├── .github └── FUNDING.yml ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── README.md ├── automation-scripting └── README.md ├── best-practices └── README.md ├── cheat-sheets └── README.md ├── ci-cd └── README.md ├── cloud └── README.md ├── containers └── README.md ├── core-concepts └── README.md ├── docs ├── 100 AWS interview questions.pdf ├── 12 Interview Questions You Need To Know.pdf ├── 50 Docker Interview Questions.pdf ├── 50 HR Round Interview Questions and Answers.pdf ├── 500 DevSecOps Interview Questions & Answers.pdf ├── 70 Toughest Interview Questions and Answers .pdf ├── ACE YOUR JOB INTERVIEW.pdf ├── APPLICATION SECURITY INTERVIEW QUESTIONS & ANSWERS.pdf ├── AWS DevOps Interview Questions & Answers .pdf ├── AWS DevOps Interview questions and answers.pdf ├── AWS IAM Interview Questions Answer .pdf ├── AWS Interview Questions & Answers .pdf ├── AWS interview questions.pdf ├── AWSInterview.pdf ├── Ace Your DevOps Interview with These Key Insights.pdf ├── Advance DevOps Interview Questions and Answers .pdf ├── Advanced Ansible Interview Questions.pdf ├── Ansible Interview Questions.pdf ├── Azure Devops Interview Questions .pdf ├── Basic AWS interview Q and A .pdf ├── Complete DevOps end to end interview questions .pdf ├── DevOps Engineer Interview Questions & Answers -1.pdf ├── DevOps Engineer Interview Questions & Answers .pdf ├── DevOps Interview .pdf ├── DevOps Interview Questions-1.pdf ├── DevOps Interview Questions-2.pdf ├── DevOps Interview Questions.pdf ├── DevOps Interview.pdf ├── DevOps Real Time Interview Questions.pdf ├── Devops interview questions -1.pdf ├── Docker Interview .pdf ├── Docker Interview Questions & Answers .pdf ├── Docker Interview_ FAQs & Answers.pdf ├── Essential Docker Q&A for Your Next Interview.pdf ├── Explain DevOps project in interview-1.pdf ├── GIT-HUB DevOps interview questions .pdf ├── Git Interview Questions & Answers .pdf ├── Jenkins Important interview Questions.pdf ├── Jenkins interview questions and answers .pdf ├── Questions are based on the interviews attended by folks.pdf ├── README.md ├── SRE Interview Questions .pdf ├── TOP MNCs Interview Questions 🔥.pdf ├── Terraform Interview Questions & Answers .pdf ├── Terraform Interview Questions-1.pdf ├── Terraform Interview Questions.pdf ├── Terraform-Interview-Q&A.pdf ├── Top AWS DevOps Interview Questions.pdf ├── Top_200_Linux_Interview_questions.pdf ├── __ Interview Preparation for DevOps Engineers Checklist.pdf └── devops shack jenkins interview Q&A.pdf ├── infrastructure-as-code └── README.md ├── mock-interviews └── README.md ├── monitoring-logging └── README.md └── networking-security └── README.md /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | # FUNDING.yml 2 | 3 | github: NotHarshhaa 4 | ko_fi: harshhaareddy 5 | buy_me_a_coffee: harshhaareddy 6 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Code of Conduct 2 | 3 | ## 📜 Our Pledge 4 | 5 | We, as contributors and maintainers of this repository, pledge to create a **welcoming, respectful, and inclusive** environment for everyone. We are committed to ensuring that all contributors feel safe, valued, and encouraged to participate in meaningful discussions. 6 | 7 | ## 🤝 Our Standards 8 | 9 | > [!IMPORTANT] 10 | > 11 | > To foster a positive community, we expect all contributors to: 12 | > 13 | > ✅ **Be Respectful** – Treat others with kindness and professionalism. 14 | > ✅ **Encourage Collaboration** – Help others and share knowledge freely. 15 | > ✅ **Be Inclusive** – Welcome people from diverse backgrounds and experiences. 16 | > ✅ **Give Constructive Feedback** – Offer helpful suggestions instead of criticism. 