Kubernetes Realtime Interview Questions To Crack Interview

What have you done with Kubernetes?

Answer:

A prepared answer can be more effective than an impromptu one. Here’s a structured list of possible experiences:

  • Created clusters
  • Upgraded master and node pool versions
  • Deployed applications via Helm charts
  • Developed health check scripts for various workloads
  • Deployed Spinnaker for continuous delivery
  • Configured Horizontal Pod Autoscaler (HPA)
  • Managed day-to-day tasks like ConfigMaps, Secrets, Persistent Volumes (PVs), and Persistent Volume Claims (PVCs)
  • Troubleshot operational issues
  • Worked with StatefulSets
  • Created and signed Certificate Signing Requests (CSRs)

You have 2 different contexts (A and B). Context A has a secret named foo. How can you create the same secret in Context B?

Answer:

  1. Switch to Context A
  2. Run kubectl get secret foo -o yaml > foo.yaml
  3. Switch to Context B
  4. Run kubectl apply -f foo.yaml

What are the common methods to implement Ingress?

Answer:

Ingress is implemented by Ingress Controllers. Common options include:

  • Load Balancers (e.g., GCP, AWS)
  • Nginx Ingress Controller

Why do we need Kubernetes? What problems does it solve?

Answer:

Kubernetes addresses several issues that arise when using containers, such as:

  • Orchestration
  • Inter-container communication
  • Autoscaling
  • Observability
  • Security
  • Persistent and shared volumes

What is the difference between Ingress and Ingress Controller?

Answer:

  • Ingress: Defines how external traffic should be routed to services within the cluster. It does not handle traffic directly.
  • Ingress Controller: Implements the rules defined by Ingress and manages the traffic routing, e.g., through a Load Balancer or Nginx.

What is the most common type of Ingress Controller?

Answer:

Load Balancers are the most common type of Ingress Controller.


Which Ingress Controllers are officially supported by Kubernetes?

Answer:

Kubernetes officially supports:

  • AWS Ingress Controller
  • GCE Ingress Controller
  • Nginx Ingress Controller

What are some other Ingress Controllers besides the three supported by Kubernetes?

Answer:

Other Ingress Controllers include:

  • HAProxy
  • Istio Ingress
  • Traefik
  • Skipper
  • Voyager
  • Tyk Operator
  • Gloo
  • AKS Application Gateway Ingress Controller (Azure)
  • Ambassador
  • Enroute


How to troubleshoot a crashing container?

Answer:
You can use the --previous option with the logs command to view the logs of a crashed container:
kubectl logs --previous

What happens if a container uses too much CPU or memory?

Answer:

  • Memory: The container will be evicted.
  • CPU: The container will be throttled.

How do you manage scaling in Kubernetes?

Answer:

  • Horizontal Pod Autoscaler (HPA): Scales the number of pods based on CPU or custom metrics.
  • Vertical Pod Autoscaler (VPA): Adjusts the resource requests and limits for pods.
  • Cluster Autoscaler: Adjusts the size of the cluster by adding or removing nodes based on pending pods and node utilization.

For more details, see: Replex Blog on Kubernetes Scaling


How have you used RBAC with Kubernetes?

Answer:

RBAC (Role-Based Access Control) in Kubernetes is used to define permissions for different users or service accounts within the cluster. It works similarly to AWS IAM policies. Key components include:

  • Roles: Define what actions are permitted.
  • RoleBindings: Link users or service accounts to roles.
  • Subjects: Entities (users, service accounts) that get assigned roles.

How do you manage security for 200 microservices in your cluster?

Answer:

Use RBAC to define roles and assign them to users or service accounts. Each role specifies access permissions, which helps in managing security efficiently.


Tell me about the hardest production Kubernetes issue you solved.

Answer:

A common scenario might be:

Issue: A microservice update led to incorrect HPA settings, causing containers to crash and affecting other services.

Solution: Fixed the HPA settings and implemented circuit-breakers to prevent cascading failures.


How do you create YAML files for Pods without internet access?

Answer:

Use the kubectl explain command to view the fields for resource definitions:

 
  • kubectl explain pod –recursive
  • kubectl explain pv --recursive

How can you manage SSL certificates in Kubernetes?

Answer:

Store SSL certificates as Secrets. Then, mount these Secrets in your Pods to use the certificates.


What open-source tool can help you switch Kubernetes contexts easily?

Answer:

kubectx is a tool that simplifies switching between Kubernetes contexts.


How do you get the names of Kubernetes resources from the command line?

Answer:

Use the command:

kubectl api-resources

It lists all available resource types and their short names.


What are some Kubernetes verbs other than run, create, or apply?

Answer:

Additional verbs include:

set,explain,get,edit,delete,rollout,scale,autoscale,certificate,cluster-info,top,cordon,uncordon,drain,taint,describe,logs,attach,exec,port-forward,proxy,cp,auth,debug,diff,patch,replace,wait,kustomize,label,annotate,completion,api-resources,api-versions,config,plugin,version

 

What do you get when you run kubectl api-resources?

Answer:

You get a list of Kubernetes resources like Pods, Secrets, ConfigMaps, etc.


 


How do you deploy an additional scheduler on a Kubernetes cluster (not GKE)?

Answer:

  1. Package the scheduler as a Docker image.
  2. Push the image to a container registry.
  3. Create a deployment YAML file with kind: Deployment and component: scheduler in the kube-systemnamespace.
  4. Apply the deployment with:
kubectl apply -f scheduler.yaml

List out 2 use cases for DaemonSets and explain why it is more appropriate to use DaemonSets than Deployments for those use cases:

  • Answer:
    1. Log Collection Pod: DaemonSets are ideal for log collection because you want to ensure that logs are collected from every node in the cluster. Deploying a logging pod using a DaemonSet ensures that each node runs a copy of the pod, collecting logs efficiently across the entire cluster.
    2. Monitoring Pod (e.g., Dynatrace or Datadog): DaemonSets are better suited for monitoring tasks because each node needs to be monitored. By deploying the monitoring agent as a DaemonSet, you ensure that every node is covered without having to modify every individual deployment.

How to move workloads to a new node pool?

  • Answer: Use the cordon and drain commands.
    1. Cordon: This command prevents new pods from being scheduled on the node. (Command: kubectl cordon <node-name>)
    2. Drain: This command safely evicts existing pods from the node. (Command: kubectl drain <node-name>)

Is ClusterIP private or public?

  • Answer: Private. ClusterIP is accessible only within the Kubernetes cluster.

Which service type allows access to your services from the internet: ClusterIP or NodePort?

  • Answer: NodePort. NodePort exposes the service on a port on each node’s IP, which can be accessed from outside the cluster.

For a service, when we use NodePort, what does every node do?

  • Answer: Every node in the cluster assigns the service an external port and proxies the traffic to the appropriate pods within the service.

What does it mean when we say that a node proxies a service?

  • Answer: The node forwards incoming traffic to one of the pods that are part of the service

What are two ways to let a container have access to a secret?

  • Answer:
    1. Volume Mount: Mount the secret as a volume inside the container.
    2. Environment Variable: Pass the secret as an environment variable to the container.

How can a container have access to a secret via an environment variable?

  • Answer: You define the environment variable in the YAML file, and the container can access it using a command like echo $MY_SECRET.

One-liner command to run a pod with the nginx:alpine image?

  • Answer: kubectl run nginx-pod --image=nginx:alpine (Here, nginx-pod is an arbitrary pod name.)

How do you make a kubectl command run in a different namespace instead of the default one?

  • Answer: Use the -n <namespace_name> option with your kubectl command.

Command to create a namespace?

  • Answer: kubectl create ns foobar

When using the kubectl command, how do you get output in JSON format?

  • Answer: kubectl get nodes -o json

In the kubectl expose command, what is the difference between port and targetPort?

  • Answer:
    • port: This is the port on the cluster (service).
    • targetPort: This is the port on the container (like how ALB works).

Command to expose a pod as a service?

  • Answer: kubectl expose pod foobarpod --name foobarservice --port 6379 --target-port 6379

Command to scale a deployment named foobardeployment to 2 replicas?

  • Answer: kubectl scale deployment foobardeployment --replicas=2

Can you scale a Kubernetes service?

  • Answer: No, you can scale deployments and replicasets, but not services.

By default, can a pod in one namespace talk to another pod in another namespace?

  • Answer: Yes, by default, pods can communicate across namespaces.

By default, where do YAML files for static pod files go?

  • Answer: The YAML files for static pods go to /etc/kubernetes/manifests/ on the node.

What is a static pod?

  • Answer: Static Pods are managed directly by the kubelet on a specific node, without the API server observing them. They are defined by YAML files placed in a specific directory on the node.

There is a pod named foo that is in a CrashLoopBackOff state. How do you find the cause using a kubectlcommand?

  • Answer: Use kubectl describe pod foo to see why the pod is in the CrashLoopBackOff state. For example, you might find that the container’s command has a misspelling.

Scenario: A container keeps crashing because its “command” section has a misspelling. How do you fix this?

  • Answer:
    1. Generate the YAML file.
    2. Fix the issue in the YAML file.
    3. Delete the crashing pod.
    4. Re-run the corrected YAML file using kubectl apply -f.

What is the difference between PV and PVC?

  • Answer: PV (Persistent Volume) is essentially a disk volume of some sort, while PVC (Persistent Volume Claim) is a link between that volume and a pod.

How does the master server authenticate itself to etcd?

  • Answer: The master server authenticates itself to etcd using 2 certificates and 1 key, sending commands to etcd. On the master node, these configurations are in /etc/kubernetes/manifests/etcd.yaml, which points to the cert files and key file.

Examples of commands the master server can send to etcd (once authenticated with certs and key):

  • Answer:
    • member list
    • snapshot save /tmp/etcd-backup.db
    • snapshot status /tmp/etcd-backup.db -w table

Steps to create a pod named foo with the image redis and CPU request set to 2 CPUs and memory request set to 400MiB:

  • Answer:
    1. First, create a YAML file:
      kubectl run --generator=run-pod/v1 foo --image=redis --dry-run=client -o yaml > foo.yaml
    2. Edit the YAML file to include the following in the resources section of spec:
      yaml
      resources:
      requests:
      cpu: "2"
       memory: "400MiB"
    3. Apply the YAML file:
      kubectl apply -f foo.yaml

Can you think of some general areas of Kubernetes where you would want to think about security:

Answer:
a. Your container images
b. Your container registry
c. Your Kubernetes runtime infrastructure (e.g., etcd)
d. Hosts (where Kubernetes nodes are running)
e. Kubernetes Secrets
f. Kubernetes Certificates
g. RBAC entities

Processes within a container: How do they (security-wise) talk to the API server running on the master node?

