manage node group does that for you as well and the while manage node group does that application will be up and running with high availability it also respects pod disruption budget you don't have to uh do all these in your devops tool chain do this mathematics and all that stuff and it's one click update uh or basically one api call right so it makes your life super easier there are a couple of other ideas another challenge that real world application face is as your application grows you know in kubernetes let's say for eks each pod uses a ip address from your ppc right so uh as you grow as your application grows there is a chance that with a lot of concurrent pods running at the same time you run out of ip address in your vpc that's one of the challenge how you solve it is with eks cluster you can add additional subnet afterwards even after cluster is defined so you can mention that as well so moving on how do you scale your kubernetes app so there are two main main ways to scale your kubernetes app one is horizontal pod auto scaler and then next is the cluster auto scaler where the number of node increases these two super important i have a separate video explaining this too make sure you study those i'm going to give the link up top now the third kind that not a lot of the interviewee will explain but this one is used in a real world application is cluster over provisioning so let me explain the challenge with this hpa and cluster autoscaler so let's say you have two worker nodes and your application is running uh worker node utilization is let's say like 50 or something as your application uh traffic increases you will spawn more and more pods on in those two worker nodes right so at some point these two worker nodes will be at full capacity so to scale more the cluster autoscaler will create more ec2 worker nodes but this process takes a little bit of time right depend on your ami so it has to grab the mi the ec2 has to come up so there will be a little bit of latency what if your application is like a super critical low sla application you cannot afford that kind of latency so with a cluster over provisioning you will bring up all the ec2 workers up right so let's say even though two worker nodes are being used uh with your real application pods you bring up hundreds of other easy tools depending on your application and for the other worker nodes you run these fake parts we call them pause pods and let's say slowly the first two worker nodes goes to 100 utilization and when the traffic increases more the ec2s are already up and running so your application don't need to spend any more time spinning up additional ec2's all it will do is replace the pause pods with your actual application pod so in case in case of critical launches low sla requirement this is used in real world app you can actually mention this as well as your challenge do you face uh in real world kubernetes app and how you solved it using cluster over provisioning okay moving on um how do you expose a kubernetes micro service to consumers so basically your pod is running how can outside world call it um so probably you guys are thinking services right so you have three kinds of services in kubernetes uh node port load balancer and cluster ip uh if you want to expose your pod to outside world load balancer comes to your mind right where a load balancer will be created it will have a dns name and then you can call the dns name it will go call the pod so i have a separate video going over all this as well i'm going to give the link however what the interviewer is looking for is ingress because in real world applications you cannot just use load balancer because the problem is let's say you have five micro services and then you have five load balancer with different dns names so you have to put another load balancer on top so that the padding works like generally the applications will have a static part of the cut domain and then the second part will change let's say www.example.com get slash update etc and for each of these different paths you want it to go to different microservices if you just use separate load balancer service for each of these microservice you cannot achieve this easily so ingress you can have one load balancer and for each different path it can send the traffic to uh different microservices so i have a separate video ingress is super critical in real world app so it's very very important that you understand this i have a separate video on this because this is a detailed topic as you can see with ingress with the same domain path let's say batcave.com for each of the slash path it can send to different services underneath so yeah i'll give the link of the video up top make sure you watch that one and there are different options for this ingress part you can use traffic this is a third party software that creates ingress for your kubernetes you can use engine x ingress controller if you are using eks as your current cluster you can use lb ingress controller as well this one is gaining a lot of popularity so moving on do you have to use kubernetes to run your containerized application so this is kind of like a trick question the answer is no right so kubernetes is one of the many container orchestrator so again what is content orchestrator that comes under kind of basic questions uh so i'll give it a i'll give a link to one of my very popular video up top you can watch it uh but if you already containerized your application and as long as uh the container orchestrator supports the runtime let's say you use docker as long as your content orchestrator supports a runtime that allows you to run your container image that's it right kubernetes gives you functionalities and kubernetes is the most popular content orchestrator but some of the other ways to run your container image is amazon elastic container service or ecs docker swarm apache missiles etc uh so yeah kubernetes is not an absolute must if you just want to run your container all right guys and girls that's the video if you find this video useful please do all the youtube stuff like this video subscribe comment also actually in the comment let me know if there are other questions that's in your mind for kubernetes that you want me to go over all right guys and girls that's it for this video i'll see you guys and girls in the next video bye
Info
Channel: Agent of Change
Views: 18,953
Rating: 4.9421964 out of 5
Keywords:
Id: OvOQJba-edM
Channel Id: undefined
Length: 20min 50sec (1250 seconds)
Published: Sun Jan 17 2021
Related Videos
DevOps Interview Questions Answers (From Sr. Cloud Architect) | Moderate to Advanced
Agent of Change
17K
Kubernetes Services explained | ClusterIP vs NodePort vs LoadBalancer vs Headless Service
TechWorld with Nana
137K
How Hidden Technology Transformed Bowling
Veritasium
5.1M
Design Microservice Architectures the Right Way
InfoQ
532K
What is Helm in Kubernetes? Helm and Helm Charts explained | Kubernetes Tutorial 23
TechWorld with Nana
229K
But how does bitcoin actually work?
3Blue1Brown
10M
Predicting the Future of the Web Development (2020 and 2025)
Coding Tech
967K
Netflix YouTube Prime Video System Design on AWS | Video On Demand System Design Interview
Agent of Change
6.1K
Subnet Mask - Explained
PowerCert Animated Videos
58K
you need to learn Kubernetes RIGHT NOW!!
NetworkChuck
437K
Top 25 Microservice Interview Questions Answered - Java Brains
Java Brains
284K
Kubernetes Best Practices | For Interview
Agent of Change
3.3K
Kubernetes Volumes explained | Persistent Volume, Persistent Volume Claim & Storage Class
TechWorld with Nana
115K
How to get DevOps job with no experience? | DevOps POCs to do
Agent of Change
11K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.