Skip to main content

AKS - Kubernetes - FAQs

 

πŸ”Ή 1. Kubernetes Basics 

Q1. What is Kubernetes?
πŸ‘‰ Kubernetes is an open-source container orchestration platform that automates deployment, scaling, and management of containerized applications. It ensures high availability, load balancing, and self-healing of workloads.

Q2. What is a Pod in Kubernetes?
πŸ‘‰ A Pod is the smallest deployable unit in Kubernetes. It can contain one or more containers that share the same network namespace and storage. Example: A pod with a web app + sidecar logging container.

Q3. What are ReplicaSets?
πŸ‘‰ ReplicaSets ensure a specified number of pod replicas are running at all times. If a pod fails, the ReplicaSet creates a new one automatically.

kubectl scale rs myapp-rs --replicas=5

Q4. What is a Deployment in Kubernetes?
πŸ‘‰ A Deployment is a higher-level abstraction that manages ReplicaSets and provides rolling updates and rollbacks. Example: Updating app versions with zero downtime.

Q5. What is a StatefulSet? How is it different from a Deployment?
πŸ‘‰ StatefulSet is used for stateful applications like databases. Unlike Deployments, StatefulSets maintain persistent pod identity and storage.

  • Deployment → Stateless (e.g., web servers).

  • StatefulSet → Stateful (e.g., MySQL, Kafka).

Q6. What are Services in Kubernetes?
πŸ‘‰ Services expose Pods to internal or external traffic.

  • ClusterIP (default, internal only)

  • NodePort (exposes via node IP & port)

  • LoadBalancer (creates external LB in cloud like Azure)

Q7. What is the difference between ConfigMaps and Secrets?
πŸ‘‰ Both store configuration data:

  • ConfigMaps → non-sensitive data (env variables, config files).

  • Secrets → sensitive data (passwords, API keys) encoded in base64.

Q8. What is the difference between Kubernetes and Docker Swarm?
πŸ‘‰

  • Kubernetes: advanced, scalable, supports self-healing, auto-scaling, enterprise-grade.

  • Docker Swarm: lightweight, easier setup, but lacks advanced features.

Q9. What are Namespaces in Kubernetes?
πŸ‘‰ Namespaces provide logical isolation within a cluster. Useful for multi-team environments. Example: Dev, Test, Prod namespaces.

Q10. What are DaemonSets in Kubernetes?
πŸ‘‰ DaemonSets ensure one pod runs on each node (or specific nodes). Example: monitoring agents (Fluentd, Prometheus Node Exporter).

πŸ”Ή 2. AKS Fundamentals 

Q11. What is AKS (Azure Kubernetes Service)?
πŸ‘‰ AKS is a managed Kubernetes service where Azure manages the control plane (API server, etcd), while you manage the worker nodes and workloads.

Q12. What is the difference between AKS and self-managed Kubernetes?
πŸ‘‰

  • AKS: Control plane managed by Azure, easy upgrades, scaling, integration with Azure services.

  • Self-managed: Full flexibility, but you manage control plane, nodes, patches, security.

Q13. What are Node Pools in AKS?
πŸ‘‰ Node pools group nodes with the same configuration.

  • System node pool → Runs AKS system components.

  • User node pool → Runs your workloads.

Q14. How do you scale AKS clusters?
πŸ‘‰ Two ways:

  • Cluster Autoscaler → adds/removes nodes.

  • Horizontal Pod Autoscaler (HPA) → scales pods based on metrics.

Q15. How do you upgrade an AKS cluster?
πŸ‘‰ Using Azure CLI:

az aks upgrade --resource-group myRG --name myAKS --kubernetes-version <version>

Azure performs rolling upgrades for minimal downtime.

Q16. What are Availability Zones in AKS?
πŸ‘‰ AKS can spread nodes across Azure Availability Zones to improve resilience against datacenter failures.

Q17. What is a Private AKS Cluster?
πŸ‘‰ A cluster where the API server is accessible only through private endpoints within a VNet. This prevents internet exposure.

