Answer:
In my day to day activities , I will handle multiple tasks: My day starts with a team meeting called a "scrum call." In this meeting, we discuss our progress, and the team assigns tasks for the day. After the meeting, I check Jenkins, a tool we use for automation. I look for any new builds or updates. If there are errors in the builds, I work on fixing them. Kubernetes Monitoring: If Jenkins is running smoothly, I move on to checking our Kubernetes (K8s) clusters and pods. These are parts of our system where applications run. If any pod has issues or isn’t working correctly, I troubleshoot the problem, fix it, and inform my team about the updates. Sometimes, I create Kubernetes configuration files called manifest files. These define how our applications and services should run in the Kubernetes environment. We have distributed team,where cloud team will ping me,for some cloud tasks like creating ebs,s3,iam roles and vpc related issues.
Answer:
High CPU/memory usage in some pods. Disk space issues in nodes. Stuck pods due to PVC binding problems. API server latency under high load. Ingress routing misconfigurations.
A: It’s a release strategy with two environments (Blue & Green). Blue is live, Green is the new version. After testing, switch traffic to Green. Rollback is easy by switching back to Blue.
| Feature | GitLab CI/CD | Jenkins |
|---|---|---|
| Setup | Pre-integrated, simple | Manual setup with plugins |
| Pipeline Definition | .gitlab-ci.yml (YAML) | Jenkinsfile (Groovy DSL) |
| Scalability | Runner-based, auto-scaled | Master-agent model |
| Maintenance | Less, managed by GitLab | High, manual plugins/updates |
| Integration | Native Git integration | Any SCM via plugins |
| UI | Modern & built-in | Plugin-dependent |
| Cost | Free & paid tiers | Open-source, infra cost |
A:
- Jenkins: Customizable but manual setup (Jenkinsfile, agents, plugins).
- GitLab: Easy, tightly integrated with Git, uses .gitlab-ci.yml.
| Feature | NAT Instance | NAT Gateway |
|---|---|---|
| Type | EC2-based, user-managed | AWS-managed service |
| High Availability | Manual setup | Built-in multi-AZ |
| Performance | Depends on EC2 size | Scalable & high throughput |
| Cost | Cheaper for low traffic | More expensive, better for production |
| Maintenance | Manual updates | No maintenance |
A:
- Use AWS SDKs
- Access via IAM roles with least privilege
- Store secrets in Secrets Manager
- Follow retry/backoff logic
- Use env variables for config
- Log via CloudWatch
A:
- Use IAM users/groups with MFA
- Prefer IAM roles with temporary STS credentials
- Use AWS SSO or federation
- Manage secrets via AWS Vault or CLI profiles
- Rotate creds, no hardcoding
A:
- VPC Peering: Direct, simple, but no transitive routing
- Transit Gateway: Centralized hub, scalable
- PrivateLink: For exposing services, not full VPC access
- VPN: For secure cross-region or hybrid setups
Answer: If the kubelet on a node goes down: The node stops reporting to the Kubernetes control plane. After a default period (usually 5 minutes), the node is marked NotReady. The scheduler may reschedule the pods on other healthy nodes (if they are not static pods or daemonsets).
Answer: A static pod is managed directly by the kubelet on a node, not through the Kubernetes API server. Defined in a local manifest file (e.g., /etc/kubernetes/manifests/). Used for critical components like control plane pods. Cannot be managed with kubectl.
Answer: The Kubernetes scheduler assigns newly created pods to nodes based on: Resource availability Node affinity/anti-affinity Taints and tolerations Custom scheduling rules
Answer: No, the API server and other control plane components are usually run as static pods, which are not scheduled by the Kubernetes scheduler.
| Feature | Deployment | StatefulSet |
|---|---|---|
| Use Case | Stateless applications (e.g., web servers) | Stateful applications (e.g., databases) |
| Pod Identity | Pods are interchangeable, no fixed identity | Each Pod has a stable, unique identity |
| Pod Name | Random suffix (e.g., nginx-xyz12) |
Predictable names (e.g., db-0, db-1) |
| Storage (Volumes) | Shared or ephemeral | Each Pod gets its own persistent volume |
| Scaling | Easy and fast; Pods treated equally | Slower, one Pod updated at a time |
| Network Identity | No stable DNS for individual Pods | Each Pod gets a stable DNS hostname |
| Pod Ordering | No guaranteed order for startup/termination | Follows ordered deployment and terminationb |
| Use With | Frontend apps, APIs, microservices | Databases (e.g., MySQL, Cassandra, Kafka) |
Answer: A Kubernetes Service provides a stable network endpoint to access a set of pods. Types: ClusterIP, NodePort, LoadBalancer, ExternalName Helps decouple frontends from backends Uses labels/selectors to route traffic to the correct pods
Answer: HPA automatically scales the number of pods in a Deployment or ReplicaSet based on metrics like CPU usage or custom metrics.
| Aspect | HPA (Horizontal Pod Autoscaler) | VPA (Vertical Pod Autoscaler) |
|---|---|---|
| Scaling Direction | Horizontal – scales the number of Pods | Vertical – adjusts CPU/Memory of a single Pod |
| Purpose | Handle increased load by adding/removing Pods | Optimize resource usage within Pods |
| Metrics Used | CPU, memory, or custom metrics (via Metrics Server) | Historical usage and live metrics |
| Pod Restart | No restart (new Pods added/removed) | Pod restart required to apply new resource values |
| Best Use Case | Stateless apps with variable load (e.g., web servers) | Long-running apps with consistent load patterns |
| Kubernetes Object | HorizontalPodAutoscaler resource |
VerticalPodAutoscaler resource |
| Limitations | Can’t optimize within a Pod | Not suitable for rapid load spikes or multi-replica apps |
Answer: A DaemonSet ensures that a specific pod runs on all (or selected) nodes in the cluster. Examples: log collection, monitoring agents, network plugins.