17 | > ✅ **Stay On-Topic** – Keep discussions relevant to DevOps interview questions. 18 | 19 | ## 🚫 Unacceptable Behavior 20 | 21 | > [!CAUTION] 22 | > 23 | > The following behaviors are **strictly prohibited**: 24 | > 25 | > ❌ Harassment, discrimination, or offensive comments. 26 | > ❌ Personal attacks or hate speech. 27 | > ❌ Posting spam, irrelevant content, or self-promotion. 28 | > ❌ Disruptive behavior that hinders collaboration. 29 | 30 | ## 🛠 Reporting Issues 31 | 32 | > [!NOTE] 33 | > 34 | > If you experience or witness any violations of this Code of Conduct: 35 | > 36 | > 📌 **Report via GitHub Issues** – Open an issue with relevant details. 37 | > 📌 **Email the Maintainer** – Reach out privately if needed. 38 | > 📌 **Stay Respectful** – Assume positive intent and address concerns constructively. 39 | 40 | ## ⚖️ Enforcement 41 | 42 | > [!WARNING] 43 | > 44 | > Violations of this Code of Conduct may result in: 45 | > 46 | > 1️⃣ A **warning** for minor infractions. 47 | > 2️⃣ **Temporary suspension** from contributions. 48 | > 3️⃣ **Permanent ban** for repeated or severe violations. 49 | 50 | ## 💡 Acknowledgment 51 | 52 | This Code of Conduct is inspired by the **Contributor Covenant** and aims to foster a respectful DevOps learning community. 53 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # 📜 **CONTRIBUTING** - DevOps Interview Questions Repository 2 | 3 | Thank you for considering contributing to **DevOps Interview Questions**! 🎉 This repository is a community-driven effort to provide a **comprehensive collection of 550+ interview questions and answers** covering various **DevOps tools and cloud platforms**. Your contributions help make this resource valuable for DevOps learners and professionals. 4 | 5 | --- 6 | 7 | ## 🚀 **How to Contribute** 8 | 9 | ### 🔹 1. Fork & Clone the Repository 10 | 11 | 1. Click the **Fork** button (top-right corner) to create a copy of the repository in your GitHub account. 12 | 2. Clone the forked repository to your local machine: 13 | 14 | ```bash 15 | git clone https://github.com/NotHarshhaa/devops-interview-questions.git 16 | cd devops-interview-questions 17 | ``` 18 | 19 | 3. Create a new branch for your changes: 20 | 21 | ```bash 22 | git checkout -b feature/add-new-questions 23 | ``` 24 | 25 | --- 26 | 27 | ### 🔹 2. Types of Contributions 28 | 29 | > [!IMPORTANT] 30 | > 31 | > #### ✅ **Add New Interview Questions** 32 | > 33 | > - Navigate to the respective category (e.g., AWS, Kubernetes, Docker, etc.). 34 | > - Add your new question in the format: 35 | > 36 | > ```markdown 37 | > ### ❓ Question: How does Kubernetes handle container networking? 38 | > **Answer:** Kubernetes uses CNI (Container Network Interface) plugins to configure networking for pods, allowing communication between containers and external services. 39 | > ``` 40 | > 41 | > - Ensure answers are **clear**, **concise**, and **technically correct**. 42 | > 43 | > #### ✅ **Improve Existing Questions & Answers** 44 | > 45 | > - If you find a question that needs better explanation, formatting, or corrections, **edit it**. 46 | > - Add **code snippets** where necessary to improve clarity. 47 | > 48 | > #### ✅ **Fix Typos, Grammar, or Formatting Issues** 49 | > 50 | > - Ensure markdown syntax is correct. 51 | > - Use **proper bullet points, headers, and spacing** for readability. 52 | > 53 | > #### ✅ **Add References & Resources** 54 | > 55 | > - If applicable, add links to **official documentation** or reputable sources for further reading. 56 | 57 | --- 58 | 59 | ### 🔹 3. Commit & Push Changes 60 | 61 | 1. Add your changes: 62 | 63 | ```bash 64 | git add . 