Answer: Using a Kubernetes Service Account

How do you generate a CSR within the Kubernetes system?

Answer:
a. Create a .csr file using the openssl command (and a private key, but it does not matter to Kubernetes)
b. Encode it
c. Create a YAML file (Kind: CertificateSigningRequest) using the encoded CSR
d. Apply the YAML file using kubectl apply -f CertificateSigningRequest.yaml

If you have created a CertificateSigningRequest, but you have not approved it yet, what status do you get if you run the kubectl get csr command?

Answer: You will see that the request is in a “pending” state.

Command to approve a CSR?

Answer: kubectl certificate approve foo-csr

Example output: certificatesigningrequest.certificate.k8s.io/foo-csr approved

Kubectl command to create a role:

Answer: kubectl create role

Detailed example:

kubectl create role foo --resource=pods --verb=create,list,get,update,delete --namespace=development role.rbac.authorization.k8s.io/foo created
 

Command to describe a role:

Answer: kubectl describe role foo -n foo_namespace

Why is it important to keep etcd secure and encrypted?

Answer: etcd stores all your Kubernetes data, including Kubernetes Secrets.

3 Steps for creating a CA (Certificate Authority) on the master node?

Answer: (On a managed Kubernetes like GKE and EKS, you don’t need to do this):
a. Create a private key
b. Create a CSR
c. Self-sign the CSR

When you tell Kubernetes to run a pod, who decides which node gets that pod?

Answer: Scheduler

What if you don’t like the default scheduler that comes with Kubernetes?

Answer: You can always run your own scheduler.

If a node has a taint, what do you have to do to your pod for it to be able to run on that node?

Answer: You have to give the pod the same toleration.

If you want a pod to run on a specific node, which feature do you have to use?

Answer: Node Affinity

If we already have a liveness probe, why do we need a readiness probe?

Answer: There are times when a container fails a liveness probe, and yet we do not want the container to be killed. For example, if a container takes time to be ready (e.g., loads a large data set). In this case, the liveness probe would fail, and without a readiness probe, Kubernetes would kill the container. A readiness probe tells Kubernetes to wait for the container to finish its preparation work.

What is a “logging driver”?

Answer: Docker has the ability to send logs to various places (e.g., awslogs, fluent, and many more). Each one of these is a logging driver.

Which component collects and aggregates the metrics?

Answer: cAdvisor (which is part of kubelet on worker nodes). Those metrics are then sent to Metric Server (running on master nodes). Metric Server exposes them via kube-api (also running on the master node).

When you run kubectl top, which component are you talking to?

Answer: kube-api (which gets its data from Metric Server).

By default, a container runs with what UID?

Answer: 0 (i.e., root). This can be potentially bad if the container somehow gains access to the host OS.

What is the idea behind “Security Context”?

Answer: Security Context defines the level of permissions given to the container as it runs. By default, it runs with UID 0, which is potentially dangerous. Using runAsUser, runAsGroup, and fsGroup, we can limit what the container can do on the host. This is “Security Context.”

What is the “Ambassador Pattern”?

Answer: When the sidecar proxies the connections from the main container to the outside world.

What is the “Adapter Pattern”?

Answer: When the sidecar re-formats the output of the application running on the main container to another desired format. This way, you don’t have to re-write the application code when there is a need to re-format the output for another system to consume.

Can you describe a use case where the ambassador pattern can be of use?

Answer: If you have a legacy application that cannot be modified, but you need to change the port on which this app listens, the ambassador container can listen on the new port and pass on the traffic to the old port that was not modified.

What is the difference between a label and a selector?

Answer: Labels are basically tags. Selectors use key-value pairs to pick out objects (e.g., pods) to work on.

What is a network policy in Kubernetes?

Answer: A network policy is equivalent to a Security Group in AWS. You define who can talk to whom via network policy.

Network Policies often rely on what?

Answer: Labels and selectors.

When do maxSurge and maxUnavailable come into play?
Answer: During Rolling Updates of Deployments.

  • maxSurge: Defines the maximum number of additional pods that can be created during the update.
  • maxUnavailable: Specifies the maximum number of pods that can be unavailable during the update.

Why do we need HPA (Horizontal Pod Autoscaler) when we already have maxSurge and maxUnavailable?
Answer: HPA handles autoscaling based on resource usage, while maxSurge and maxUnavailable are specifically for managing pods during rolling updates.

What is the difference between Service Port and Target Port?
Answer:

  • Service Port: The port on which the service is exposed to users.
  • Target Port: The port on the container where the application is running and listening.

If you make a mistake with labels and/or selectors while configuring a service, how does it manifest?
Answer: The service will be created, but it won’t have any endpoints associated with it.

How can you check if you have permission to update pods using kubectl on your Mac?
Answer: Run kubectl auth can-i update pods. If you have permission, you’ll get a “yes” response

How do you ensure that a kubectl command is executed on the correct cluster when managing 100 of  Clusters?
Answer: Switch to the correct context using kubectl config use-context <context-name>. Tools like kubectx can help manage multiple contexts.

What is a quick way to create a service in Kubernetes?
Answer: Use the kubectl expose command.
Example: kubectl expose pod mypod --name=myservice --port=80 --target-port=8080 --type=ClusterIP

How does Kubernetes handle DNS internally?
Answer: Kubernetes uses DNS pods running in the kube-system namespace. You can view these by running: kubectl get po -A | grep dns.

If you’re on a node, how can you check for running containers?
Answer: Use the command docker ps.

How can you quickly generate a YAML file for a pod you usually create via the command line?
Answer: Add -o yaml --dry-run=client to your command to output the YAML without actually creating the pod.

What is a ClusterRoleBinding in Kubernetes?
Answer: A ClusterRoleBinding binds a user or a group to a cluster-wide role, granting them the permissions defined in that role.

How do you associate a pod with a Service Account in a YAML file?
Answer: Add serviceAccountName: <service-account-name> under the spec section.

How can you list all network policies in the default namespace?
Answer: Run kubectl get netpol.

Can you use pod selectors in an ingress network policy?
Answer: Yes, pod selectors are commonly used in ingress network policies to define which pods are allowed to receive traffic.

What is the purpose of api-versions in Kubernetes?
Answer: Kubernetes is composed of multiple APIs, each at different stages of maturity (alpha, beta, stable), which is why there are various API versions.

How can you find the correct API version to use for network policies?
Answer: Run kubectl api-versions | grep -i network.

Where is the default kubectl configuration file located on a Mac or PC?
Answer: The default configuration file is located at ~/.kube/config.

How can you scale a deployment named foo to 10 replicas using the command line?
Answer: Run kubectl scale deployment foo --replicas=10.

What should you do if you suspect issues with the control plane pods?
Answer: Run kubectl -n kube-system get pods to check the status of the control plane pods.

What does the ImagePullBackOff state indicate?
Answer: The ImagePullBackOff state means Kubernetes cannot pull the specified container image, possibly due to the image being unavailable or permission issues.

If scaling a deployment is stuck due to a control plane issue, what do you do after fixing the control plane?
Answer: No further action is needed. The controller-manager will automatically resume its job.

What is a namespace in Kubernetes, and why is it used?
Answer: A namespace provides a way to divide cluster resources between multiple users or teams, allowing for isolation of resources within the same cluster.

How would you troubleshoot pods in a CrashLoopBack state?
Answer:

  1. Run kubectl describe pod <pod-name> to check the events.
  2. Run kubectl logs -p <pod-name> to view the pod’s logs before it crashed.

What are the functions of the Kubernetes control plane, and where do they reside?
Answer:

  • Functions: API server, etcd, scheduler, controller-manager, cloud-controller-manager.
  • Location: These components run on the master node.

What are the components of a Kubernetes worker node?
Answer: Docker (container runtime), kubelet, kube-proxy.

Which Kubernetes component is responsible for tainting and placement of pods on nodes?
Answer: The scheduler.

What are annotations used for in Kubernetes, and how are they different from labels and selectors?

Answer:

  • Annotations: Used to attach non-identifying metadata to objects (e.g., contact info, version details, or URLs). Think of them like comments or sticky notes attached to a Kubernetes object.
  • Difference from Labels: Labels are key-value pairs that identify and organize Kubernetes objects. They can be used by selectors to filter and manage resources.
  • Selectors: Only work with labels, not annotations. You can query or group resources based on labels, but not annotations.

Is deployment and service the same? Explain the difference or the sameness between the two concepts.

Answer:

  • Deployment: Similar to running a terraform apply for pods, managing and ensuring they match the desired state. It handles scaling, updates, and rollbacks of pods.
  • Service: Acts as an entry point to access the deployed pods. Users interact with the service, which routes traffic to the appropriate pods, abstracting the underlying infrastructure.

What are the three main characteristics you should focus on to troubleshoot what can go wrong between pods and services?

Answer:

  1. Target Port: The port on the container that the service routes traffic to.
  2. Labels: Ensure that the pods have the correct labels that match the service selectors.
  3. Selectors: Ensure the service is correctly selecting the intended pods.

What are the mechanisms to expose an application running in Kubernetes to the outside world?

Answer:

  • Mechanism Flow: Pods → Service → Public IP → DNS → External Users
  • Explanation: The service provides an IP that external users can access. DNS can then map a human-readable name to this IP.

List some useful commands to troubleshoot Pods issues:

Answer:

  • kubectl describe pod [podname]: Detailed information about a pod, including events.
  • kubectl port-forward [podname] 3000:80: Forward a local port to a pod’s port.
  • kubectl get pods -o wide: Extended output, including node names and IPs.
  • kubectl logs [podname]: View the logs of a pod.
  • kubectl exec -ti [podname] -- bash: Execute a bash shell inside the pod.

What is port-forwarding?

Answer:

  • Concept: Creates a link between a port on your local machine (e.g., laptop) and a port on a pod.
  • Example: If a pod’s service is running on port 443, you can use port-forwarding to access it on your local machine, e.g., https://localhost:4430.

Pods can have startup and runtime errors. Explain what some of these errors mean and 2-3 common culprits.