Probe Type Purpose Effect on Pod Liveness Probe Checks if container is alive Pod is restarted if it fails Readiness Probe Checks if container is ready to serve Pod is removed from service endpoints
Answer: Drain nodes: kubectl drain Upgrade kubeadm: apt upgrade kubeadm Run kubeadm upgrade plan and kubeadm upgrade apply Upgrade kubelet and kubectl Restart kubelet Uncordon nodes: kubectl uncordon
21Q. If a pod has three containers and one container is unhealthy (liveness probe fails), what happens?
Answer: Only the unhealthy container is restarted by kubelet. The other two containers continue to run unaffected.
Answer:
Check ~/.kube/config Validate context: kubectl config get-contexts Check connectivity to API server Run kubectl version Use curl or telnet to test API server reachability
23Q. In a Kubernetes Deployment using a PVC, where a pod is using the PVC, what happens to the pod if someone deletes the Deployment?
Answer:
Pods created by the Deployment will be deleted. PVC is not deleted (unless manually configured via ReclaimPolicy). The underlying PersistentVolume may remain, depending on the reclaim policy.
Feature Node Affinity Node Selector Flexibility More expressive Simple key-value match Operators In, NotIn, Exists, etc. Only exact match Scheduling type Preferred/Required Required Use case Advanced scheduling requirements Basic filtering
Answer:
project/
├── main.tf # Main configuration file
├── variables.tf # Input variables
├── outputs.tf # Output values
├── terraform.tfvars # Actual variable values
├── backend.tf # Backend config for remote state
├── modules/ # Reusable modules
│ └── <module_name>/
│ ├── main.tf
│ ├── variables.tf
│ └── outputs.tf
└── envs/ # Environment-specific configs
├── dev/
├── prod/
Answer: You can connect EC2 instances across regions by: Setting up a VPN connection between VPCs in different regions. Using VPC Peering (now supported cross-region). Using AWS Transit Gateway for more complex architectures.
Answer: An Internet Gateway (IGW) is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet. It is attached at the VPC level, not the subnet level.
Answer: VPC Peering connects two VPCs to route traffic using private IPs. Steps to configure: Create a VPC peering connection. Accept the request from the target VPC. Add route table entries in both VPCs. Ensure security groups and NACLs allow traffic.
Answer:
Remove public access settings. Attach bucket policy that allows access from specific VPC or IAM roles. Use VPC endpoint for S3 for private access without using the internet.
Answer: CloudFront is AWS’s Content Delivery Network (CDN) that caches content at edge locations to reduce latency and speed up delivery.
Answer: A NAT Gateway enables instances in a private subnet to access the internet (for updates, etc.) while remaining unreachable from the outside. It is placed in a public subnet and requires a route from private subnets to the NAT Gateway.
Answer: The terraform.tfstate file stores the current state of your infrastructure. To avoid conflicts:
Use remote state backends (e.g., S3 with DynamoDB locking).
Example:
backend "s3" { bucket = "my-terraform-state" key = "env/dev/terraform.tfstate" region = "us-west-2" dynamodb_table = "terraform-lock" }
33Q. A client asks you to provision infrastructure with EC2, S3 bucket, and VPC. Write the Terraform script
Answer:
provider "aws" { region = "us-west-2" }
resource "aws_vpc" "main" { cidr_block = "10.0.0.0/16" }
resource "aws_s3_bucket" "bucket" { bucket = "my-unique-bucket-name-123" acl = "private" }
resource "aws_instance" "web" { ami = "ami-0abcdef1234567890" instance_type = "t2.micro" subnet_id = aws_subnet.main.id }
resource "aws_subnet" "main" { vpc_id = aws_vpc.main.id cidr_block = "10.0.1.0/24" availability_zone = "us-west-2a" }
Feature Terraform Ansible Purpose Infrastructure provisioning (IaC) Configuration management Language Declarative (HCL) Procedural (YAML + Python) Idempotency Built-in Manual in some cases Agent-based Agentless Agentless Execution Plans infra before applying changes Executes tasks immediately
Answer:
Use Docker volumes: back up by copying data from /var/lib/docker/volumes/. Use docker cp to copy data from containers. Mount volume and copy data manually.
dockerfile
FROM python:3.9 WORKDIR /app COPY requirements.txt . RUN pip install -r requirements.txt COPY . . CMD ["python", "app.py"]
| Instruction | Purpose | Functionality |
|---|---|---|
ADD |
Copies files/directories into the image | Also supports remote URLs and auto-extracts tar files |
ENTRYPOINT |
Defines the main command to run in the container | Makes the container behave like a standalone executable |
docker rm -f $(docker ps -aq)
Answer:
Persistent Storage: storage that outlives pod lifecycles. PV: cluster-managed storage resource. PVC: user request for storage; binds to a PV.
Answer: Yes. This involves: Monitoring logs with kubectl logs Restarting failed pods Analyzing node/pod health Investigating metrics and alerts from tools like Prometheus/Grafana
Answer:
check_http – for web server health check_disk – for disk space monitoring check_load – for CPU load check_ping – for network availability
| Tool | Default Port |
|---|---|
| Grafana | 3000 |
| Prometheus | 9090 |
Answer: grafana.ini Located by default at /etc/grafana/grafana.ini
Feature Hard Link Soft Link (Symbolic Link) Inode sharing Shares the same inode Points to the original inode Broken link Works even if original is deleted Breaks if the target is deleted File systems Must be on the same file system Can link across file systems Appearance File Shortcut
Answer:
Check system logs:
journalctl --since "1 hour ago" | grep -i shutdown Inspect /var/log/messages or /var/log/syslog. Use last reboot to see last reboot times. Look for kernel panic, OOM errors, or manual reboots in logs.
