← Back to Interview Prep
🚀

DevOps & CI/CD Interview Q&A

50 DevOps and CI/CD scenario-based interview questions covering GitOps, Jenkins, Docker, Kubernetes, monitoring, and SRE principles.

10 DevOps Basics10 CI/CD & Jenkins10 Docker10 Kubernetes10 Monitoring & SRE
1

DevOps Culture & Principles

Q1.What is DevOps and what problems does it solve?

  • DevOps is a culture, set of practices, and tools that integrates software development (Dev) and IT operations (Ops).
  • It solves the problem of silos between development and operations teams, reducing deployment times, improving deployment frequency, and ensuring higher quality and reliability.

Q2.What is the difference between Agile and DevOps?

  • Agile is a software development methodology focused on iterative development, customer feedback, and small, rapid releases.
  • DevOps is a culture that focuses on automating the deployment and operation of that software.
  • Agile is about how to build software; DevOps is about how to deliver and run it.

Q3.What is Infrastructure as Code (IaC)?

  • IaC is the process of managing and provisioning computing infrastructure through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools.
  • Benefits: Consistency, speed, version control, and ability to reproduce environments exactly. Tools: Terraform, Ansible, CloudFormation.

Q4.What are the key components of a DevOps pipeline?

  • 1. Source Code Management (Git). 2. Continuous Integration (Build & Test).
  • 3. Continuous Delivery/Deployment (Automated release to staging/prod).
  • 4. Infrastructure as Code (Provisioning). 5. Monitoring & Logging (Feedback loop).

Q5.What is the difference between Continuous Integration (CI), Continuous Delivery (CD), and Continuous Deployment?

  • CI: Automatically building and testing code every time a developer commits changes to version control.
  • Continuous Delivery: Automatically preparing and deploying the built code to a staging or pre-production environment. Requires manual approval to go to production.
  • Continuous Deployment: Automatically deploying every change that passes all stages of your production pipeline to the end users, without human intervention.

Q6.Explain the concept of "Shift Left" in DevOps.

  • Shift Left means integrating testing, security, and quality checks early in the software development lifecycle (moving them "left" on the timeline).
  • It helps catch bugs and vulnerabilities sooner, making them cheaper and easier to fix.

Q7.What is Configuration Management?

  • The process of maintaining computer systems, servers, and software in a desired, consistent state.
  • Tools like Ansible, Chef, and Puppet ensure that servers are configured correctly and identically, preventing configuration drift.

Q8.What is Immutable Infrastructure?

  • An approach where servers are never modified after they are deployed.
  • If something needs to be updated or fixed, a new server built from a common image replaces the old one. Reduces configuration drift and makes deployments more predictable.

Q9.What are microservices and how do they relate to DevOps?

  • Microservices is an architectural style that structures an application as a collection of loosely coupled, independently deployable services.
  • They align well with DevOps because small, independent teams can build, test, and deploy individual services quickly using CI/CD pipelines without affecting the whole system.

Q10.What is Site Reliability Engineering (SRE)?

  • SRE applies software engineering principles to operations and infrastructure problems.
  • Coined by Google, SREs spend up to 50% of their time doing "ops" work (on-call, manual intervention) and 50% developing software to automate away the ops work.
2

CI/CD Pipelines & Tooling

Q11.How do you set up a basic CI/CD pipeline?

  • 1. Developer pushes code to Git. 2. Webhook triggers a CI server (e.g., Jenkins, GitHub Actions).
  • 3. CI server pulls code, runs a build (compiles code). 4. CI server runs unit tests.
  • 5. If tests pass, CI creates an artifact (e.g., Docker image) and pushes it to a registry.
  • 6. CD tool pulls the artifact and deploys it to the target environment (Staging/Prod).

Q12.What is a Jenkinsfile?

  • A text file that contains the definition of a Jenkins Pipeline and is checked into source control.
  • It allows you to define your build/deploy process as code, making it versionable and reviewable. Can be Declarative or Scripted.

Q13.Explain the master-slave (controller-agent) architecture in Jenkins.