Answer:

  1. ImagePullBackOff:

    • Meaning: The Docker image could not be retrieved.
    • Culprits: Incorrect registry name, bad image name, or the image no longer exists.
  2. CrashLoopBackOff:

    • Meaning: The container repeatedly crashes after starting.
    • Culprits: Container has no tasks to run or an improperly configured readiness probe.
  3. RunContainerError:

    • Meaning: The container could not start.
    • Culprits: Network issues or authorization problems.
  4. Pods in Pending State:

    • Meaning: The pod is waiting to be scheduled.
    • Culprits: Insufficient resources or connectivity issues between nodes.
  5. Pods in a Not Ready State:

    • Meaning: The pod is scheduled but not fully up.
    • Culprits: A failing readiness probe.

Can you schedule regular pods on the master node (general Kubernetes, not Managed kubernets like GKE, EKS)?

Answer:

  • Yes, but you need to remove the default NoSchedule taint from the master node first.

You have a node A with taint=blue. You have a Pod X with toleration for taint=blue. Would pod X always be placed on Node A? Explain your answer in detail.

Answer:

  • No. Taint acts as a barrier. Pod X can be scheduled on Node A because it tolerates the taint, but it might also be scheduled on other nodes without that taint, depending on other scheduling criteria.

What is the use case for node affinity vs nodeSelector?

Answer:

  • nodeSelector:
    • Use Case: Simple scheduling based on labels. For example, you can ensure that all pods belonging to a certain team or environment (e.g., dev) are placed on specific nodes with matching labels.
  • nodeAffinity:
    • Use Case: More complex scheduling rules, including preferences and soft requirements. For example, you can ensure that pods are scheduled based on specific hardware characteristics, geographic location, or to ensure pods are colocated (or not colocated) with others.
  • Difference: nodeSelector is a basic, exact-match filter, while nodeAffinity allows for more nuanced, conditional scheduling rules.

How do you find out what image of the running container (in a pod)?

Answer:

  • Command: kubectl describe pod [podname] | grep -i image
  • Explanation: This command filters the pod description to show the image used by the container(s) within the pod.

Command used to find out what node the pods are running on:

Answer:

  • Command: kubectl get pods -o wide
  • Explanation: This command provides additional details about each pod, including the node it is running on.

What does the READY column in the output of the “kubectl get pods” command indicate?

Answer:

  • Explanation: The READY column shows how many containers in the pod are supposed to be running vs. how many are actually running. For example, 1/1 means all containers are running, while 0/1 indicates a problem with the pod’s containers.

What happens if all master nodes are unavailable on GKE? Would that impact workloads running on the worker nodes?

Answer:

  • Explanation: The workloads running on the worker nodes will continue to run. However, new deployments, scaling, or any operations that require interaction with the master nodes will not be possible. This is similar to Hadoop, where the worker nodes continue processing even if the master is down, but no new jobs can be submitted.

What is the difference between a daemonset and a deployment?

Answer:

  • DaemonSet: Ensures that a copy of a pod runs on every node in the cluster. It’s used for tasks that should run on all nodes, like logging or monitoring agents.
  • Deployment: Manages a set of identical pods, allowing for updates, scaling, and rollbacks. It’s used for stateless applications.
  • Difference: A DaemonSet is for services that must run on every node, while a Deployment is for scalable, stateless services that can run on one or more nodes.

What is the default deployment strategy of a Kubernetes deployment?

Answer:

  • Default: Rolling Update
  • Other Strategies:
    • Blue-green deployment: Deploys a new version alongside the old one, then switches traffic once the new version is ready.
    • Canary deployment: Gradually shifts traffic from the old version to the new one.
    • A/B Testing: Deploys different versions to different segments of users for testing.

In a replica set definition, how do we tell the replica set that a set of pods is part of the replica set?

Answer:

  • Using Selectors:
    yaml
     
    spec:
      replicas: 3          selector:     
          matchLabels:
        app: myapp
  • Explanation: The selector matches the labels on the pods that the replica set should manage.

What are the benefits of resource limits in Kubernetes?

Answer:

  • Benefits:
    • Prevents resource contention: Ensures that no single container consumes more resources than allocated, preventing it from affecting other containers.
    • Resource management: Helps in maintaining a balanced resource allocation, preventing any runaway container from monopolizing resources.
    • Alerting: You get alerts if resource usage approaches the set limits, allowing proactive management.

Explain what is meant by resource request and resource limits setting.

Answer:

  • Resource Request:
    • Definition: The minimum amount of resources (CPU/memory) a container needs to start and run. The scheduler only assigns the pod to a node that can meet this request.
  • Resource Limit:
    • Definition: The maximum amount of resources a container is allowed to use. If the container tries to use more than this, it can be throttled or terminated.
  • Analogy: The request is the “entry ticket,” and the limit is the “bad boy level” that the container should not exceed.

How do you see which pods or nodes are using the most resources?

Answer:

  • Command:
    • kubectl top pod
    • kubectl top nodes
  • Explanation: These commands provide real-time metrics on resource usage (CPU/memory) for pods and nodes, helping you identify the highest consumers.

Can a POD span more than 1 “node”?

Answer: No.

Explanation: A Pod is the smallest deployable unit in Kubernetes, and it is always bound to a single node. Even though a Pod can contain multiple containers, all containers within the Pod share the same network namespace and storage, so they must run on the same node.

Does a Pod always get an IP?

Answer: Yes.

Explanation: Each Pod in Kubernetes is assigned a unique IP address within the cluster. This allows containers within the Pod to communicate with other Pods in the cluster without using network address translation (NAT).

Let’s say that you want to add a “sleep” command to your container. Where does that go in the YAML file?

Answer: In the spec section: command: ['sleep'].

Explanation: The command field in the Pod’s YAML file defines the entry point for the container. If you want the container to run a specific command, such as sleep, you would place it in the spec section under containers.

Can you edit any live object using the “kubectl edit” command?

Answer: No.

Explanation: While you can edit many Kubernetes resources with kubectl edit, some resources may not allow editing or may have restrictions on what can be changed. For example, certain fields of resources like Pods cannot be edited once they are created.

Command to edit the configuration of a live pod:

Answer: kubectl edit pod foo.

Explanation: This command opens the Pod’s configuration in your default text editor, allowing you to make changes. Once saved, the changes are applied immediately.

What dictates how much resources a container gets?

Answer: request and limit parameters.

Explanation: The request parameter specifies the minimum amount of CPU and memory a container needs, while the limit parameter sets the maximum amount the container can use. These parameters help Kubernetes allocate resources efficiently.

Pods come and go. So, how in the world does Kubernetes provide any real service?

Answer: A Service’s IP NEVER changes. You can point DNS to it. Behind the “service” are the ephemeral Pods.

Explanation: Kubernetes uses Services to provide a stable IP address and DNS name for accessing Pods. Even if Pods are replaced, the Service maintains a consistent endpoint for clients.

You run kubectl get pods and you see a Pod that is in “completed” state. What does that mean?

Answer: This means that the Pod came up, did its job, and finished. It did not crash. It is not running. You can still get to its logs.

Explanation: A Pod in the “completed” state indicates that it successfully executed its task and exited without errors. It’s common for Pods running batch jobs or scripts.

What kind of troubleshooting have you done in Kubernetes?

Answer: This depends on your experience, but some ideas include ingress issues, capacity problems, Pods crashing, slow service, certificate expiration, etc.

Explanation: Troubleshooting in Kubernetes can involve various issues, from networking and resource management to application-specific problems.

How is Anthos Service Mesh compared to Istio?

Answer: Anthos Service Mesh is a managed service. It is cheap ($50 a month for 100 endpoints per cluster as of Jan 2022). It comes with dashboards automatically. So, definitely a good choice. Also, no more hassles of upgrading Istio.

Explanation: Anthos Service Mesh simplifies the management of service meshes by offering a managed version of Istio, reducing the operational overhead for users.

Who manages virtual IPs of services?

Answer: kube-proxy.

Explanation: kube-proxy is responsible for managing virtual IPs and routing traffic to the correct Pod based on the Service definition.

Ingress works at which OSI layer?

Answer: Layer 7 (HTTP or HTTPS).

Explanation: Ingress operates at the application layer (Layer 7), handling HTTP and HTTPS traffic and providing features like host-based routing and SSL termination.

Where does kube-proxy run?

Answer: On each node. You can think of this as any other network proxy (e.g., HAProxy or Nginx or Squid) running on each node managing traffic in and out of nodes.

Explanation: kube-proxy runs on every node in the cluster and handles network traffic routing to ensure that requests reach the correct Pods.

When implementing Prometheus, why is it best to use the Adapter pattern?

Answer: Because otherwise, you will have to rewrite each application’s “data” to the format that Prometheus expects. The Prometheus sidecar will do that and send the data along without you having to modify the application container.

Explanation: The Adapter pattern simplifies integration with Prometheus by handling the conversion of application metrics to the format that Prometheus expects.

What is Kubelet and where does it run?

Answer: Main agent on the worker nodes.

Explanation: Kubelet is the primary agent that runs on each worker node in a Kubernetes cluster, ensuring that containers are running as expected.

What is the difference between Docker Compose and Kubernetes?

Answer:

  • Docker Compose: Simple way to run multi-container Docker Applications (defined in YAML file).
  • Kubernetes: It is a full-fledged Orchestration Tool.

Explanation: Docker Compose is designed for local development and testing of multi-container applications, while Kubernetes is a robust orchestration system for managing containerized applications at scale.

What is kubeadm used for?

Answer: To deploy Kubernetes on existing VMs kind of by hand (running commands for the master node and worker nodes).

Explanation: kubeadm is a tool that simplifies the deployment of a Kubernetes cluster by automating the installation and configuration of the necessary components.

When we run kubectl run pods, that gets to the API server on the master node. What does the API server do with that request?

Answer: It gives it to the kubelet on one worker node.

Explanation: The API server processes the request and passes the instructions to the Kubelet on a worker node, which then starts the Pod.

How do you deploy a stateless application on Kubernetes?

Answer: Simply use “deployments” (Not StatefulSet or ReplicaSet).

Explanation: Deployments are used for stateless applications because they manage the desired state of Pods and ensure that the specified number of replicas are running at any given time.

What is an endpoint in Kubernetes?

Answer: Nothing but an IP and a port. That’s it.

Explanation: An endpoint in Kubernetes represents the IP and port of a service that can receive traffic. It’s the

What is the relationship between a Service and an Endpoint?

Answer: When a client hits a Service, the Service acts like a load balancer and needs to know where to send the request. It forwards the request to an Endpoint, which is automatically created by Kubernetes based on a match with a pod. The Endpoint contains the pod’s IP and port, essentially routing traffic from the Service to the correct pod.