Answer:
Use top, htop, or ps -eo pid,ppid,%cpu,cmd --sort=-%cpu to identify. Check logs of the process/container. Restart the pod/container if needed. Add resource limits in Kubernetes to prevent abuse.
Answer:
EC2 (AWS): Modify volume from AWS Console. Use lsblk to identify disk. Resize partition with growpart.
Resize filesystem: sudo resize2fs /dev/xvdf1
Answer:
Extend the disk at the cloud/VM level. Use tools like growpart or parted to expand the partition. Use resize2fs (for ext4) or xfs_growfs (for XFS) to resize the filesystem.
Answer:
Master Components: API Server, Scheduler, Controller Manager, etcd. Node Components: Kubelet, Kube-proxy, container runtime (Docker/CRI-O). Add-ons: DNS, Dashboard, Ingress controller, etc.
Answer:
Horizontal Pod Autoscaler (HPA): scales pods based on CPU/memory or custom metrics. Vertical Pod Autoscaler (VPA): adjusts resource requests/limits of pods. Cluster Autoscaler: adds/removes nodes based on pending pods.
| Feature | Deployment | StatefulSet |
|---|---|---|
| Use Case | Stateless applications (e.g., web servers, APIs) | Stateful applications (e.g., databases, Kafka) |
| Pod Identity | Pods are interchangeable, no fixed identity | Pods have stable, unique identities |
| Pod Naming | Randomized (e.g., web-abc123) |
Predictable (e.g., db-0, db-1) |
| Storage | Shared or ephemeral storage | Persistent Volume per Pod (retained across restarts) |
| DNS Hostnames | No stable DNS per Pod | Each Pod gets a stable network identity |
| Startup/Termination | All Pods start/stop in parallel | Ordered start/stop and rolling updates |
| Scaling | Fast and simple scaling | Slower, ordered scaling |
| Pod Replacement | New Pod is identical to old (no identity preservation) | Maintains state and identity even after restart |
Answer: Ingress is an API object that manages external HTTP/HTTPS access to services inside a Kubernetes cluster. It allows path-based or host-based routing and works with Ingress controllers like NGINX, Traefik.
Answer: A namespace is a logical isolation unit in Kubernetes used to divide cluster resources between multiple users or teams. Useful in multi-tenant environments.
| Feature | ReplicaSet | DaemonSet |
|---|---|---|
| Purpose | Ensure a specific number of identical Pods are running | Ensure one Pod per node (or specific nodes) |
| Pod Count | Defined by user (e.g., 3 replicas) | Automatically runs one Pod on each node |
| Use Case | Web servers,API services,stateless applications | Monitoring agents, log collectors, storage plugins |
| Scaling | Manual or via Horizontal Pod Autoscaler | Scales automatically with node changes |
| Pod Placement | Pods can run on any nodes | Exactly one per node(unless node selectors are used) |
| Update Strategy | Supports rolling updates via Deployment | Uses RollingUpdate strategy for controlled rollout |
| Controller Used With | Often used by Deployment | Managed directly as DaemonSet |
Answer:
Automated scaling and self-healing. Rolling updates and rollbacks. Resource optimization. Supports hybrid and multi-cloud environments. Declarative configuration with YAML.
Answer: Blue-Green Deployment involves running two identical environments (blue and green). Blue = current live Green = new version Switch traffic from blue to green once the green version is verified.
Answer: DockerHub is a cloud-based registry to store and share container images. You can pull official or custom images from it.
Answer:
docker exec -it <container_id_or_name> /bin/bash Or use /bin/sh if bash is not available.
Answer: Yes, Kubernetes supports both YAML and JSON for manifests, but YAML is more human-readable and widely used.
| Aspect | Docker (Container) | Kubernetes |
|---|---|---|
| Primary Function | Containerization platform – builds & runs containers | Container orchestration – manages container clusters |
| Scope | Works on a single host | Manages multiple containers across multiple hosts |
| Container Lifecycle | Manual (start/stop/restart) | Automated (scheduling, self-healing, rolling updates) |
| Scaling | Manual scaling | Auto-scaling and load balancing |
| Networking | Basic network configuration | Advanced service discovery, DNS, and network policies |
| Storage | Local volumes | Supports persistent volumes, dynamic provisioning |
| High Availability | Not built-in | Built-in via replica management and node distribution |
| Monitoring & Logging | Basic logging | Integrated with tools like Prometheus, Grafana, ELK |
| Multi-container apps | Managed via docker-compose |
Managed via Pods, Deployments, StatefulSets, etc. |
Answer:
Use docker stats for live metrics. Use third-party tools like cAdvisor, Prometheus, and Grafana. Integrate with logging tools like ELK or Fluentd.
Answer:
Install and configure Prometheus with K8s metrics. Add Prometheus as a data source in Grafana. Create dashboards to monitor CPU, memory, disk, pod health. Set up alerts in Grafana.
Answer: SonarQube is a tool used to analyze code quality, detect bugs, code smells, and security vulnerabilities in code repositories. Integrates with CI/CD pipelines to enforce code standards.
Answer: sed is a stream editor used for text transformation, like find & replace.
Common flags:
-e : Add the script to the commands to be executed -i : Edit files in-place -n : Suppress default output (used with p for printing lines) s : Substitute (e.g., sed 's/old/new/g' file.txt)
Answer: awk is a powerful text processing tool used for pattern scanning and data extraction. Example:
awk '{print $1, $3}' file.txt Prints the 1st and 3rd columns of a file.