Q18. What are Virtual Nodes in AKS?
πŸ‘‰ Virtual Nodes use Azure Container Instances (ACI) to provide burst capacity without adding real VMs.

Q19. How do you connect AKS to ACR (Azure Container Registry)?
πŸ‘‰ Use Managed Identity:

az aks update -n myAKS -g myRG --attach-acr myACR

Q20. What is the difference between system and user node pools in AKS?
πŸ‘‰

  • System node pool: Runs core AKS components. Should be small and stable.

  • User node pool: Runs workloads. Can be autoscaled, different VM sizes.

Q21. How do you enable RBAC in AKS?
πŸ‘‰ RBAC is enabled by default. You can integrate with Azure AD for authentication and authorization.

Q22. How do you manage AKS upgrades without downtime?
πŸ‘‰ Use multiple node pools, rolling upgrades, and PodDisruptionBudgets to control disruption.

πŸ”Ή 3. Networking & Storage 

Q23. What is the difference between Kubenet and Azure CNI?
πŸ‘‰

  • Kubenet → Simple, pods get private IPs via NAT.

  • Azure CNI → Pods get IPs from VNet, better Azure integration.

Q24. What is an Ingress Controller in AKS?
πŸ‘‰ An Ingress Controller (NGINX, AGIC) manages external HTTP/HTTPS traffic to services inside the cluster using routing rules.

Q25. What is the difference between ClusterIP, NodePort, and LoadBalancer?
πŸ‘‰

  • ClusterIP → Internal-only access.

  • NodePort → Exposes service on node IP + port.

  • LoadBalancer → Creates Azure LB for internet access.

Q26. How does DNS work in AKS?
πŸ‘‰ CoreDNS provides internal DNS resolution. Services get DNS names like <service>.<namespace>.svc.cluster.local.

Q27. What are Persistent Volumes (PV) and Persistent Volume Claims (PVC)?
πŸ‘‰ PV is a storage resource, PVC is a request for PV. In AKS, PVs are backed by Azure Disks or Azure Files.

Q28. What is the difference between Azure Disks and Azure Files in AKS?
πŸ‘‰

  • Azure Disks → Block storage, single pod access (ReadWriteOnce).

  • Azure Files → Shared file storage, multi-pod access (ReadWriteMany).

Q29. How do you integrate Azure Key Vault with AKS?
πŸ‘‰ Use the Key Vault CSI Driver to mount secrets directly as volumes inside pods.

Q30. How do you restrict pod-to-pod communication in AKS?
πŸ‘‰ Use Network Policies to control allowed ingress/egress traffic between pods.

Q31. What is the difference between Internal and External Load Balancers in AKS?
πŸ‘‰

  • Internal LB → Accessible only inside VNet.

  • External LB → Accessible from the internet.

Q32. How do you implement TLS in AKS Ingress?
πŸ‘‰ Use cert-manager with Let’s Encrypt to automatically provision TLS certificates.

πŸ”Ή 4. Monitoring & Troubleshooting 

Q33. How do you monitor AKS clusters?
πŸ‘‰ With Azure Monitor, Log Analytics, and Container Insights, or using Prometheus + Grafana.

Q34. How do you check logs of a pod?
πŸ‘‰

kubectl logs <pod-name>
kubectl logs <pod-name> -c <container-name>

Q35. How do you debug a failing pod?
πŸ‘‰ Steps:

  1. kubectl get pods → check status

  2. kubectl describe pod <pod> → check events

  3. kubectl logs <pod> → application logs

  4. kubectl exec -it <pod> -- sh → enter pod

Q36. How do you monitor node metrics in AKS?
πŸ‘‰ Azure Monitor collects CPU, memory, disk, and network metrics. Also kubectl top nodes.

Q37. How do you troubleshoot node failures in AKS?
πŸ‘‰ Kubernetes reschedules pods automatically. Use Cluster Autoscaler to add new nodes.

Q38. How do you use Azure Log Analytics with AKS?
πŸ‘‰ Install OMS agent or enable Monitoring in AKS. Query logs with Kusto Query Language (KQL).