  • Jenkins Controller: Handles scheduling build jobs, dispatching them to agents, monitoring agents, and presenting the UI.
  • Jenkins Agent (Slave): An executable that runs on a separate machine (or container) and executes the actual build tasks assigned by the controller, distributing the workload.

Q14.What are GitHub Actions?

  • A CI/CD platform native to GitHub that allows you to automate your build, test, and deployment pipeline directly from your repository.
  • Workflows are defined in YAML files placed in the `.github/workflows` directory.

Q15.How do you handle secrets (passwords, API keys) in a CI/CD pipeline?

  • Never hardcode secrets in source code.
  • Store them in the CI/CD tool's secure credentials store (e.g., GitHub Secrets, Jenkins Credentials) or use a dedicated secrets manager like HashiCorp Vault or AWS Secrets Manager.
  • Inject them into the build/deploy environment as environment variables or temporary files at runtime.

Q16.What is Blue-Green Deployment?

  • A deployment strategy that reduces downtime and risk by running two identical production environments (Blue and Green).
  • Traffic routes to Blue. You deploy the new version to Green, test it, and then switch the router/load balancer to point to Green. If issues occur, you instantly roll back to Blue.

Q17.What is Canary Deployment?

  • A strategy where a new version of the application is rolled out to a small subset of users (e.g., 5%).
  • You monitor the new version for errors. If it performs well, you gradually roll it out to the rest of the users. If it fails, you roll back.

Q18.How would you speed up a slow CI pipeline?

  • Run tests in parallel.
  • Cache dependencies (e.g., node_modules, maven/.m2) between builds.
  • Use incremental builds (only build what changed).
  • Allocate more resources (CPU/RAM) to CI agents or use containerized ephemeral agents.

Q19.What is GitOps?

  • A set of practices that uses Git as the single source of truth for declarative infrastructure and applications.
  • Software agents (like ArgoCD or Flux) monitor the Git repository and automatically reconcile the cluster state (e.g., Kubernetes) to match the state defined in Git.

Q20.How do you ensure a rollback is possible if a deployment fails?

  • Use immutable artifacts (Docker images) tagged with a specific version.
  • Use Blue-Green deployments or automated rollback features in tools like Kubernetes (Deployments) or Helm.
  • Ensure database migrations are backward compatible.
3

Docker & Containerization

Q21.What is Docker and how does it differ from a Virtual Machine (VM)?

  • Docker is a platform for developing, shipping, and running applications in containers.
  • VMs virtualize the hardware, running a full guest OS on top of a hypervisor. They are heavy and slow to start.
  • Containers virtualize the OS, sharing the host's kernel. They are lightweight, fast to start, and use fewer resources.

Q22.Explain the Docker architecture.

  • Docker Client: CLI tool that sends commands to the daemon.
  • Docker Daemon (dockerd): Runs on the host, builds, runs, and manages containers.
  • Docker Registry: Stores Docker images (e.g., Docker Hub).
  • Docker Image: Read-only template with instructions to create a container.
  • Docker Container: A runnable instance of an image.

Q23.What is a Dockerfile?

  • A text document that contains all the commands a user could call on the command line to assemble an image.
  • Common instructions: FROM (base image), RUN (execute command), COPY/ADD (copy files), CMD (default command to run), EXPOSE (port).

Q24.What is the difference between CMD and ENTRYPOINT in a Dockerfile?

  • ENTRYPOINT sets the command and parameters that will not be overridden when the container runs (though arguments can be appended).
  • CMD sets default command and/or parameters, which CAN be easily overridden by passing arguments at the end of `docker run`.
  • Often used together: ENTRYPOINT ["executable"], CMD ["default_param"].

Q25.How do you reduce the size of a Docker image?

  • Use smaller base images (like Alpine Linux).
  • Use multi-stage builds (build the app in one stage, copy only the compiled binary to a final, minimal image).
  • Combine RUN commands to reduce the number of layers.
  • Clean up caches (e.g., `apt-get clean`) in the same layer they are created.

Q26.What are Docker Volumes?

  • Volumes are the preferred mechanism for persisting data generated by and used by Docker containers.
  • Unlike the container's writable layer, volumes exist outside the container's lifecycle and are managed by Docker on the host filesystem.

Q27.How do containers communicate with each other?