Answer:
find /path -name "filename" Examples:
By name: find . -name "*.log" By size: find / -size +100M Recently modified: find /var/log -mtime -1
Answer:
Create Dockerfile for your app. Build and push the image to a container registry. Create K8s manifests: Deployment Service (Optional) Ingress Apply using:
kubectl apply -f deployment.yaml
Answer: In Kubernetes (via Ingress), path-based routing directs traffic based on the URL path.
Example:
- path: /api backend: serviceName: api-service
- path: /web backend: serviceName: web-service
Answer: Roles define permissions within a namespace. ClusterRoles apply across all namespaces. Used in RBAC (Role-Based Access Control) to control what users or services can do.
Answer: Bucket policies are JSON-based rules that control access to an entire S3 bucket or objects inside.
Example:
{ "Effect": "Allow", "Principal": "", "Action": ["s3:GetObject"], "Resource": "arn:aws:s3:::mybucket/" }
Answer:
Check bucket policy Check IAM role/user permissions Verify if object ACL is private Ensure correct Region and signed URL, if applicable
Answer: These are the S3 actions needed to download (GetObject) or upload (PutObject) files. Without them, you’ll get 403 errors.
Answer: Objects are persistent entities representing the desired state. Examples: Pod, Service, Deployment, ConfigMap, Secret, Ingress.
Answer: Marks a resource for destruction and recreation during the next apply.
terraform taint aws_instance.my_instance
Command Purpose merge Combines two branches, creates a merge commit rebase Reapplies commits from one branch onto another for a linear history
Answer:
GitFlow (feature, develop, release branches) Trunk-Based (single main branch with feature flags) GitHub Flow (short-lived feature branches + pull requests)
Answer:
Pod crash due to memory leaks. PVC binding issues. DNS resolution failure in K8s. S3 permission errors (403). Auto-scaling delay under heavy load.
Answer: Mostly Amazon Linux 2, Ubuntu, or CentOS depending on the cloud provider and application needs.
Answer: Ubuntu – due to: Wide community support Easy package management (apt) Better documentation
Answer:
Roles: Standardized way to organize playbooks into reusable components (tasks, handlers, vars, etc.) Templates: Jinja2 files (.j2) used to dynamically generate configuration files.
Answer:
EC2 passes 2 checks: System status check Instance status check Both must be "2/2 checks passed" for healthy status.
Answer:
Create an IAM role with AmazonEKSClusterPolicy. Use eksctl or Terraform to create the cluster:
eksctl create cluster --name demo --region us-west-2 --with-oidc
Answer:
Store logs, backups, artifacts. Host static websites. Use as Terraform backend (state file storage).
Answer: JSON document attached to a bucket to define access rules for users, roles, or the public.
Answer: It means access denied. Possible causes: Missing s3:GetObject permission Object is private Bucket policy restricts access
Answer: Prevents simultaneous changes to the same infrastructure by multiple users. Uses DynamoDB table (in AWS) to manage locks.
Answer: In the DynamoDB table used for state locking. Look for the item with LockID in the table where Terraform stores its locks.
Answer:
Files written using Jinja2 syntax. Defined in playbooks like:
tasks:
- name: Apply nginx config
template:
src: nginx.conf.j2
dest: /etc/nginx/nginx.confAnswer:
Ingress: Rules to allow external traffic into the cluster.
Egress: Outbound traffic from pods to outside the cluster.
Answer: Yes ArgoCD supports:
Kustomize Plain YAML Helm Jsonnet Helm is optional.
#### playbook.yml
tasks:
- name: Install nginx
apt:
name: nginx
state: present
notify: restart nginx
handlers:
- name: restart nginx
service:
name: nginx
state: restarted
project/
├── inventory
├── playbook.yml
├── roles/
│ └── webserver/
│ ├── tasks/
│ │ └── main.yml
│ ├── handlers/
│ │ └── main.yml
│ ├── templates/
│ ├── files/
│ ├── vars/
│ └── defaults/
1.Generate SSH key ssh-keygen
2.Copy public key to remote server: ssh-copy-id user@remote-server
- Now you can SSH without a password: ssh user@remote-server
SELinux (Security-Enhanced Linux) is a security module in Linux that provides mandatory access control (MAC). It defines access policies for users, processes, and files.
Check status: Sestatus Modes: Enforcing: Enforces policies. Permissive: Logs violations, doesn’t enforce. Disabled: Completely off.
AWS Serverless refers to a cloud-native development model that allows you to build and run applications without managing servers. Key services include:
• AWS Lambda – run code in response to events.
• Amazon API Gateway – expose APIs.
• Amazon DynamoDB – NoSQL database.
• AWS Step Functions – orchestrate workflows
Declarative Pipeline: Uses a more structured and predefined syntax. Easier to write and read, especially for beginners. Scripted Pipeline: Uses Groovy-based syntax. Offers more flexibility and is suitable for complex logic.
1, Backup Jenkins (Recommended) Backup your Jenkins home directory (usually /var/lib/jenkins):(sudo cp -r /var/lib/jenkins /var/lib/jenkins_backup)
2, Upgrade Jenkins (Using Package Manager)
sudo yum check-update
sudo yum upgrade jenkins
sudo systemctl restart jenkins
Master: The main Jenkins server that manages the overall environment — it schedules builds, handles the UI, and delegates tasks to agents. Slave (Agent): Remote machines that connect to the master and run the actual build/test jobs. They can be Linux, Windows, or container-based systems.
Master receives a trigger (e.g., code push). Assigns the job to an available slave. Slave executes the job and reports back the result. Connection methods: SSH, JNLP, or WebSocket.
Load distribution Run jobs in parallel Use different environments for different jobs (e.g., Java on one, Python on another)
SonarQube is a code quality and security analysis tool. It inspects code for bugs, vulnerabilities, and code smells. Integrates with Jenkins, GitHub, and other CI/CD tools.