Conceptual Flow:

  • ServiceEndpoint (automatically created)Pod’s IP and Port

How can you access the kubelet API?

Answer: There are two ways to access the kubelet API:

  1. Using a curl command pointing to port 10250 of a worker node.
  2. Using an open-source tool called kubeletctl.

When creating a pod using the kubectl run command, how can you supply a command to run on the container (like sleep 3600)?

Answer: Use the --command -- option in the kubectl run command.

  • Example: kubectl run foo --image=nginx --command -- sh -c "sleep 3600"

How can you log in to a pod (assuming it only has 1 container)?

Answer: Use the following command: kubectl exec foo -it /bin/bash.

When creating a pod, what are the three restart policy options?

Answer:

  1. Always
  2. Never
  3. OnFailure

What are the use cases for each restart policy option when creating a pod?

Answer:

  1. Always: Used for Deployments or ReplicaSets.
  2. Never: Used for one-time pod runners, e.g., via command line.
  3. OnFailure: Used for jobs that need to retry on failure.

If there is a pod already running and you want to restart using a different image, how do you do that using the command line?

Answer: Use the kubectl set image command.

How do you get logs from a container (not a pod) via the command line?

Answer: Use the command kubectl logs <pod-name> -c <container-name>.

What does an “operator” pod do?

Answer: An operator pod manages the lifecycle of complex, stateful applications, like a MySQL cluster. It can automatically handle tasks like restarting failed pods or promoting a read-only pod to a leader in case the leader pod crashes. This automation ensures that the setup remains stable without manual intervention.

What is a Custom Resource Definition (CRD)?

Answer: A CRD allows you to define your own custom resource types in Kubernetes, beyond the standard types like pods or deployments. Operators often use CRDs to extend Kubernetes with new capabilities.

Command to get a list of contexts you have defined:

Answer: Use the command kubectl config get-contexts.

Which file holds your context definitions?

Answer: The file is ~/.kube/config.

By default, can pod A in namespace A talk to pod B in namespace B?

Answer: Yes, by default, pod A can communicate with pod B across namespaces.

What is a Headless service in Kubernetes?

Answer: A Headless service has a service IP but, instead of load-balancing, it returns the IPs of the associated pods. This is useful for direct pod communication without a single service IP acting as a load balancer.

When does Kubernetes pull a new version of an image upon pod creation?

Answer: Kubernetes pulls a new version of an image if:

  1. The image is tagged as :latest.
  2. The imagePullPolicy: Always is specified in the pod’s YAML file.

How do you manage costs on Kubernetes?

Answer: Managing costs involves three areas:

  1. Control Plane: Limited options for cost management.
  2. Worker Nodes: Ensure that autoscaling is configured properly.
  3. Pod Resources: Optimize CPU and memory usage by using tools like Metrics Server or open-source tools like Kubecost.

What is rehydrating in Kubernetes?

Answer: Rehydrating involves running the same cluster using new nodes with a newer version of Kubernetes, then moving the pods to the new nodes. It is the opposite of draining.

Command to drain a node?

Answer: Use the command kubectl drain <node-name>.

How do you monitor your Kubernetes clusters?

Answer: Common monitoring tools include:

  • Prometheus and Kibana (open-source solutions).
  • Dynatrace and Datadog (paid solutions).

How do containers on the same pod communicate?

Answer: Containers in the same pod communicate over localhost.

If you create an ingress, how will the traffic be impacted?

Answer: Nothing! Until you have an Ingress Controller, an ingress rule does nothing.

Explanation:
When you create an ingress resource in Kubernetes, it defines how external traffic should be routed to services within your cluster. However, the ingress resource by itself doesn’t affect the traffic unless there is an Ingress Controller deployed in the cluster. The Ingress Controller is responsible for processing these ingress rules and managing the routing of traffic accordingly. Without an Ingress Controller, the ingress rules are simply inert.

Does Ingress Controller need to read packets?

Answer: Yes, it needs to read the headers.

Explanation:
Ingress Controllers need to inspect the headers of incoming HTTP(S) requests to determine how to route the traffic based on the ingress rules. These rules may direct traffic to different services based on factors like the request’s URL path, host, or other headers. Reading the headers allows the Ingress Controller to apply the appropriate routing logic.

How do you create an Ingress Controller? Provide an example.

Answer: You can create a deployment using an Nginx image. That would be one way of doing it.

Explanation:
Creating an Ingress Controller often involves deploying a containerized application that understands and implements the ingress rules. Nginx is a popular choice for an Ingress Controller in Kubernetes. You can create a Kubernetes Deployment using the official Nginx Ingress Controller image, which will handle traffic routing based on the ingress resources defined in your cluster.

Example YAML for creating an Nginx Ingress Controller: 

apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-ingress-controller
spec:
 replicas: 1
 selector:
 matchLabels:
  app: nginx-ingress
 template:
  metadata:
   labels:
    app: nginx-ingress
 spec:
  containers:
   – name: nginx-ingress-controller
    image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:latest
  args:
   – /nginx-ingress-controller

How do you tell an Ingress to use an Ingress Controller?

Answer: In the spec section, there is a configuration item called “backend”. There you can point to a service (e.g., based on Nginx deployment).

Explanation:
In Kubernetes, the ingress resource includes a specification section where you define the rules for routing traffic. The backend configuration within this spec points to the service that should handle the traffic. The Ingress Controller, which is typically associated with a specific service, will use these rules to determine how to route traffic to the appropriate backend service.

What is the difference between Ingress and Egress in Kubernetes?
Answer:

  • Ingress: Controls the incoming traffic to the Kubernetes cluster, typically for services.
  • Egress: Controls the outgoing traffic from the Kubernetes cluster to external services or destinations.

How do you ensure high availability for a Kubernetes cluster?
Answer:

  • Multiple Master Nodes: Distribute control plane components across multiple nodes.
  • Etcd Clustering: Run etcd in a cluster with odd numbers for quorum.
  • Multiple Worker Nodes: Distribute workloads across multiple worker nodes.
  • Cloud Load Balancer: Use a load balancer to distribute traffic across master nodes.

What are some common Kubernetes security best practices?
Answer:

  1. RBAC (Role-Based Access Control): Implement RBAC for fine-grained access control.
  2. Network Policies: Use network policies to control communication between pods.
  3. Pod Security Policies: Enforce security context constraints on pods.
  4. Secrets Management: Store sensitive data securely using Kubernetes Secrets.
  5. Image Scanning: Regularly scan container images for vulnerabilities.

What is the role of etcd in Kubernetes?
Answer:

  • etcd is the key-value store used by Kubernetes to store all cluster data, including configuration, state, and metadata. It is the backbone of Kubernetes, providing strong consistency and high availability.

How do you manage storage in Kubernetes?
Answer:

  • Persistent Volumes (PVs): Abstractions for storage resources in the cluster.
  • Persistent Volume Claims (PVCs): Requests for storage by applications.
  • Storage Classes: Define different types of storage (e.g., SSD, HDD) and dynamic provisioning.
  • CSI (Container Storage Interface): A standard for exposing storage systems to Kubernetes.

How do you secure communication between pods in Kubernetes?
Answer:

  • Network Policies: Define rules that specify how pods are allowed to communicate with each other.
  • mTLS (Mutual TLS): Use service meshes like Istio to enforce mTLS for pod-to-pod communication.
  • Calico: A network and network security solution that can enforce network policies and secure pod communication.

How does Kubernetes handle service discovery?
Answer:

  • DNS: Kubernetes provides an internal DNS service that automatically creates DNS entries for services.
  • Environment Variables: Kubernetes injects environment variables for each service into the pods at runtime.

If a client sends a request to the API server, which component intercepts that request to determine if it should be processed?
Answer:

  • Admission Controllers: These are components that intercept requests to the Kubernetes API server after authentication and authorization but before the request is processed. They enforce various policies and can be used to validate or mutate incoming requests.

How can you follow the DRY (Don’t Repeat Yourself) principle in Kubernetes across different environments (dev, staging, prod)?
Answer:

  • Solution: Use ConfigMaps to store environment-specific configurations. The application code remains the same, while only the values in the ConfigMaps differ across environments.

Why do we need Persistent Volumes (PV) and Persistent Volume Claims (PVC) in Kubernetes? Why not just use one?
Answer:

  • Reason: The separation of PVs and PVCs allows for decoupling between storage providers and users. PVs define the storage resource, while PVCs request and use the storage. This decoupling allows for greater flexibility and reuse of storage resources.

Why do we need StorageClasses in Kubernetes?
Answer:

  • Reason: StorageClasses enable decoupling between storage definitions and the actual storage backend. They allow you to define different types of storage (e.g., fast, slow, EBS, GCS, NFS) and use them as needed without being tied to a specific storage type.

Explain how a container mounts a volume in Kubernetes.
Answer:

  • Process: Containers rely on the pod to define the volume and give it a name. The container then uses that name to mount the volume on a specific directory within the container’s file system. Multiple containers within the same pod can mount the same volume on different mount points.

Explain the flow from a Certificate Signing Request (CSR) to a user having permission to describe a pod in Kubernetes.
Answer:

  1. CSR Creation: A CSR is created.
  2. Submission: The CSR is submitted to the Kubernetes cluster.
  3. Approval: An administrator approves the CSR within Kubernetes.
  4. Certificate Issuance: A valid certificate is issued, which includes an embedded user.
  5. Role Creation: A role is created with specific permissions (e.g., describe a pod).
  6. Role Binding: The user/certificate is associated with the role via a RoleBinding. This grants the user the necessary permissions.

Why do we need Node Pools in Kubernetes?
Answer:

  • Purpose: Node Pools allow you to group nodes with similar configurations (e.g., CPU, memory). This enables better resource allocation by directing specific workloads to appropriate nodes, such as directing high-resource pods to a high-capacity node pool.

What is the connection between values.yaml (Helm) and ConfigMaps in Kubernetes?
Answer:

  • Connection: The values.yaml file in Helm charts stores environment-specific values, which can then be used to populate ConfigMaps in Kubernetes. This ensures that the same code can be reused across multiple environments, with only the configurations changing.

Why do you need a “Job” in Kubernetes?
Answer:

  • Purpose: A Job is used to create a pod for the sole purpose of performing a task only once. It ensures that the task runs to completion, even if the pod fails and needs to be restarted.

