Kubernetes Interview Questions
Kubernetes is one of the most common topics in DevOps, platform, and cloud-engineer interviews. These are the questions interviewers actually ask, with concise answers you can speak confidently.
17 questions with concise, interview-ready answers.
1. What is Kubernetes, and why is it used?
Kubernetes is an open-source container orchestration platform that automates deploying, scaling, and managing containerized applications across a cluster of machines. It is used because running containers manually does not scale: Kubernetes handles scheduling containers onto nodes, restarting failed ones, scaling up and down with demand, rolling out updates, and load-balancing traffic. In short, it gives you a declarative, self-healing way to run applications in production.
2. What is a pod in Kubernetes?
A pod is the smallest deployable unit in Kubernetes and represents one or more containers that are scheduled together on the same node. Containers in a pod share the same network namespace (so they reach each other over localhost) and can share storage volumes. Most pods run a single container, but a pod can also include helper or sidecar containers that support the main one.
3. What is the difference between a node and a cluster?
A node is a single worker machine, physical or virtual, that runs your pods and is managed by the control plane. A cluster is the whole set of machines working together: one or more control-plane nodes that make scheduling and management decisions, plus the worker nodes that actually run the workloads. You deploy applications to a cluster, and Kubernetes decides which nodes the pods land on.
4. What is a Deployment, and how does it relate to a ReplicaSet?
A Deployment is a higher-level object that manages a stateless application declaratively — you describe the desired state, such as the image and the number of replicas, and Kubernetes works to maintain it. Under the hood, a Deployment creates and manages a ReplicaSet, which is the object responsible for keeping the specified number of identical pod replicas running. When you update a Deployment, it creates a new ReplicaSet and gradually shifts pods over, which is how rolling updates and rollbacks work.
5. What is a ReplicaSet?
A ReplicaSet ensures that a specified number of identical pod replicas are running at all times. If a pod crashes or is deleted, the ReplicaSet creates a replacement; if there are too many, it removes the extras. In practice you rarely create a ReplicaSet directly — you create a Deployment, which manages ReplicaSets for you and adds rollout and rollback capabilities.
6. What is a Service in Kubernetes, and what are its types?
Pods are ephemeral and get new IP addresses when they restart, so a Service provides a stable network endpoint and load-balances traffic across a set of pods selected by labels. The main types are ClusterIP, which exposes the service on an internal cluster-only IP and is the default; NodePort, which opens a static port on every node so the service is reachable from outside; and LoadBalancer, which provisions an external cloud load balancer that routes to the service. There is also ExternalName, which maps a service to a DNS name.
7. What is an Ingress, and how is it different from a Service?
An Ingress manages external HTTP and HTTPS access to services inside the cluster, providing routing by host and path, plus TLS termination, through a single entry point. It is different from a Service because a Service exposes one set of pods, whereas an Ingress sits in front of many services and routes requests to them based on rules. An Ingress only works if an ingress controller, such as NGINX or a cloud controller, is running in the cluster to actually fulfill the rules.
8. What is the difference between a ConfigMap and a Secret?
Both store configuration data as key-value pairs that you inject into pods as environment variables or mounted files, keeping configuration separate from the container image. A ConfigMap is for non-sensitive data such as URLs, feature flags, or settings. A Secret is for sensitive data such as passwords, tokens, and keys; its values are base64-encoded and Kubernetes can restrict access and encrypt them at rest, though base64 alone is encoding, not encryption.
9. What is a namespace, and when would you use one?
A namespace is a way to divide a single cluster into multiple virtual sub-clusters, providing a scope for names and a boundary for resource quotas and access control. You use namespaces to separate environments or teams — for example dev, staging, and prod, or different teams sharing one cluster — so their resources do not collide. Some objects are cluster-wide, like nodes, but most everyday objects like pods, services, and deployments live inside a namespace.
10. What are the main components of the Kubernetes control plane?
The control plane makes global decisions about the cluster. The kube-apiserver is the front end that exposes the Kubernetes API and is the single point all components talk to; etcd is the consistent key-value store that holds all cluster state; the kube-scheduler decides which node each new pod should run on; and the kube-controller-manager runs the controllers that drive the cluster toward its desired state. On cloud platforms there is also a cloud-controller-manager for provider-specific integration.
11. What is the role of the kubelet?
The kubelet is an agent that runs on every worker node and is responsible for making sure the containers described in its pods are running and healthy. It receives pod specifications from the API server, instructs the container runtime to start or stop containers, and reports node and pod status back to the control plane. The kubelet works at the pod level — it does not manage containers you start outside of Kubernetes.
12. How does Kubernetes provide self-healing?
Kubernetes continuously compares the actual state of the cluster against the desired state you declared and works to reconcile any difference. If a pod crashes, the controller managing it starts a replacement; if a node fails, its pods are rescheduled onto healthy nodes; and failing health checks can cause a container to be restarted or removed from load balancing. This reconciliation loop is what makes the system self-healing without manual intervention.
13. What is the difference between a rolling update and a recreate deployment strategy?
A rolling update gradually replaces old pods with new ones, a few at a time, so the application stays available throughout the rollout with no downtime — this is the default strategy for a Deployment. A recreate strategy terminates all the old pods first and then creates the new ones, which causes a brief period of downtime but guarantees that old and new versions never run at the same time. You choose recreate when two versions cannot coexist, for example due to incompatible database schemas.
14. What is the Horizontal Pod Autoscaler (HPA)?
The Horizontal Pod Autoscaler automatically adjusts the number of pod replicas in a Deployment or ReplicaSet based on observed metrics, most commonly CPU utilization, but also memory or custom metrics. It watches the metric against a target you set and adds or removes pods to keep utilization near that target, within a minimum and maximum bound you define. This scales the workload horizontally to match demand, as opposed to vertical scaling, which changes the resources of each pod.
15. What is the difference between a liveness probe and a readiness probe?
A liveness probe checks whether a container is still healthy; if it fails, Kubernetes restarts the container, which is useful for recovering from deadlocks or hangs. A readiness probe checks whether a container is ready to receive traffic; if it fails, the pod is removed from the Service endpoints but is not restarted, so traffic is held back until the app is ready. There is also a startup probe, which protects slow-starting applications by delaying the other probes until the app has finished booting.
16. What are persistent volumes and persistent volume claims?
Because pods are ephemeral, their container storage is lost when they restart, so Kubernetes uses persistent volumes for data that must survive. A PersistentVolume (PV) is a piece of storage in the cluster, often backed by cloud disks or network storage, provisioned by an administrator or dynamically by a StorageClass. A PersistentVolumeClaim (PVC) is a request for storage made by a pod; Kubernetes binds the claim to a suitable volume, decoupling the application from the underlying storage details.
17. What is Helm, and why is it useful?
Helm is a package manager for Kubernetes that bundles related manifests — deployments, services, configmaps, and more — into a single unit called a chart. Charts are templated and parameterized through a values file, so you can install the same application across environments with different settings, and you can version, upgrade, and roll back releases with simple commands. It is useful because it removes the need to copy and hand-edit large sets of YAML files for every deployment.
Get these answered live in your real interview
NostrobeAI is a real-time AI interview copilot — it hears the question and drafts a strong answer on your screen, invisible on Zoom, Meet, and Teams. One-time pricing, no subscription.
Try NostrobeAI free