65 | ``` 66 | 67 | 2. Commit with a **descriptive message**: 68 | 69 | ```bash 70 | git commit -m "[DevOps-Interview] feat: Added Kubernetes networking question" 71 | ``` 72 | 73 | 3. Push to your forked repository: 74 | 75 | ```bash 76 | git push origin feature/add-new-questions 77 | ``` 78 | 79 | 4. Open a **Pull Request (PR)** on GitHub. 80 | 81 | --- 82 | 83 | ## 📌 **Pull Request Guidelines** 84 | 85 | > [!TIP] 86 | > 87 | >🔹 **Ensure your PR has a clear title & description** 88 | >🔹 **Follow markdown formatting properly** 89 | >🔹 **Keep PRs focused on a specific topic** (avoid multiple unrelated changes) 90 | >🔹 **Mention any related issues in your PR** (if applicable) 91 | 92 | --- 93 | 94 | ## 📢 **Code of Conduct** 95 | 96 | > [!NOTE] 97 | > 98 | > By participating in this project, you agree to follow our **[Code of Conduct](CODE_OF_CONDUCT.md)** to maintain a respectful and collaborative environment. 99 | 100 | --- 101 | 102 | ## ⭐ **Support & Acknowledgments** 103 | 104 | > [!IMPORTANT] 105 | > 106 | > If you find this repository helpful, please **star** ⭐ it and **spread the word**! 107 | 108 | 🚀 **Happy Contributing!** 🚀 109 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 🚀 DevOps Interview Questions & Answers 2 | 3 | ![DevOps Banner](https://imgur.com/7Vjj0UE.png) 4 | 5 | ## 📌 About This Repository 6 | 7 | ![about](https://imgur.com/i6dZXRH.png) 8 | 9 | Welcome to **DevOps Interview Questions & Answers** – your one-stop destination for mastering **DevOps, Cloud, and SRE interviews**! 🚀 10 | 11 | This repository contains **550+ carefully curated interview questions** with detailed answers, covering **all major DevOps tools, cloud platforms, and best practices**. Whether you're a **beginner preparing for your first DevOps job** or an **experienced engineer aiming for top-tier roles**, this resource will help you **understand core concepts, ace technical interviews, and build confidence**. 12 | 13 | We cover: 14 | ✅ **DevOps Fundamentals** – CI/CD, Automation, Infrastructure as Code (IaC) 15 | ✅ **Cloud Providers** – AWS, Azure, GCP, OpenStack 16 | ✅ **Containers & Orchestration** – Docker, Kubernetes, Helm 17 | ✅ **CI/CD & Automation** – Jenkins, ArgoCD, GitHub Actions 18 | ✅ **Monitoring & Logging** – Prometheus, Grafana, ELK Stack 19 | ✅ **Networking & Security** – DNS, Load Balancing, SSL, Firewalls 20 | ✅ **Scripting & Configuration Management** – Ansible, Terraform, Bash, Python 21 | ✅ **DevOps Interview Scenarios & Real-World Problems** 22 | ✅ **PDFs & Study Docs** – Downloadable guides, cheat sheets & interview prep materials 23 | 24 | > [!IMPORTANT] 25 | > 26 | > **📜 New!** Access **PDFs & Docs** for structured learning and quick revision. 🚀 27 | > 28 | > Each section is **well-structured** with **questions categorized by difficulty level**: 29 | > 🟢 **Beginner** | 🟡 **Intermediate** | 🔴 **Advanced** 30 | > 31 | > 💡 **Bonus:** We also provide **real-world use cases, troubleshooting scenarios, and best practices** to ensure you're interview-ready! 32 | 33 | 🔥 **New questions and updates will be added regularly!** Stay tuned. 34 | 35 | --- 36 | 37 | **💡 New to DevOps Interviews?** Start with our **[Beginner's Guide](#📌-how-to-use-this-repository)** to get a roadmap! 38 | 39 | --- 40 | 41 | ## 📂 Topics Covered 42 | 43 | > [!IMPORTANT] 44 | > 45 | > This repository is structured into multiple categories to **help you navigate easily**: 46 | 47 | ✅ **DevOps Fundamentals**: What is DevOps? Key principles and SDLC integration 48 | ✅ **Cloud Computing**: AWS, Azure, GCP, OpenStack, Cloud-Native Services 49 | ✅ **CI/CD Pipelines**: Jenkins, GitHub Actions, GitLab CI/CD, ArgoCD 50 | ✅ **Containers & Orchestration**: Docker, Kubernetes, Helm, OpenShift 51 | ✅ **Infrastructure as Code**: Terraform, Ansible, CloudFormation 52 | ✅ **Monitoring & Logging**: Prometheus, Grafana, ELK Stack, New Relic 53 | ✅ **Networking & Security**: Firewalls, Load Balancers, IAM, SSL/TLS 54 | ✅ **Scripting & Automation**: Bash, Python, YAML, Groovy 55 | ✅ **DevOps Best Practices & Real-World Scenarios** 56 | 57 | 📜 **Currently, the repository contains over 550+ handpicked DevOps questions!