Why do you need a “CronJob” in Kubernetes?
Answer:

  • Purpose: A CronJob is used to schedule the creation of pods at regular intervals to perform a recurring task. It’s ideal for tasks that need to run on a schedule, such as backups or periodic data processing.

Walk me through the steps of how you store a password in Kubernetes (e.g., a database password).
Answer:

  1. Base64 Encoding: Encode the password using Base64.
  2. Create a Secret: Create a Kubernetes Secret using the encoded password in the data section as a key-value pair.
  3. Mount the Secret: Mount the Secret on a pod/container, either as an environment variable or as a file.

You have a Docker image (that runs a web server) but no Kubernetes cluster. Walk me through how you take this service live. Assume no scaling or HA is needed.
Answer:

  1. Create a Cluster: Set up a Kubernetes cluster using a cloud provider or local tools like Minikube.
  2. Upload the Image: Push the Docker image to a container registry like GCP Container Registry.
  3. Create a YAML File: Write a YAML file that defines a Deployment using the Docker image.
  4. Create a Service: Define a Service with type LoadBalancer to expose the Deployment.
  5. DNS Configuration: Create a DNS record pointing to the Service’s external endpoint.

What is the difference between an Ingress and a Network Policy in Kubernetes?
Answer:

  • Ingress: Functions like an API Gateway, directing external traffic to different services within the cluster based on URL paths or hostnames. It manages how requests are routed to various services.
  • Network Policy: Acts as a firewall rule, controlling the network access between pods within the cluster. It defines what traffic is allowed to and from specific pods, effectively managing internal communication and enhancing security.

Maven Realtime Interview Questions for DevOps Experienced

Basic Questions

  1. What is Maven?
    Maven is a build automation and dependency management tool primarily used for Java projects. It simplifies the build process like compiling code, packaging binaries, and managing dependencies.
  2. What is the Maven Repository?
    A Maven repository stores build artifacts and dependencies of varying versions. There are three types: local (on the developer’s machine), central (publicly hosted for community use), and remote (typically private, hosted by an organization).
  3. What is POM.xml?
    The pom.xml file is the Project Object Model (POM) in Maven. It contains project information and configuration details used by Maven to build the project.
  4. Explain Maven’s Convention over Configuration.
    Maven’s “convention over configuration” means it provides default values and behaviors (conventions) to minimize the need for explicit configuration, thus reducing complexity.
  5. What are Maven Dependencies?
    Maven dependencies are external Java libraries (JAR files) required in the project. Maven automatically downloads them from repositories and includes them in the classpath during the build.

Intermediate Questions

  1. What are Maven Lifecycle Phases?
    The Maven build lifecycle consists of phases like compile, test, package, and install, executed in a specific order to manage the project build process.
  2. What is a Maven Plugin?
    Plugins are used to perform specific tasks in a Maven build process, like compiling code or creating JAR files. Examples include the Maven Compiler Plugin and the Maven Surefire Plugin.
  3. How does Maven manage versioning of dependencies?
    Maven allows specifying dependency versions directly in the pom.xml file. It can also manage versioning through dependency management in parent POMs for multi-module projects.
  4. Explain the difference between compile and runtime scopes in Maven.
    The compile scope is the default, used for dependencies required for compiling and running the project. The runtime scope is for dependencies not needed for compilation but required for execution.
  5. How can you create a multi-module project in Maven?
    A multi-module project has a parent POM file that lists each module as a subproject. Modules are defined in subdirectories, each having its own pom.xml file.

Advanced Questions

  1. How do you handle dependency conflicts in Maven?
    Dependency conflicts can be resolved using Maven’s dependency mediation (choosing the nearest or highest version) or by explicitly defining the version in the project’s POM.
  2. Explain the Maven Build Profile.
    A build profile in Maven is a set of configuration values used to build the project under certain conditions. It’s used for customizing builds for different environments or configurations.
  3. How does Maven work with Continuous Integration (CI) systems?
    Maven integrates with CI tools like Jenkins by providing a consistent build process that the CI tool can automate. Maven’s standardized lifecycle and dependency management simplify CI configurations.
  4. What are Maven Archetypes?
    Maven archetypes are project templates. They provide a basic project structure and a pom.xml file, helping to standardize and expedite initial project setup.
  5. How do you secure sensitive data in Maven projects?
    Sensitive data can be secured using environment variables, Maven’s settings.xml file for confidential details, or encryption tools like Jasypt.

Scenario-Based Questions

  1. A project fails to build in Maven, claiming a missing dependency. How would you troubleshoot this issue?
    Check the pom.xml for correct dependency details, ensure connectivity to the repository, and verify if the dependency exists in the repository. Use Maven’s -X option for detailed debug information.
  2. You need to update a common library used across multiple Maven projects. How would you ensure all projects get the updated version?
    Utilize a parent POM to manage common dependencies. Updating the library version in the parent POM will propagate the change to all child modules.
  3. How would you optimize the build time of a large Maven project?
    Use incremental builds, parallel builds, manage project dependencies efficiently, and possibly split the project into smaller modules.
  4. Explain how you would set up a new Java project with Maven, including directory structure and essential files.
    Create the standard Maven directory structure (src/main/java, src/main/resources, etc.), add a pom.xml with necessary configuration, and use Maven archetypes for quick setup.
  5. How do you manage different environments (e.g., dev, test, prod) with Maven?
    Use Maven profiles to define environment-specific configurations and dependencies, allowing builds to be customized for each environment.

These answers cover a broad range of Maven-related concepts and are intended to be succinct

Git Essentials: Core Concepts to Advanced Techniques

  1. Introduction to Git
  • Definition and Importance of Git
  • Basic Concepts in Git
  1. Git Setup and Configuration
  • Installation of Git
  • Initial Configuration (username, email)
  1. Creating and Cloning Repositories
  • Initializing a New Repository
  • Cloning an Existing Repository
  1. Basic Git Commands
  • git add
  • git commit
  • git status
  • git log
  1. Branching and Merging
  • Creating Branches
  • Switching Branches
  • Merging Branches
  • Merge Conflicts
  1. Remote Repositories
  • Connecting to a Remote Repository
  • Pushing Changes to Remote
  • Pulling Changes from Remote
  1. Undoing Changes
  • git revert
  • git reset
  1. Dealing with Merge Conflicts
  • Understanding Merge Conflicts
  • Resolving Merge Conflicts

  1. Git Stash and Advanced Stashing
  • Using Git Stash
  • Applying and Managing Stashes
  1. Rebasing in Detail
    • Understanding Rebasing
    • Performing a Rebase
  2. Tags and Releases
    • Creating Tags
    • Managing Release Versions
  3. Git Best Practices
    • Committing Best Practices
    • Branch Management
  4. Git Workflows
    • Centralized Workflow
    • Feature Branch Workflow
    • Gitflow Workflow
    • Forking Workflow
  5. Git Hooks
    • Implementing Git Hooks
  6. Gitignore File
    • Ignoring Files in GitSecurity in Git
    • Signing Commits and TagsGit GUI Clients
    • Overview of GUI Options
  7. Collaborating with Pull Requests
    • Process and Benefits of Pull RequestsGit in the Cloud
    • Cloud Services for Git Hosting and Collaboration

1. Introduction to Git

What is Git?

Git is a distributed version control system created by Linus Torvalds in 2005. It’s designed to handle everything from small to very large projects with speed and efficiency. Git is distributed, meaning that every developer’s computer holds the full history of the project, enabling easy branching and merging.

Importance of Version Control

Version control is a system that records changes to a file or set of files over time so that you can recall specific versions later. It allows you to:

  • Revert files back to a previous state.
  • Revert the entire project back to a previous state.
  • Compare changes over time.
  • See who last modified something that might be causing a problem.
  • Who introduced an issue and when.

Key Terms

  • Repository (Repo): A directory which contains your project work, as well as a few files (hidden by default in Unix) which are used to communicate with Git. Repositories can exist either locally on your computer or as a remote copy on another computer.
  • Commit: A commit, or “revision”, is an individual change to a file (or set of files). It’s like when you save a file, but with Git, every time you save it creates a unique ID (a.k.a. the “commit hash”) that allows you to keep a record of what changes were made when and by who.
  • Branch: A branch in Git is simply a lightweight movable pointer to one of these commits. The default branch name in Git is master. As you start making commits, you’re given a master branch that points to the last commit you made. Every time you commit, the master branch pointer moves forward automatically.
  • Merge: Merging is Git’s way of putting a forked history back together again. The git merge command lets you take the independent lines of development created by git branch and integrate them into a single branch.

2. Setting Up and Configuring Git

Before you can use Git, you need to install it and configure it on your machine.

Installing Git

  • On Windows: Download the official Git installer from git-scm.com, and follow the instructions.
  • On macOS: Use Homebrew by typing brew install git in the terminal, or download the installer as with Windows.
  • On Linux: Use your distro’s package manager, e.g., sudo apt-get install git for Ubuntu or sudo yum install git for Fedora.

Basic Git Configuration

After installing Git, you should configure your personal information.

  • Set your name (which will appear in commits):
  git config --global user.name "Your Name"
  • Set your email address (which should match your version control service account, like GitHub):
  git config --global user.email "your_email@example.com"

Checking Your Settings

You can check your configuration at any time:

git config --list

Configuring Text Editor

Set your favorite text editor to be used by default with Git:

  • For Vim: git config --global core.editor "vim"
  • For Nano: git config --global core.editor "nano"
  • For VS Code: git config --global core.editor "code --wait"

Caching Your Login Credentials

So you don’t have to keep re-entering your username and password, you can tell Git to remember them for a while:

git config --global credential.helper cache

3. Getting Started with Git

Creating a New Repository

  • To create a new repo, you’ll use the git init command. Here’s how you do it:
  mkdir MyNewProject
  cd MyNewProject
  git init

This initializes a new Git repository. Inside your project folder, Git has created a hidden directory named .git that houses all of the necessary repository files.

Cloning an Existing Repository

  • If you want to work on an existing project that is hosted on a remote server, you will clone it using:
  git clone [url]

For example:

  git clone https://github.com/user/repo.git

This command makes a complete copy of the entire history of the project.

4. Basic Git Operations

Checking the Status

  • The git status command gives you all the necessary information about the current branch.
  git status

Tracking New Files

  • To start tracking a file, use the git add command.
  git add <filename>
  • To add everything at once:
  git add .