Q39. How do you check the status of the AKS cluster?
πŸ‘‰

az aks show -g myRG -n myAKS -o table

Q40. How do you troubleshoot networking issues in AKS?
πŸ‘‰ Check Network Policies, CNI logs, DNS with kubectl exec -it <pod> nslookup <service>.

Q41. How do you monitor container performance in AKS?
πŸ‘‰ Use Azure Monitor Container Insights dashboards or Prometheus metrics (/metrics endpoint).

Q42. How do you detect and prevent pod crashes?
πŸ‘‰ Configure readiness/liveness probes and use pod disruption budgets.

πŸ”Ή 5. Advanced / Scenario-Based 

Q43. How do you achieve zero-downtime deployments in AKS?
πŸ‘‰ Use Deployment with rolling updates, multiple replicas, and readiness probes.

Q44. What is the difference between Blue-Green and Canary deployments in AKS?
πŸ‘‰

  • Blue-Green → Run two environments (old/new), switch traffic at once.

  • Canary → Gradually shift traffic to new version.

Q45. How do you implement Blue-Green deployment in AKS?
πŸ‘‰ Use two services (blue and green), route traffic using Ingress or LoadBalancer.

Q46. How do you implement Canary deployment in AKS?
πŸ‘‰ Use Ingress with weighted routing (NGINX, AGIC) or service mesh (Istio, Linkerd).

Q47. How do you run stateful applications like databases in AKS?
πŸ‘‰ Use StatefulSets with Persistent Volumes backed by Azure Disks or Azure Files.

Q48. How do you implement CI/CD pipelines for AKS?
πŸ‘‰ Azure DevOps or GitHub Actions → Build Docker image → Push to ACR → Deploy to AKS via kubectl/Helm.

Q49. How do you migrate workloads to AKS?
πŸ‘‰

  1. Containerize apps

  2. Push images to ACR

  3. Define Kubernetes manifests

  4. Deploy to AKS

Q50. How do you handle multi-region deployments with AKS?
πŸ‘‰ Deploy clusters in multiple regions and use Azure Traffic Manager/Front Door for global routing.

Q51. How do you manage costs in AKS?
πŸ‘‰ Use autoscaling, spot node pools, right-size nodes, and shutdown non-prod clusters.

Q52. How do you handle secrets in AKS securely?
πŸ‘‰ Use Azure Key Vault with CSI driver or sealed-secrets.

Q53. How do you manage node upgrades in AKS?
πŸ‘‰ Upgrade node pools separately; AKS drains and upgrades nodes one by one.

Q54. How do you backup and restore AKS workloads?
πŸ‘‰ Use Velero for backup of Kubernetes objects and PVs.

Q55. How do you enforce governance in AKS?
πŸ‘‰ Use Azure Policy to enforce allowed images, namespaces, resource quotas.

Q56. How do you enable multi-tenancy in AKS?
πŸ‘‰ Use namespaces + RBAC + network policies to isolate teams/apps.

πŸ”Ή 6. Security & Best Practices 

Q57. How does RBAC work in AKS?
πŸ‘‰ RBAC defines permissions for users, groups, and service accounts. You can integrate RBAC with Azure AD.

Q58. What are Pod Security Standards?
πŸ‘‰ Three levels:

  • Privileged

  • Baseline

  • Restricted (strongest, least privileges).

Q59. How do you integrate AKS with Azure AD?
πŸ‘‰ Enable Azure AD integration during AKS creation. This allows AKS RBAC tied to Azure AD users/groups.

Q60. How do you use Managed Identities in AKS?
πŸ‘‰ Pods can access Azure resources without credentials by using Managed Identity (via aad-pod-identity).

Q61. How do you prevent running privileged containers in AKS?
πŸ‘‰ Enforce Pod Security Standards or Azure Policy to block privileged pods.

Q62. How do you secure images in AKS?
πŸ‘‰ Use ACR with content trust, scan images with Microsoft Defender for Containers.