Install Git and GitHub plugin in Jenkins. Create a GitHub Personal Access Token. In Jenkins, go to Manage Jenkins > Configure System > GitHub and add credentials. Set up webhooks in GitHub to trigger builds on code push.
free -h
du -sh filename
grep 'word' filename To search recursively in all files: grep -r 'word' /path/to/directory
Shared libraries allow you to reuse common code across multiple Jenkins pipelines. They are stored in a separate Git repo or directory structure and loaded using: @Library('library-name') _( in shell script)
git revert creates a new commit that undoes changes of a specific commit without altering commit history (safe for shared branches). git reset moves the HEAD and possibly updates the index or working directory (can rewrite history; not safe for shared branches).
git fetch downloads changes from the remote repository but doesn’t apply them. git pull is equivalent to git fetch followed by git merge; it updates your current branch.
Check CPU/memory usage: top, htop, vmstat Check disk I/O: iostat, iotop, df -h Check network issues: netstat, ping, traceroute Check logs: /var/log/syslog, application-specific logs Check processes: ps aux --sort=-%mem
A: A Key Pair is used for secure SSH access to EC2 instances. It includes a public key (stored in AWS) and a private key (downloaded by the user). You create it in EC2 Dashboard → Key Pairs → Create Key Pair, and use it when launching an EC2 instance.
A: VPC peering is a networking connection between two VPCs that enables routing traffic between them using private IPs. Peering works across regions and accounts but does not support transitive peering.
A: It marks a specific resource for destruction and recreation on the next terraform apply.
A: Workspaces allow you to manage multiple state files within a single configuration directory. Useful for managing different environments like dev, staging, and prod.
A: Jenkins follows a master-agent architecture. The master schedules builds, manages agents, and handles web UI. Agents execute build jobs on different platforms or environments.
A: Agents are machines (nodes) that run jobs. Labels are tags you assign to agents to group them for job scheduling (e.g., linux, docker).
A: Multi-stage builds allow you to use multiple FROM statements in a Dockerfile to separate build-time and runtime environments, reducing final image size.
A: Stateful services retain state across restarts. StatefulSets manage pods with stable network identity, persistent storage, and ordered, graceful deployment.
o Master Node: Controls the Kubernetes cluster. It contains several components:
o API Server: Exposes the Kubernetes API.
o Controller Manager: Ensures that the cluster is in the desired state (e.g., creating new pods when needed).
• Scheduler: Assigns workloads to nodes.
• ETCD: is a distributed key-value store used to store all cluster data, including configuration data, secrets, and state information.
• Worker Node: Runs the containerized applications. Components include:
• Kubelet: Ensures the containers are running in a Pod.
• Kube Proxy: Maintains network rules for Pod communication.
• Container Runtime: Runs the containers (e.g., Docker).
A: ClusterIP – Default, internal-only access NodePort – Exposes service on a port on each node LoadBalancer – Uses external load balancer ExternalName – Maps service to external DNS name Headless Service – Created by setting clusterIP: None, used for direct pod access, useful in StatefulSets and DNS discovery.
A: AWS Serverless refers to a cloud-native development model that allows you to build and run applications without managing servers. Key services include:
• AWS Lambda – run code in response to events.
• Amazon API Gateway – expose APIs.
• Amazon DynamoDB – NoSQL database.
• AWS Step Functions – orchestrate workflows.
Benefits:
• No server provisioning or management.
• Auto-scaling and high availability.
• Pay only for what you use (event-driven).
A: I’ve worked with a wide range of AWS resources, including:
• EC2 (virtual machines)
• S3 (object storage)
• RDS (managed databases)
• ECS/Fargate (containers)
• Lambda (serverless compute)
• IAM (access control)
• CloudWatch (monitoring/logs)
• VPC (networking)
• Route 53 (DNS)
• Auto Scaling Groups
• ALB/NLB (load balancers)
• Elastic Beanstalk, CloudFormation, and Terraform for provisioning
A: For automatic and manual scaling, I’ve used:
• Auto Scaling Groups (ASG): Automatically add/remove EC2 instances based on CPU, memory, or custom metrics.
• Elastic Load Balancer (ELB): Distributes traffic across instances to balance load.
• CloudWatch Alarms: Used to trigger scaling actions.
• ECS with Fargate or EC2: Task-based scaling based on request load or queue depth.
A: df -h Shows disk usage in human-readable format
du -sh * Shows folder sizes in the current directory
A:
filename Truncates the file
: > filename Same as above
truncate -s 0 filename # Explicitly sets file size to 0
Answer: Use the following command to manually unlock the Terraform state: terraform force-unlock <LOCK_ID> Only use it if you're sure no other process is actively using the state.
Answer: • Check pipeline logs to identify the exact stage and error message.
• Reproduce the issue locally (if possible).
• Fix config or script issues (e.g., syntax, credentials).
• Rerun the pipeline and monitor.
Answer: git init # Initialize local repo
git add . # Stage changes
git commit -m "message" # Commit changes
git remote add origin # Link to central repo
git push -u origin main # Push code
Answer: • Define two different provider blocks with different credentials:
provider "aws" { alias = "account1" region = "us-east-1" profile = "account1-profile" } provider "aws" { alias = "account2" region = "us-west-2" profile = "account2-profile" }
• Use provider = aws.account1 and provider = aws.account2 in resources.
Answer: • Use minimal base images (e.g., alpine).
• Run containers as non-root users.
• Regularly scan images for vulnerabilities.
• Use Docker secrets for sensitive data.
• Enable network and runtime restrictions.
• Keep Docker and host OS updated.