Ignoring Files

  • Sometimes there are files you don’t want to track. Create a file named .gitignore in your project root and list the files/folders to ignore.
  # Example .gitignore content
  log/*.log
  tmp/

Committing Changes

  • To commit changes to your repository, use:
  git commit -m "Commit message here"
  • To commit all staged changes:
  git commit -a -m "Commit message here"

Viewing the Commit History

  • To see the commit history:
  git log
  • For a more condensed view:
  git log --oneline

5. Branching and Merging in Git

Branching in Git

Branches are a powerful feature in Git that enable you to diverge from the main line of development and work independently, without affecting the main line.

Creating a New Branch

  • To create a new branch:
  git branch <branch-name>
  • To switch to the new branch:
  git checkout <branch-name>
  • You can also create and switch to a new branch in one command using:
  git checkout -b <branch-name>

Listing Branches

  • To list all the branches in your repo, including remote branches:
  git branch -a

Merging Branches

  • To merge changes from one branch into another:
  git checkout <branch-you-want-to-merge-into>
  git merge <branch-you-want-to-merge-from>
  • If Git can’t automatically merge changes, you may have to solve conflicts manually. After resolving the conflicts, you need to stage the changes and make a commit.

Deleting Branches

  • To delete a branch:
  git branch -d <branch-name>

The -d option deletes the branch only if you have already merged it into another branch. If you want to force deletion, use -D instead.

6. Working with Remote Repositories

Remote repositories are versions of your project that are hosted on the internet or network somewhere.

Adding a Remote Repository

  • When you clone a repository, it automatically adds that remote repository under the name “origin”.
  • To add a new remote URL:
  git remote add <name> <url>

Viewing Remote Repositories

  • To view the remote repositories configured for your project:
  git remote -v

Pulling Changes from a Remote Repository

  • To fetch changes from a remote repository and merge them into your current branch:
  git pull <remote>

Pushing Changes to a Remote Repository

  • To send your commits to a remote repository:
  git push <remote> <branch>

Checking out Remote Branches

  • To check out a remote branch:
  git fetch
  git checkout -b <branch-name> <remote>/<branch-name>

7. Advanced Git Features

Stashing Changes

  • You can use git stash to record the current state of the working directory and the index, but want a clean working directory:
  git stash
  git stash apply   # re-apply the stashed changes

Rebasing

  • Rebasing is another way to integrate changes from one branch into another. Rebasing re-writes the commit history by creating new commits for each commit in the original branch.
  git rebase <base>

Tagging

  • Tags are used to mark specific points in history as being important:
  git tag <tagname>

This concludes the essentials of branching, merging, and working with remote repositories, as well as touching on some advanced features. Each of these areas has much more depth to explore, such as dealing with merge conflicts, managing remotes, and leveraging advanced rebasing and stashing strategies for complex workflows.

8. Dealing with Merge Conflicts

Understanding Merge Conflicts

Merge conflicts happen when Git is unable to automatically resolve differences in code between two commits. Conflicts only affect the developer conducting the merge; the rest of the team is unaffected until the conflict is resolved.

Resolving Merge Conflicts

  • When you encounter a merge conflict, Git will mark the files that are conflicting.
  • You can open these files and look for the lines marked with <<<<<<<, =======, and >>>>>>>. These markers define the conflicting sections.
  • Resolve the conflicts by editing the files to remove the markers and make sure the code is as you want it.
  • After fixing the conflicts, stage the files:
  git add <file>
  • Then, continue the merge process by committing the changes:
  git commit

9. Git Stash and Advanced Stashing

Using Git Stash

- `git stash` is useful when you need a clean working directory (for example, when pulling in changes from a remote repository).
- To stash changes:


git stash

- To list all stashes:

git stash list

- To apply a stash and remove it from the stash list:

git stash pop

- To apply a stash without removing it from the stash list:

git stash apply stash@{}

10. Rebasing in Detail

Rebasing vs. Merging

- Rebasing is a way to integrate changes from one branch into another by moving the entire branch to begin on the tip of the other branch.
- Unlike merging, rebasing flattens the history because it transfers the completed work from one branch to another in a linear process.

Performing a Rebase

- To rebase:

git checkout feature-branch
git rebase master

- If conflicts arise, resolve them in a similar way to merge conflicts.
- After solving conflicts, continue the rebase with:

git rebase –continue

11. Tags and Releases

Creating Tags

- Tags mark specific points in history as being significant, typically as release points.
- To create an annotated tag:

git tag -a v1.0 -m “Release version 1.0”

- To push tags to a remote repository:

git push origin –tags

12. Git Best Practices

  • Commit often. Smaller, more frequent commits are easier to understand and roll back if something goes wrong.
  • Write meaningful commit messages. Others should understand the purpose of your changes from the commit message.
  • Don’t commit half-done work.
  • Test before you commit. Don’t commit anything that breaks the development build.
  • Keep your branches focused. Each branch should represent a single feature or fix.

13. Git Workflows

Understanding and choosing the right Git workflow is crucial for a team to manage code changes effectively.

Centralized Workflow

  • Similar to SVN, all developers work on a single branch.
  • The master branch is the source of truth, and all changes are committed into this branch.

Feature Branch Workflow

  • Each feature is developed in its own branch and then merged into the master branch when complete.
  • Ensures the master branch always contains production-quality code.

Gitflow Workflow

  • A set structure that assigns very specific roles to different branches and defines how and when they should interact.
  • It uses individual branches for preparing, maintaining, and recording releases.

Forking Workflow

  • Each developer has their own server-side repository.
  • Offers a robust way to integrate contributions from all developers through pull requests or merge requests.

14. Git Hooks

  • Scripts that can run automatically before or after certain important Git actions, such as commit or push.
  • They are used for automating tasks and enforcing certain rules before a commit can be submitted.

15. Gitignore File

  • Specifies intentionally untracked files that Git should ignore.
  • Files already tracked by Git are not affected.

22. Collaborating with Pull Requests

  • Pull requests let you tell others about changes you’ve pushed to a branch in a repository on GitHub.
  • Once a pull request is opened, you can discuss and review the potential changes with collaborators.

The Complete Guide to Mastering Docker: Tools, Techniques, and Best Practices

Docker Overview: Docker is an open-source platform that automates the deployment of applications inside lightweight and portable containers. Containers allow developers to package up an application with all the parts it needs, such as libraries and other dependencies, and ship it out as one package.

Core Concepts:

  • Images: Read-only templates used to create containers. Images are created with the docker build command, usually from a Dockerfile that contains instructions on how to build them.
  • Containers: Runnable instances of images that encapsulate the application and its environment at the point of execution.
  • Volumes: Mechanisms for persisting data generated by and used by Docker containers. They are managed outside the lifecycle of a given container.
  • Dockerfile: A script with various commands and instructions to automatically build a given Docker image.
  • Docker Compose: A tool for defining and running multi-container Docker applications.
  • Key Docker Commands:
    • docker build: Builds Docker images from a Dockerfile and a context.
    • docker run: Runs a command in a new container.
    • docker ps: Lists running containers.
    • docker pull: Pulls an image or a repository from a registry.
    • docker push: Pushes an image or a repository to a registry.
    • docker stop: Stops one or more running containers.
    • docker rm: Removes one or more containers.
    • docker rmi: Removes one or more images.
    • docker exec: Runs a command in a running container.
    • docker logs: Fetches the logs of a container.
    • docker network: Manages networks – connect, disconnect, list, remove, etc.

Docker Networking:

  • Containers can communicate with each other through networking.
  • Docker provides network drivers to manage the scope and behavior of the network.

Docker Storage:

  • Data volumes can be used for persistent or shared data.
  • Volume drivers allow you to store volumes on remote hosts or cloud providers.

Docker Security:

  • Containers should run with the least privileges possible.
  • Image provenance (ensuring the images come from a trusted source) is critical.
  • Docker Content Trust provides the ability to use digital signatures for data sent to and received from remote Docker registries.

Best Practices:

  • Keep your images as small as possible.
  • Use multi-stage builds.
  • Minimize the number of layers.
  • Use .dockerignore files.
  • Leverage the build cache.

Dockerfile Instructions:

  • FROM: Set the base image for subsequent instructions.
  • RUN: Execute any commands in a new layer on top of the current image.
  • CMD: Provide defaults for an executing container.
  • LABEL: Add metadata to an image.
  • EXPOSE: Inform Docker that the container listens on the specified network ports at runtime.
  • ENV: Set environment variables.
  • ADD and COPY: Copy new files or directories into the Docker image.
  • ENTRYPOINT: Configure a container that will run as an executable.

Example:

# Use the official Tomcat base image with JDK 11
FROM tomcat:9-jdk11-openjdk-slim

# Set the working directory inside the container to the Tomcat webapps directory
WORKDIR /usr/local/tomcat/webapps/

# Download the WAR file from the GitHub repository and add it to the webapps directory of Tomcat
ADD https://github.com/AKSarav/SampleWebApp/raw/master/dist/SampleWebApp.war /usr/local/tomcat/webapps/SampleWebApp.war

# Expose port 8080
EXPOSE 8080

# Start Tomcat server
CMD [“catalina.sh”, “run”]

Docker Compose:

  • Purpose: Docker Compose is used to define and run multi-container Docker applications. You define services, networks, and volumes in a docker-compose.yml file, and then use docker-compose up to start the whole application stack.
  • docker-compose.yml: The configuration file where you define your application’s services, networks, and volumes.
  • Commands:
    • docker-compose up: Starts and runs the entire app.
    • docker-compose down: Stops and removes containers, networks, volumes, and images created by up.

Docker Swarm:

  • Description: Docker Swarm is a clustering and scheduling tool for Docker containers. With Swarm, IT administrators and developers can establish and manage a cluster of Docker nodes as a single virtual system.
  • Key Features: Easy to use, declarative service model, scaling, desired state reconciliation, multi-host networking, service discovery, and load balancing.
  • Commands:
    • docker swarm init: Initializes a swarm.
    • docker swarm join: Joins a machine to a swarm.
    • docker service create: Creates a new service.

Docker Security:

  • Namespaces: Docker uses namespaces to provide isolation between containers.
  • Control Groups (cgroups): Limit and prioritize the resources a container can use.
  • Secure Computing Mode (seccomp): Can be used to filter a container’s system calls to the kernel.
  • Capabilities: Grant specific privileges to a container’s root process without granting all the privileges of the host’s root.
  • Docker Bench for Security: A script that checks for dozens of common best practices around deploying Docker containers in production.

Docker Registries and Repositories:

  • Docker Hub: The default registry where Docker looks for images. It’s a service provided by Docker for finding and sharing container images.
  • Private Registry: You can host your own registry and push images to it.
  • Docker Trusted Registry (DTR): Offers a secure, private registry for enterprises.