  • Containers on the same host can communicate via Docker networks (bridge network is default).
  • Using user-defined bridge networks allows containers to resolve each other by container name (internal DNS).
  • Containers across different hosts communicate via overlay networks or port mapping to the host.

Q28.What is Docker Compose?

  • A tool for defining and running multi-container Docker applications.
  • You use a YAML file (`docker-compose.yml`) to configure application services, networks, and volumes.
  • With a single command (`docker-compose up`), you create and start all services from your configuration.

Q29.Explain the lifecycle of a Docker container.

  • Created (docker create) -> Running (docker start/run) -> Paused (docker pause) -> Stopped (docker stop) -> Deleted (docker rm).

Q30.How do you handle logging in Docker?

  • By default, Docker captures stdout and stderr from the container processes (`docker logs`).
  • In production, configure a logging driver (like json-file, syslog, splunk, or fluentd) to forward logs to a centralized logging system.
4

Kubernetes & Orchestration

Q31.What is Kubernetes and why is it needed?

  • Kubernetes (K8s) is an open-source container orchestration platform that automates deployment, scaling, and management of containerized applications.
  • Needed because managing thousands of containers across multiple hosts manually is impossible. K8s provides load balancing, self-healing, automated rollouts/rollbacks, and secret management.

Q32.What are the main components of a Kubernetes cluster?

  • Control Plane (Master): API Server (entry point), etcd (key-value store for cluster state), Scheduler (assigns pods to nodes), Controller Manager (maintains desired state).
  • Worker Nodes: Kubelet (agent running on each node), Kube-proxy (handles networking/load balancing), Container Runtime (e.g., containerd, Docker).

Q33.What is a Pod in Kubernetes?

  • A Pod is the smallest, most basic deployable object in Kubernetes.
  • It represents a single instance of a running process in your cluster.
  • A Pod can contain one or multiple containers (usually one) that share the same network namespace (IP address) and storage volumes.

Q34.Explain the difference between a Deployment and a StatefulSet.

  • Deployment: Used for stateless applications (e.g., web servers). Pods are interchangeable and have random names. Can scale up/down easily.
  • StatefulSet: Used for stateful applications (e.g., databases). Pods have sticky, unique identities (pod-0, pod-1) and stable persistent storage. Pods are created/deleted in order.

Q35.What is a Kubernetes Service and what are its types?

  • A Service is an abstraction that defines a logical set of Pods and a policy by which to access them. It provides a stable IP address.
  • ClusterIP: Default, exposes service internal to the cluster only.
  • NodePort: Exposes service on a static port on each Node's IP.
  • LoadBalancer: Provisions a cloud provider's external load balancer.

Q36.What is an Ingress?

  • An API object that manages external access to the services in a cluster, typically HTTP/HTTPS.
  • It provides name-based virtual hosting (routing traffic based on domain names or URL paths to different services), SSL termination, and load balancing. Requires an Ingress Controller (like Nginx Ingress) to work.

Q37.How does Kubernetes handle self-healing?

  • Kubernetes constantly monitors the state of the cluster.
  • If a Pod goes down or a node fails, the ReplicaSet or Deployment controller notices the actual state doesn't match the desired state (e.g., 2 pods running instead of 3).
  • It automatically schedules and spins up a new Pod to replace the failed one.

Q38.What are ConfigMaps and Secrets?

  • ConfigMap: Used to store non-confidential data in key-value pairs. Can be consumed as environment variables, command-line arguments, or configuration files in a volume.
  • Secret: Used to store sensitive data (passwords, OAuth tokens, ssh keys). Similar to ConfigMaps but data is base64 encoded and can be encrypted at rest in etcd.

Q39.Explain Liveness and Readiness probes.

  • Liveness Probe: Checks if the container is running and healthy. If it fails, kubelet kills the container and it is restarted.
  • Readiness Probe: Checks if the container is ready to accept traffic. If it fails, the endpoint controller removes the Pod's IP from the Service, so no traffic is routed to it until it passes again.

Q40.What is a DaemonSet?