Answer: Feature count for_each Use Case Repetition by number Repetition by map/set Indexing Uses count.index Uses each.key / each.value Best for Lists Maps or sets (with named keys)
Answer: • length() – get list length
• lookup() – safe map value lookup
• join() – join strings
• split() – split string to list
• merge() – merge maps
• format() – formatted strings
• element() – get item by index
• file() – read local file
Answer: Feature ALB (Application Load Balancer) NLB (Network Load Balancer) Layer Layer7 (HTTP/HTTPS) Layer4 (TCP/UDP) Features Path-based, host-based routing Fast TCP handling, static IP Use Case Web apps, HTTP APIs Low latency apps, real-time systems
Answer: • Use a bastion host (jump box) in the public subnet.
• Or use Session Manager (SSM) if agents are installed.
• Optionally use a VPN or Direct Connect.
Answer: Feature AWS Lambda AWS Fargate Type Serverless functions Serverless containers Use Case Short event-driven tasks Long-running container apps Timeout Max15 minutes No hard timeout Pricing Per request + duration Based on vCPU and memory used
Answer: while read line; do echo "$line" done < filename.txt
Answer: OAI is used to restrict access to an S3 bucket so only CloudFront can fetch content, preventing direct access via S3 URL.
Answer: Use ternary operator: variable "env" {} output "instance_type" { value = var.env == "prod" ? "t3.large" : "t2.micro" }
Answer: • Use Git to revert to a previous commit and re-deploy.
• In pipeline, define a rollback stage to deploy last stable artifact (e.g., using Nexus/S3).
• Tools like ArgoCD, Ansible, or Helm can assist with rollbacks in CD.
Answer: Maven has 3 built-in lifecycles:
• clean – cleans previous build (mvn clean)
• default – main build (compile, test, package, install, deploy)
• site – generates documentation
Answer: mvn install -DskipTests Or skip completely: mvn install -Dmaven.test.skip=true
Answer: Tool Purpose Key Feature Maven Build tool Convention over configuration Ant Build tool Procedural (manual steps) Jenkins CI/CD automation Executes pipelines, integrates tools
Answer: Namespaces logically isolate resources in a cluster. Example: dev, test, prod environments in the same cluster.
Answer: Argo CD is a GitOps tool for Kubernetes. It continuously syncs your Kubernetes cluster state with Git repositories.
Answer: Ingress exposes HTTP and HTTPS routes from outside the cluster to services inside using rules and host/path-based routing.
Answer:
| Aspect | Docker | Kubernetes |
|---|---|---|
| Type | Containerization platform | Container orchestration platform |
| Primary Function | Build, ship, and run containers | Deploy, manage, scale, and orchestrate containers |
| Scope | Works on a single host | Manages clusters of nodes (multi-host) |
| Component | Uses Docker CLI and Docker Engine | Uses Master (Control Plane) and Nodes |
| Container Management | Manual or via docker-compose |
Automated (via Deployments, StatefulSets, etc.) |
| Scaling | Manual | Auto-scaling supported |
| Networking | Basic networking | Advanced service discovery and load balancing |
| High Availability | Not built-in | Built-in redundancy and failover |
| Monitoring & Logging | Basic logging | Supports monitoring/logging with Prometheus, ELK, etc. |
| Installation | Simple, lightweight | More complex, requires cluster setup |
Answer:
Answer: • Comments (#)
• Variable declarations
• Logic/commands (if, echo, loops)
• Function definitions
Answer: Starts with #!, tells the system which interpreter to use. Example:
#!/bin/bash
Answer: Use chmod: chmod 755 file.sh Use chown to change ownership: chown user:group file
Answer: • crontab schedules jobs.
• /etc/cron.allow – only users in this file can use crontab.
• /etc/cron.deny – users listed here cannot use crontab.
Answer: kill kill -9 #### force kill
Answer: Use: top htop mpstat
Answer: netstat -tuln | grep 80 ss -tuln | grep 80
Answer: traceroute google.com It shows the path and delays to the destination.
Answer: tail -n 20 filename.log
Answer: • Open-source CI/CD tool
• Supports pipeline-as-code
• Plugins for Docker, Kubernetes, Git, etc.
• Can build, test, deploy automatically
Answer: • Use Declarative or Scripted pipeline in a Jenkinsfile
• Use UI to create pipeline jobs and add stages
• Example:
groovy
pipeline {
stages {
stage('Build') {
steps {
echo 'Building...'
}
}
}
}
A: SNS (Simple Notification Service) is an AWS service used to send notifications via email, SMS, HTTP, or Lambda. To create it:
Go to AWS SNS in the console. Click “Create topic” → Choose Standard or FIFO. Name the topic and click Create. To add a subscriber, choose the topic → Create subscription → select protocol (e.g., Email) and provide the endpoint.
A: A Playbook in Ansible is a YAML file that defines a set of automation tasks (called "plays") to be executed on remote systems. It is used to configure systems, deploy applications, and manage infrastructure in a repeatable way. Example use: Installing software, restarting services, or copying files across servers.
Answer: • Directly in shell: ls, echo, cd
• Or in script files with .sh extension
• Use bash script.sh or ./script.sh
Answer: • Dev – Development
• QA – Testing
• UAT – User Acceptance Testing
• Prod – Live/production
Q: How do you restore a deleted S3 object? A: If versioning was enabled, I can retrieve the deleted object using a previous version. Without versioning, the object is permanently deleted unless S3 backup (e.g., replication or lifecycle rule to Glacier) is configured.
Q: How do you identify a public vs private subnet? A: A public subnet has a route to the internet via an internet gateway (IGW). A private subnet lacks this route and usually uses a NAT gateway for internet access. I verify this by checking route tables.