Docker Volumes and Storage:

  • Bind Mounts: Allows you to map a host file or directory to a container file or directory.
  • tmpfs mounts: Store data in the host system’s memory only, which is not written to the host’s filesystem.
  • Volume Plugins: There are various volume plugins available that allow you to store data on remote hosts or cloud providers, such as Amazon EBS, Azure Blob Storage, or a network file system.

Docker Engine:

  • Components:
    • dockerd: The Docker daemon that runs on the host machine.
    • REST API: An API for interacting with the Docker daemon.
    • CLI: The command-line interface (CLI) that allows users to interact with Docker.

Container Orchestration:

  • Kubernetes: An open-source system for automating deployment, scaling, and management of containerized applications, commonly used with Docker.
  • Docker Swarm: Docker’s native clustering system, which turns a group of Docker engines into a single, virtual Docker engine.

Docker Networking:

  • Network Types:
    • bridge: The default network type. If you don’t specify a network, the container is connected to the default bridge network.
    • host: Removes network isolation between the container and the Docker host, and uses the host’s networking directly.
    • overlay: Connects multiple Docker daemons together and enables swarm services to communicate with each other.
  • Custom Networks: You can create custom networks to define how containers communicate with each other and with the external network.

This additional information provides an intermediate understanding of Docker’s capabilities, typical use cases, and the functionalities provided by the ecosystem around Docker. If you want to go deeper into any particular area, feel free to ask!

Single stage VS Multi satge Docker FIle

Single Stage:

 

# Use an image that includes both JDK and Maven
FROM maven:3.6.3-jdk-8

# Set the working directory in the container
WORKDIR /app

# Copy the source code and pom.xml file
COPY src /app/src
COPY pom.xml /app

# Build the application and package it into a JAR file
# and list the contents of the target directory
RUN mvn clean package -DskipTests && ls /app/target

# Expose the port the app runs on
EXPOSE 8080

# Run the JAR file (update this if the JAR name is different)
ENTRYPOINT ["java", "-jar", "/app/target/sample-0.0.1-SNAPSHOT.jar"]

Multi-stage Docker file

# Stage 1: Build the application
FROM maven:3.6.3-jdk-8 AS build
WORKDIR /app

# Copy the pom.xml and source code
COPY pom.xml .
COPY src ./src

# Build the application
RUN mvn clean package -DskipTests

# Stage 2: Create the runtime image
FROM openjdk:8-jdk-alpine
WORKDIR /app

# Copy the JAR from the build stage
COPY --from=build /app/target/sample-0.0.1-SNAPSHOT.jar /app

# Expose the port the app runs on
EXPOSE 8080

# Run the JAR file
ENTRYPOINT ["java","-jar","sample-0.0.1-SNAPSHOT.jar"]

Sample Java App Coede https://github.com/buildpacks/sample-java-app/tree/main

Most Popular Docker Interview Questions and Answers 

What is Docker?

  • Docker is a containerization platform which packages your application and all its dependencies together in the form of containers so as to ensure that your application works seamlessly in any environment be it development or test or production.

What is the difference between a Docker image and a container?

An instance of an image is called a container. You have an image, which is a set of layers. If you start this image, you have a running container of this image. You can have many running containers of the same image.

What is the difference between the COPY and ADD commands in a Dockerfile?

The COPY command is used to copy files and folders from the host file system to the Docker image. It’s simple and straightforward.

The ADD command can do everything COPY does, but it can also handle URLs and automatically unpack compressed files.

Best practice is to use COPY unless you need ADD for its additional features.

What is Docker hub?

Docker hub is a cloud-based registry service which allows you to link to code repositories, build your images and test them, stores manually pushed images, and links to Docker cloud so you can deploy images to your hosts. It provides a centralized resource for container image discovery, distribution and change management, user and team collaboration, and workflow automation throughout the development pipeline.

What are the various states that a Docker container can be in at any given point in time?

There are four states that a Docker container can be in, at any given point in time. Those states are as given as follows:

  • Running
  • Paused
  • Restarting
  • Exited

When would you use ‘docker kill’ or ‘docker rm -f’?

docker kill is used for forcefully stopping a container immediately, without waiting for it to shut down gracefully.

docker rm -f not only stops the container forcefully if it’s running but also removes it from the system.

Is there a way to identify the status of a Docker container?

We can identify the status of a Docker container by running the command

docker ps –a

What is the difference between ‘docker run’ and ‘docker create’?

docker run combines the actions of creating and starting a container. It creates the container with the specified configuration and starts it immediately.

docker create sets up the container but does not start it. It’s used when you want to configure a container that you will start later.

What is the difference between CMD and ENTRYPOINT in a Dockerfile?

In a Dockerfile, both `CMD` and `ENTRYPOINT` instructions define the command that will be executed when a Docker container starts. However, they are used in different ways:

CMD:
– Provides default arguments to the container at runtime.
– If Docker runs the container with a command, the default `CMD` is ignored.
– You can include multiple `CMD` instructions, but only the last one takes effect.

Example:
CMD [“echo”, “Hello world”]

If the container is run without a command specified, it will execute `echo Hello world`.

ENTRYPOINT:
– Sets the executable for the container; the main command that the container will run.
– Any arguments passed at runtime are appended to the `ENTRYPOINT`.
– Using `ENTRYPOINT` makes a container run like a binary; you can’t override the `ENTRYPOINT` easily without adding the `–entrypoint` flag.

Example:

ENTRYPOINT [“echo”]

If the container is run with `Hello world` as an argument, it will execute `echo Hello world`.

In summary, `CMD` is for setting default parameters that can be overridden easily, whereas `ENTRYPOINT` is for setting the container to run as a specific executable/service.

What’s the difference between a repository and a registry?

In the context of Docker and containerization:

A repository is a collection of related Docker images, usually providing different versions of the same application or service. These images are identified by their tags. For example, a repository can contain multiple versions of an Ubuntu image, tagged with different version numbers.

A registry is a service where Docker images are stored, shared, and managed. It’s a sort of ‘storage space’ for Docker images. Docker Hub is a popular public registry, but companies often use private registries to control access to their proprietary images.

Do I lose my data when the Docker container exits?

No, data isn’t lost when a Docker container exits. It remains until the container is explicitly removed. To keep data persistent even after the container is deleted, you should use Docker volumes or bind mounts.

Can you remove (‘docker rm’) a container that is paused?

No, you cannot directly remove a paused container with `docker rm`. You must first unpause it or use the force option `-f` with `docker rm` to remove it.

What is Build Cache in Docker?

Build cache in Docker is a mechanism that speeds up the image building process. When you build a Docker image, Docker looks for an existing image layer that can be reused. If the instructions in your Dockerfile haven’t changed and the cache from previous builds is available, Docker will use the cache rather than executing the instructions again, which saves time and resources.

Using Docker Networks (Recommended Method):

1.Create a network:

docker network create my-network

2.Start containers on that network:

docker run –name container1 –network my-network -d some-image
docker run –name container2 –network my-network -d another-image

Containers container1 and container2 are now on the same network and can communicate using the container names as hostnames.

Note: The –link option is deprecated and should be replaced with Docker networks.

What are the most common instructions in Dockerfile?

The most common instructions in a Dockerfile include:

FROM: Specifies the base image from which to start building your image.
RUN: Executes a command inside the container, creating a new layer.
CMD: Provides defaults for executing a container; only the last CMD takes effect.
LABEL: Adds metadata to an image, like version, description, maintainer info.
EXPOSE: Informs Docker that the container listens on the specified network ports at runtime.
ENV: Sets environment variables inside the container.
ADD: Copies files from a source on the host to the container’s filesystem, can also unpack local `.tar` files.
COPY: Copies new files or directories from the host to the filesystem of the container.
ENTRYPOINT: Configures a container to run as an executable; command line arguments are appended.
VOLUME: Creates a mount point for externally mounted volumes or other containers.
USER: Sets the username or UID to use when running the image.
WORKDIR: Sets the working directory for any `RUN`, CMD`, `ENTRYPOINT`, `COPY`, and `ADD` instructions that follow it.
ARG: Defines a variable that users can pass at build-time to the builder with the `docker build` command.

How do I transfer a Docker image from one machine to another one without using a repository, no matter private or public?

You will need to save the Docker image as a tar file:

docker save – o <path for generated tar file> <image name>Then copy your image to a new system with regular file transfer tools such as cp or scp. After that you will have to load the image into Docker:docker load -i <path to image tar file>

Can you explain what a multi-stage Dockerfile is, and provide a use-case for it?

A multi-stage Dockerfile is a Dockerfile that uses multiple FROM statements, allowing the creation of multiple separate build stages within a single Dockerfile. Each stage can use a different base image, and you can copy artifacts from one stage to another, discarding everything you don’t need in the final image. This is especially useful for creating lightweight production images.

# Build stage
FROM maven:3.6.0-jdk-11-slim AS build
COPY src /home/app/src
COPY pom.xml /home/app
RUN mvn -f /home/app/pom.xml clean package

# Package stage
FROM openjdk:11-jre-slim
COPY –from=build /home/app/target/my-app.jar /usr/local/lib/my-app.jar
EXPOSE 8080
ENTRYPOINT [“java”,”-jar”,”/usr/local/lib/my-app.jar”]

 

What Command Can You Run to Export a Docker Image As an Archive?
You can export a Docker image as an archive using the command docker save -o <path for generated tar file> <image name>. For example, docker save -o ubuntu.tar ubuntu:latest will save the Ubuntu image as a tar file named ubuntu.tar.

What Command Can Be Run to Import a Pre-Exported Docker Image Into Another Docker Host?
To import a Docker image from an archive, use the command docker load -i <path to image tar file>. For instance, docker load -i ubuntu.tar will import the Ubuntu image from the tar file into your Docker host.

Can a Paused Container Be Removed From Docker?
Yes, a paused container can be forcibly removed using the command docker rm -f <container ID>. For example, if a container with ID 1a2b3c is paused, you can remove it with docker rm -f 1a2b3c.

How Do You Get the Number Of Containers Running, Paused, and Stopped?
You can get the number of containers in different states by using the command docker info | grep 'Containers:'. This command will provide a summary of running, paused, and stopped containers.

What Are the Key Distinctions Between Daemon Level Logging and Container Level Logging in Docker?