Q63. How do you control network access in AKS?
πŸ‘‰ Use Azure NSGs + Kubernetes Network Policies.

Q64. What is Azure Policy for AKS?
πŸ‘‰ It enforces rules like “only allow images from ACR” or “deny public load balancers.”

Q65. How do you secure the API server in AKS?
πŸ‘‰ Use a private cluster, authorized IP ranges, and RBAC.

Q66. How do you secure secrets in Kubernetes?
πŸ‘‰ Avoid plain Kubernetes Secrets (base64). Use Key Vault CSI driver or sealed-secrets.

Q67. How do you use PodDisruptionBudgets in AKS?
πŸ‘‰ PodDisruptionBudget (PDB) ensures a minimum number of pods remain available during voluntary disruptions (e.g., upgrades).

Q68. How do you prevent image pull from public registries in AKS?
πŸ‘‰ Use Azure Policy to allow only ACR-based images.

Q69. What are best practices for securing AKS?
πŸ‘‰

  • Use private clusters

  • Integrate with Azure AD RBAC

  • Use Key Vault for secrets

  • Enforce Network Policies

  • Enable monitoring and auditing

Q70. How do you ensure compliance in AKS?
πŸ‘‰ Use Azure Policy, Defender for Kubernetes, and compliance scans against CIS benchmarks.

Labels:

Comments

Post a Comment

Popular posts from this blog

AKS Architecture - High-Level Workflow

High-Level AKS Workflow User/DevOps Engineer interaction You use kubectl , Azure CLI, Terraform, or the Azure Portal to submit a request (e.g., deploy a pod, scale replicas, expose a service). The request goes to the Kubernetes API Server (running in the AKS control plane). Control Plane Processing API Server validates the request and stores the desired state in etcd (the cluster database). Scheduler checks for available resources (CPU, memory, taints, affinities) across worker nodes and decides where to place the pod. Controller Manager ensures the cluster continuously matches the desired state. Example: If you ask for 5 replicas but only 3 exist, it will create 2 more. Worker Node Execution The Kubelet on the chosen worker node receives instructions from the API server. Container Runtime (containerd) pulls the required container image (from ACR, Docker Hub, etc.) and runs the container inside a pod . Kube-proxy updates networking rules...
Post a Comment
Read more

AKS Architecture Overview

 AKS is a managed Kubernetes service in Azure where Microsoft manages the control plane and you (the customer) manage the worker nodes and workloads . At a high level, it consists of: Control Plane (Master Components) – managed by Azure. Worker Nodes (Agent Nodes) – managed by you (inside your subscription). Supporting Azure Resources – networking, storage, monitoring, identity, etc. πŸ”Ή 1. Control Plane (Managed by Azure) This is the brain of the cluster, hosted and managed by Azure. You don’t pay directly for the control plane; it’s included in the service. Key components: API Server – entry point for kubectl, Azure CLI, and Azure portal requests. etcd – distributed key-value store to keep cluster state (pods, secrets, config, etc.). Scheduler – places pods on the right worker nodes based on resources/constraints. Controller Manager – ensures the desired state matches actual state (e.g., replicas). Cloud Controller Manager – integrates Kub...
Post a Comment
Read more

Top 20 Docker FAQS

  Top 20 Docker Interview FAQs What is Docker, and how is it different from a virtual machine? Explain the architecture of Docker (Client, Daemon, Images, Containers, Registries). What is the difference between a Docker image and a Docker container? How do you create a Docker image? What are best practices for writing a Dockerfile? What is the difference between CMD and ENTRYPOINT in a Dockerfile? What are Docker volumes, and how do they differ from bind mounts? How do you persist data in Docker containers? What is the difference between Docker Compose and Docker Swarm? How does Docker handle networking? Explain different network drivers (bridge, host, overlay). How do you share environment variables and secrets in Docker containers securely? What are multi-stage builds in Docker, and why are they useful? How do you optimize the size of a Docker image? What happens when you run docker run internally? How do you troubleshoot a failing Docke...
Post a Comment
Read more