  • A DaemonSet ensures that all (or some) Nodes run a copy of a specific Pod.
  • As nodes are added to the cluster, Pods are added to them. As nodes are removed, those Pods are garbage collected.
  • Commonly used for cluster storage daemons, log collection daemons (e.g., Fluentd), or node monitoring daemons (e.g., Prometheus Node Exporter).
5

Monitoring, Logging & SRE

Q41.Why is monitoring and logging critical in DevOps?

  • It provides visibility into the health and performance of applications and infrastructure.
  • Crucial for detecting incidents quickly (MTTD), aiding in troubleshooting and reducing resolution time (MTTR), and understanding user behavior and system capacity.

Q42.What is the difference between Monitoring, Logging, and Tracing (The Three Pillars of Observability)?

  • Monitoring (Metrics): Numerical data measured over time (e.g., CPU usage, error rate). Good for alerting and dashboards.
  • Logging: Immutable, timestamped records of discrete events (e.g., "User failed login"). Good for debugging specific issues.
  • Tracing: Follows a request as it moves through various distributed microservices. Good for finding bottlenecks in complex architectures.

Q43.What is Prometheus and how does it work?

  • Prometheus is an open-source systems monitoring and alerting toolkit.
  • It works on a "pull" model: it periodically scrapes metrics from instrumented jobs (targets) over HTTP.
  • It stores data as time series, allows querying with PromQL, and integrates with Alertmanager for notifications.

Q44.What is the ELK stack?

  • A popular log management solution comprising three open-source products:
  • Elasticsearch: A search and analytics engine that stores the logs.
  • Logstash: A server-side data processing pipeline that ingests data from multiple sources, transforms it, and sends it to Elasticsearch.
  • Kibana: A visualization layer that works on top of Elasticsearch to view and search logs via dashboards.

Q45.What is Grafana?

  • Grafana is a multi-platform open-source analytics and interactive visualization web application.
  • It provides charts, graphs, and alerts for the web when connected to supported data sources, most commonly Prometheus, but also InfluxDB, Elasticsearch, etc.

Q46.Explain MTBF, MTTD, and MTTR.

  • Mean Time Between Failures (MTBF): Average time between system breakdowns. (Measures reliability)
  • Mean Time To Detect (MTTD): Average time it takes to notice a problem exists. (Requires good monitoring)
  • Mean Time To Recovery (MTTR): Average time it takes to fix the problem and restore service. (Requires good logging, runbooks, and CI/CD).

Q47.How do you handle alerts to avoid "alert fatigue"?

  • Only alert on symptoms that impact users (e.g., high error rate, latency), not causes (e.g., high CPU).
  • Ensure alerts are actionable (tell the on-call person exactly what to do or check).
  • Categorize alerts by severity (e.g., page someone for critical, send an email or Slack message for warnings).
  • Tune thresholds and deduplicate/group alerts.

Q48.What are SLIs, SLOs, and SLAs?

  • Service Level Indicator (SLI): A carefully defined quantitative measure of some aspect of the service (e.g., error rate is 1%).
  • Service Level Objective (SLO): A target value or range of values for a service level that is measured by an SLI (e.g., error rate < 1% over 30 days). Used internally.
  • Service Level Agreement (SLA): An explicit or implicit contract with your users that includes consequences (often financial) if you miss the SLO.

Q49.What is an Error Budget?

  • An error budget is 100% minus the SLO. If your availability SLO is 99.9%, your error budget is 0.1% downtime.
  • It provides a clear, objective metric that dictates how much risk a team can take. If the budget is depleted, feature releases are halted in favor of reliability work.

Q50.How would you design a centralized logging solution for a microservices architecture?

  • Applications write logs to stdout/stderr in JSON format.
  • A logging agent (like Fluentd, Fluent Bit, or Logstash) runs as a DaemonSet (in Kubernetes) on every node.
  • The agent collects, parses, enriches (adds pod name, node name), and ships the logs to a centralized datastore like Elasticsearch or Datadog.
  • Engineers use Kibana or a similar UI to search and analyze the aggregated logs.

🚀 Pro Tip for DevOps Interviews

Focus on the "why" and "how" rather than just naming tools. Be prepared to architect a complete pipeline from code push to production monitoring.

← Back to All Interview Guides