  • Daemon Level Logging: Applies to all containers on the host and is configured at the Docker daemon level, affecting the logging of all containers.
  • Container Level Logging: Configured individually for each container using the --log-driver option when starting the container, allowing for specific logging settings per container.

What Does the Docker Info Command Do?
The docker info command provides detailed information about the Docker system, including the number of containers and images, configuration details like storage and network drivers, and overall system health metrics.

Where Are Docker Volumes Stored in Docker?
Docker volumes are typically stored within the Docker host’s filesystem at /var/lib/docker/volumes/. This location can be customized but serves as the default storage area for Docker volumes.

Can You Tell the Differences Between a Docker Image and a Layer?
A Docker image consists of multiple layers stacked on top of each other to form a complete image. Each layer represents instructions in the image’s Dockerfile, such as adding files, executing commands, or configuring settings. Layers are reused between images to optimize storage and speed.

Can a Container Restart By Itself?
Containers do not restart by themselves unless configured with restart policies. Docker supports several restart policies like no, on-failure, and always that determine under what circumstances a container should automatically restart.

Why is Docker System Prune Used? What Does It Do?
docker system prune is used to clean up unused Docker objects like stopped containers, unused networks, and dangling images. This command helps in reclaiming disk space by removing objects that are no longer in use.

How Do You Scale Docker Containers Horizontally?
Horizontal scaling of Docker containers can be achieved using orchestration tools like Docker Swarm or Kubernetes, which allow you to specify the number of container replicas you want to run based on the load.

What Is the Difference Between Docker Restart Policies “no”, “on-failure,” And “always”?

  • no: Do not automatically restart the container when it exits.
  • on-failure: Restart the container only if it exits with a non-zero status (indicative of an error).
  • always: Always restart the container regardless of the exit status.

How Do You Inspect the Metadata of a Docker Image?
You can inspect the metadata of a Docker image using the command docker inspect <image name>. For example, docker inspect ubuntu:latest will provide detailed metadata about the Ubuntu image, including its layers, environment variables, default command, and more.

How Does Docker Handle Container Isolation and Security?
Docker uses namespaces and cgroups to isolate containers from each other and the host system. Namespaces provide a layer of isolation in aspects like PID, network, and filesystem, while cgroups limit and monitor the resources a container can use, such as CPU and memory.

Is it a Good Practice to Run Stateful Applications on Docker?
Running stateful applications on Docker is feasible but requires careful management of data persistence and state across container restarts and redeployments. Using Docker volumes or external storage solutions can help manage state effectively.

What Is the Purpose of Docker Secrets?
Docker secrets provide a secure way to manage sensitive data like passwords and API keys within Docker Swarm environments. Secrets are encrypted during transit and at rest, making them safer than conventional methods like environment variables.

How Do You Update a Docker Container Without Losing Data?
To update a container without losing data, use Docker volumes to persist data independent of the container lifecycle. This way, you can stop, update, and restart a container without affecting the data stored in the volume.

How Do You Manage Network Connectivity Between Docker Containers And the Host Machine?
Docker provides several networking options like bridge, host, and overlay networks that facilitate communication between containers and the host. Bridge networks create a network bridge, allowing containers connected to the same bridge to communicate.

How Do You Debug Issues in a Docker Container?
Debugging a Docker container can involve checking the container logs using docker logs <container ID>, inspecting the running processes inside the container with docker top <container ID>, or entering the container to perform diagnostic commands via docker exec -it <container ID> /bin/bash.

What is depends_on in Docker Compose?
depends_on in Docker Compose specifies the dependency between services defined in the docker-compose.yml file. It ensures that services start in dependency order.

Can We Use JSON Instead of YAML for My Compose File in Docker?
Docker Compose supports using JSON instead of YAML for the compose file. You can convert your YAML file to JSON format and specify it during the Docker Compose command using the -f option.

Most Popular Git Interview Questions and Answers

Basic Git Commands:

  • git init: Initialize a local Git repository
  • git clone [url]: Create a local copy of a remote repository
  • git status: Check the status of your changes as untracked, modified, or staged
  • git add [file]: Add a file to the staging area
  • git commit -m “[message]”: Commit changes to head (but not yet to the remote repository)
  • git push [alias] [branch]: Transmit local branch commits to the remote repository branch
  • git pull: Update your local repository to the newest commit
  • git merge [branch]: Merge a different branch into your active branch
  • git branch: List your branches. a * will appear next to the currently active branch
  • git branch -d [branch]: Delete a branch
  • git checkout [branch-name]: Switch to a different branch and check it out into your working directory
  • git cherry pick: It introduces certain commits from one branch into another branch within the repository.
  • git checkout -b [branch-name]: Create a new branch and switch to it
  • git stash: Stash changes in a dirty working directory
  • git stash pop: Apply stashed changes to your working directory
  • git rebase: Reapply commits on top of another base tip
  • git reset: Undo commits or unstage files
  • git log: Display the entire commit history using the default format
  • git fetch [alias]: Fetch down all the branches from that Git remote
  • git config -l: List all the settings Git can find at that point

Scenario-based Git Interview Questions

What’s the difference between git fetch and git pull?

git fetch downloads the latest changes from the remote repository to your local repository but doesn’t merge them into your current branch. It’s a safe way to see the changes before integrating them.

git pull, on the other hand, is essentially a git fetch followed by a git merge, where it fetches the remote changes and immediately merges them into the current branch.

How would you temporarily store your current changes that you’re not ready to commit?

I would use git stash to temporarily store the changes:

git stash

Later, when I’m ready to work on them again, I would use git stash pop to apply the stashed changes to the current working directory.

How would you revert a commit that has just been pushed and made public?

 To revert a public commit, I would use the `git revert` command which creates a new commit that undoes the changes made in the pushed commit, without altering the project history. This is important for public or shared repositories because other users may have already pulled the changes. The command would be:

How will you know if a branch has just been merged into master in Git?

To check if a branch has been merged into master, I can use the following command:

git branch --merged master

This will list all the branches that have been merged into the master branch. If I want to check if a specific branch has been merged, I can use:

git revert <commit-hash>
git push origin <branch-name>
git branch --merged master | grep <branch-name>

Can you explain the difference between git revert and git reset? Provide examples and discuss when to use each command.

git revert and git reset are commands used to undo changes in a Git repository, but they work differently and are suited for different situations.

Git Revert:

  • Purpose: Creates a new commit that reverses the effect of earlier commits without altering the existing history.
  • When to Use: Ideal for public branches to undo changes while maintaining a clean project history. It ensures that other collaborators are not affected by history changes.
git revert abc1234

This command reverts the changes made by the commit abc1234 and creates a new commit with the reverted changes.

Git Reset:

  • Purpose: Resets the current branch head to a specific commit, optionally clearing changes in the staging area and working directory.
  • When to Use: Useful for local cleanup before pushing changes, as it can alter commit history, which can be disruptive if used on public branches.
  • Types of Reset:
    • --soft: Only moves the HEAD, keeping the working directory and staging area unchanged.
    • --mixed: Resets the staging area but keeps the working directory unchanged (default).
    • --hard: Resets the staging area and the working directory, potentially leading to data loss.
git reset --hard def5678
  • This resets everything to the commit def5678, discarding all changes in the staging area and working directory.

Summary: Use git revert to safely undo changes in shared branches, preserving history for collaboration. Use git reset for correcting local changes or reorganizing commits before they are shared with others.

What would you do to squash the last N commits into a single commit?

To squash the last N commits into a single commit, you can use the `git rebase` command with the interactive option:

git rebase -i HEAD~N

Where `N` is the number of commits you want to squash. In the text editor that pops up, you’ll see a list of commits. You should leave the first commit as `pick` and change the word `pick` to `squash` or `s` for all other commits you want to combine. Then, save and close the editor. Git will combine all the specified commits into one. After that, you can edit the commit message for the new single commit.

How would you remove a file from Git without removing it from your file system?

To remove a file from Git without deleting it from the local file system, you can use the `git rm` command with the `–cached` option:

git rm --cached <file-path>

After running this command, the file will be removed from version control but will remain in your working directory. Then you can commit this change.

When would you choose “git rebase” instead of “git merge”?

`git rebase` is typically used when you want to create a clean, linear project history without the merge commits that `git merge` would introduce. You would choose to rebase when:

– You’re working on a personal branch and want to update it with the latest changes from the main branch without a merge commit.
– You want to clean up your commit history before merging your changes into the main branch.
– You’re working in a workflow that values a clean history, like the rebase workflow.

Rebase rewrites the project history by creating new commits for each commit in the original branch, which can be a cleaner approach. However, it’s important to avoid rebasing branches that are public and shared with others, as it can cause confusion and complicated merge conflicts for other developers who have based their work on the original branch commit

You’ve made a typo in your last commit message. How do you correct it?

If it’s the very last commit and it hasn’t been pushed to the remote repository yet, you can use:

git commit --amend -m "New commit message"

If you’ve already pushed the commit, you will need to force push, but this should be done with caution if other team members are working on the branch.

Describe the steps you would take to resolve a merge conflict.

When a merge conflict occurs, I would:

  1. Identify the conflicting files with git status.
  2. Open the conflicting files and manually resolve the conflicts by editing the file to remove the <<<<, ====, >>>> conflict markers and making the appropriate code changes.
  3. After resolving the conflict, I would add the files to the staging area with git add.
  4. Finally, I would complete the merge with git commit, which will open an editor for a commit message confirming the merge conflict resolution.

Could you describe the Git branching strategy that is utilized in your company and how it contributes to your development and release process?

Our company uses a Git Flow branching strategy. This includes:

  • Feature Branches: Created from develop for new features and bug fixes, merged back after completion.
  • Develop Branch: Serves as the main integration branch for features.
  • Main Branch: Represents the production-ready state of our code.
  • Release Branches: Used for preparing a new production release, allowing only bug fixes and essential tasks.
  • Hotfix Branches: Address urgent issues in production, later merged into both main and develop.

This structure keeps our main branch stable, allows for organized development, and facilitates smooth releases.

What is a ‘pull request’?

A ‘pull request’ is a feature in version control systems like GitHub that lets you notify a repository’s owners that you want to make some changes to their code. It’s a request to review and then merge these changes into the main codebase.

How can you download a specific branch from a Git repository using the command line?

To download a specific branch from a Git repository, you can use the following command:

git clone -b <branch_name> --single-branch <repository_url>

Replace `<branch_name>` with the name of the branch you want to download and `<repository_url>` with the URL of the Git repository. This command clones only the history of the specified branch, reducing the amount of data downloaded and stored locally.