Q: How do you recreate Terraform-managed resources? A: I use terraform taint to mark a resource for recreation, or terraform destroy followed by terraform apply to recreate everything. I also use terraform state rm if needed to remove a resource from state before recreating.
Q: What is a remote Terraform module and how do you use it? A: A remote module is a reusable configuration hosted in a repo (like GitHub, Terraform Registry). It’s used via a module block with a source URL.
Example:
module "vpc" { source = "terraform-aws-modules/vpc/aws" version = "3.0.0" ... }
Q: Why do you use modules in Terraform? A: Modules group and reuse Terraform configurations, promoting clean and DRY code. They help manage large infrastructure by encapsulating resources like VPCs, EC2s, or databases into logical components.
Q: How do you handle sensitive values like passwords in Terraform? A: I use terraform.tfvars or environment variables and mark them as sensitive in the variable block. For storage, I use tools like AWS Secrets Manager or HashiCorp Vault and access them using data blocks.
Q: What’s the difference between CMD and ARG in Docker? A: ARG defines variables at build-time, while CMD provides defaults for runtime.
Example:
dockerfile
ARG VERSION=1.0 CMD ["node", "app.js"]
Q: What steps do you take to secure Docker images? A: I use minimal base images (like Alpine), scan images with tools like Trivy or Docker Scout, avoid hardcoding secrets, use .dockerignore, and sign images using Docker Content Trust or Notary.
Q: How do you secure a 3-tier app (web, app, DB)? A: I use security groups and NACLs to isolate layers: • Web tier: Public subnet with limited inbound (HTTP/HTTPS). • App tier: Private subnet, allows traffic only from web tier. • DB tier: Private subnet, accessible only by app tier. Enable encryption (TLS, KMS), IAM roles, and monitoring (CloudWatch, GuardDuty).
Q: How do you expose an application in Kubernetes to the internet? A: I use a Service of type LoadBalancer or Ingress. For complex routing and HTTPS, I prefer using an Ingress controller (like NGINX or ALB Ingress).
Q: How do you connect Jenkins to cloud environments like AWS? A: I configure Jenkins with AWS CLI/SDK or IAM credentials (via credentials plugin). I install plugins like AWS EC2, use IAM roles (on EC2 agents), and store secrets in AWS Secrets Manager or Jenkins credentials.
Answer: By default, you can create 5 VPCs per region per AWS account. This limit can be increased by requesting a quota increase from AWS.
Answer: • Public Subnet: A subnet that is associated with a route table that has a route to an Internet Gateway (IGW). Resources in this subnet can access the internet.
•Private Subnet: A subnet that does not have a route to the Internet Gateway. Used for internal resources like databases.
Answer: An AWS Transit Gateway enables you to connect multiple VPCs and on-premises networks through a central hub, simplifying your network architecture and reducing the number of peering connections.
Answer: VPC Peering allows direct communication between two VPCs in the same or different AWS accounts/regions. It’s non-transitive and is used for point-to-point connectivity.
Answer: A VPC Endpoint allows private connection between your VPC and AWS services (like S3, DynamoDB) without using the internet, improving security and performance.
Answer: You cannot directly rename a database when restoring a snapshot. Instead:
3. Use tools like pg_dump/mysqldump, or AWS DMS to export and import data into a DB with the desired name.
Answer: Define the inventory of 100 EC2 instances.
Write a playbook to install and start HTTPD:
---
- hosts: webservers
become: yes
tasks:
- name: Install httpd
yum:
name: httpd
state: present
- name: Start httpd service
service:
name: httpd
state: started
enabled: yesRun the playbook: ansible-playbook -i inventory.ini playbook.yml
Answer: • Check EC2 instance status (Running/Reachable).
• Verify Security Groups and NACLs (port access).
• Check application logs (/var/log/, journalctl, etc.).
• Confirm service status (systemctl status).
• Check CPU/memory/disk usage.
• Test network connectivity (ping, telnet, curl).
Answer: • Attach an IAM Role to EC2 with S3 access permissions (e.g., AmazonS3ReadOnlyAccess).
• Use AWS CLI or SDK on EC2:
aws s3 ls s3://your-bucket-name
Answer: Feature Security Group NACL Level Instance-level Subnet-level Stateful Yes No Rules Allow only Allow and Deny Applies to EC2 Instances Subnets Default Behavior Deny all unless allowed Allow all unless changed
Answer: EC2 instances are categorized based on their hardware capabilities and use cases. Below is a corrected and properly aligned table:
| Instance Series | Type | Use Case | Examples |
|---|---|---|---|
| t-series | Burstable general purpose | Low-cost, spiky workloads | t2.micro, t3.small |
| m-series | General purpose | Balanced compute, memory, network | m5.large, m6g.medium |
| c-series | Compute optimized | High-performance compute workloads | c5.large, c6g.xlarge |
| r-series | Memory optimized | In-memory databases, caching | r5.large, r6g.xlarge |
| i-series | Storage optimized | High IOPS storage workloads | i3.large, i4i.xlarge |
| g/p-series | GPU / Accelerated computing | ML, AI, video processing | g4dn.xlarge, p3.2xlarge |
Answer: • Check logs: kubectl logs
• Describe pod: kubectl describe pod
• Check events and container status for error messages.
• Investigate issues like: o CrashLoopBackOff
o ImagePull errors
o OOMKilled (Out of Memory)
o Misconfigurations in YAML (ports, env vars, etc.)
Answer: • Manual Scaling: Using kubectl scale command or editing the deployment.
• Horizontal Pod Autoscaler (HPA): Scales pods based on CPU/memory utilization.
• Vertical Pod Autoscaler (VPA): Adjusts CPU/memory requests/limits.
• Cluster Autoscaler: Automatically adds/removes nodes based on pod needs.
Answer: • Rolling Update (default): Gradually replaces old pods with new ones.
• Recreate: Deletes old pods before creating new ones.
• Blue/Green Deployment: Deploys new version alongside old one, then switches.
• Canary Deployment: Gradually rolls out to a small subset before full rollout.
Answer: Kubernetes doesn't directly support pausing containers, but you can:
• Use kubectl rollout pause deployment/ to pause updates.
• Use Linux SIGSTOP/SIGCONT signals in advanced container runtime setups.
Answer: Init containers are special containers that run before app containers in a Pod. They:
• Run sequentially.
• Are used for initial setup tasks (e.g., configs, waiting for DB readiness).
• Must complete successfully for the main container to start.
Answer: Sidecars are helper containers that run alongside the main container in the same pod.
Examples:
• Logging agent
• Data synchronizer
• Proxy (like Envoy for service mesh)
Answer: • App Containers: Primary application logic.
• Init Containers: Run before app containers for setup tasks.
• Sidecar Containers: Provide supporting features (logging, monitoring).
• Ambassador Containers: Help with service communication/proxying.
Answer: • Namespaces can’t be renamed, only deleted and recreated.
• If a resource disappears:
o Check with kubectl get all --all-namespaces
o Validate configs still reference the correct namespace.
Answer: etcd is a distributed key-value store used by Kubernetes to store all cluster state data (like config, secrets, nodes, etc.). It must be highly available and backed up.
Answer: Used to manage stateful applications:
• Each pod has a persistent identity.
• Ordered, graceful deployment and scaling.
• Stable network names and storage (e.g., databases).
Answer: A service with clusterIP: None:
• Doesn't assign a cluster IP.
• DNS returns the pod IPs directly.
• Used with StatefulSets for service discovery.
Answer:B Maintains a stable set of pod replicas.
• Ensures desired number of pods are running.
• Used by Deployments internally.
Answer: A Deployment is used to:
• Manage ReplicaSets
• Perform rolling updates
• Rollback to previous versions
• Scale pods
Answer: Ensures that a copy of a pod runs on all (or selected) nodes.
Use cases:
• Log collection (e.g., Fluentd)
• Monitoring agents (e.g., Prometheus Node
Answer: GitHub Actions is a CI/CD automation tool provided by GitHub. It allows you to define workflows in .github/workflows/*.yml files to automate processes like: Code build Test Deployment
Structure:
name: CI Pipeline
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Run build
run: echo "Build complete"Answer:
Define environments: staging, preprod Use manual approval (environments protection rules) for preprod. Sample GitHub Actions deployment step:
jobs:
deploy-staging:
...
deploy-preprod:
needs: deploy-staging
environment:
name: preprod
url: https://preprod.example.com
steps:
- name: Deploy to preprod
run: ./deploy.shUse a deployment strategy like: Use if conditions to check branch or tag. Use environment with required reviewers in GitHub.
Answer: Use tags in the playbook:
tasks:
- name: Install Apache
apt:
name: apache2
state: present
tags: installRun specific task with: ansible-playbook site.yml --tags install
Example:
ssh username@ip "ls -l /path/to/dir"
Replace username@ip with the actual user and server IP (e.g., ubuntu@192.168.1.10).
Question: Write a bash command to print the last word.
Answer:
echo "This is a sentence" | awk '{print $NF}'
$NF = Number of Fields, i.e., last field.
Issue:
Wrong quote characters pritn is a typo, should be print -F not needed unless using a specific delimiter Corrected version:
echo "Hello world" | awk '{print $NF}'
Answer (Script):
#!/bin/bash read -p "Enter a sentence: " sentence echo "$sentence" | awk '{print $1}'
Usage: $ ./firstword.sh
Enter a sentence: Hello from DevOps
Hello
- Template files using Jinja2 syntax to dynamically create config files with variables, loops, and conditionals.
- dig is a DNS query tool to retrieve DNS records like IP addresses, MX, NS etc. Example: dig google.com.
- nslookup is a command-line tool to query DNS for domain or IP info, older than dig. Example: nslookup google.com.
- No such standard command. Usually means performing DNS lookup using tools like nslookup or dig.
- A Node Group in EKS is a set of EC2 instances that run Kubernetes workloads. Can be managed (AWS handles) or self-managed.
- A CLI tool to create/manage EKS clusters and node groups easily with simple commands or YAML configs.
bash #!/bin/bash cd /var/log || exit find . -type f -mtime 7 -print
(Note: Linux tracks modification time, not true creation time.)
- AWS Lambda functions don’t have inodes. Inodes are filesystem metadata; Lambda runs serverless, so no direct inode.
| Feature | CloudWatch | CloudTrail |
|---|---|---|
| Purpose | Monitoring & metrics | API call logging & auditing |
| Data Type | Metrics, logs | Management API event logs |
| Use Case | Performance & alerts | Security, compliance, auditing |
| Real-time? | Yes | No |
| Retention | Configurable | 90 days default + S3 archival |
- Resource that does nothing but can run provisioners or act on triggers for side effects without managing real infra.
- Reads/extracts info from existing infrastructure or external sources, no resource creation.
- Returns item from list at given index with wrap-around if index > list length.
- Set env var TF_LOG to DEBUG or TRACE: bash export TF_LOG=DEBUG terraform apply
- Reusable Groovy pipeline code stored in a Git repo, shared across multiple Jenkinsfiles with @Library.
- Poll SCM, Webhooks (GitHub), Periodic builds, Build after other projects, Remote triggers, Manual.
- Label slave 2 (e.g. slave2) and restrict job to run on that label in job config.
- Special tasks triggered by notify, run once at end if notified, often to restart services after config changes.