** 58 | 59 | > [!NOTE] 60 | > 61 | > This repository is meant to provide **realistic** interview questions and **not just theoretical answers**. Expect **scenario-based** and **practical** discussions! 62 | 63 | --- 64 | 65 | ## 📂 Repository Structure 66 | 67 | We have **organized the questions based on DevOps tools and concepts**: 68 | 69 | ``` 70 | 📦 devops-interview-questions 71 | ├── 📁 core-concepts/ # DevOps fundamentals 72 | ├── 📁 cloud/ # AWS, Azure, GCP, OpenStack 73 | ├── 📁 ci-cd/ # Jenkins, GitHub Actions, GitLab CI/CD 74 | ├── 📁 containers/ # Docker, Kubernetes, Helm 75 | ├── 📁 infrastructure-as-code/ # Terraform, Ansible, CloudFormation 76 | ├── 📁 monitoring-logging/ # Prometheus, Grafana, ELK Stack 77 | ├── 📁 networking-security/ # IAM, Firewalls, Load Balancers 78 | ├── 📁 automation-scripting/ # Bash, Python, YAML, Groovy 79 | ├── 📁 best-practices/ # Real-world scenarios & case studies 80 | ├── 📁 mock-interviews/ # Mock interview questions and solutions 81 | ├── 📁 cheat-sheets/ # Quick reference guides 82 | ├── 📁 docs/ # Folder for PDFs & Docs 83 | ├── 📄 CONTRIBUTING.md # Contribution guidelines 84 | ├── 📄 LICENSE # License information 85 | └── 📄 README.md # Project overview (this file) 86 | ``` 87 | 88 | --- 89 | 90 | ## 🔥 Quick Access to Questions 91 | 92 | | Category | 📂 Folder | 🔗 Link | 93 | |--------------------------------|----------|---------| 94 | | **DevOps Core Concepts** | `core-concepts/` | [View Questions](core-concepts/README.md) | 95 | | **AWS, Azure, GCP** | `cloud/` | [View Questions](cloud/README.md) | 96 | | **Jenkins, GitHub Actions** | `ci-cd/` | [View Questions](ci-cd/README.md) | 97 | | **Docker, Kubernetes** | `containers/` | [View Questions](containers/README.md) | 98 | | **Terraform, Ansible** | `infrastructure-as-code/` | [View Questions](infrastructure-as-code/README.md) | 99 | | **Prometheus, ELK Stack** | `monitoring-logging/` | [View Questions](monitoring-logging/README.md) | 100 | | **IAM, Security, Networking** | `networking-security/` | [View Questions](networking-security/README.md) | 101 | | **Scripting & Automation** | `automation-scripting/` | [View Questions](automation-scripting/README.md) | 102 | | **Mock Interviews & Scenarios**| `mock-interviews/` | [View Questions](mock-interviews/README.md) | 103 | | **Cheat Sheets** | `cheat-sheets/` | [View Questions](cheat-sheets/README.md) | 104 | | **DevOps Interview Q&A PDF** | `docs/` | [Download](docs/README.md) | 105 | 106 | --- 107 | 108 | ## 📌 How to Use This Repository 109 | 110 | > [!IMPORTANT] 111 | > 112 | > If you're new to DevOps or interview preparation, follow this structured learning path: 113 | > 114 | > 1️⃣ **Beginner? Start Here!** 115 | > 116 | > - Read the **DevOps Fundamentals** section first. 117 | > - Learn the basics of **Git, Linux, and CI/CD**. 118 | > - Follow the **Beginner’s Roadmap** (coming soon). 119 | > 120 | > 2️⃣ **Practicing for Interviews?** 121 | > 122 | > - Explore **topic-wise interview questions**. 123 | > - Use the **Q&A format** to reinforce your understanding. 124 | > - Try solving questions before checking the answers. 125 | > 126 | >3️⃣ **Want to Contribute?** 127 | > 128 | > - Add new questions/answers via **Pull Requests (PRs)**. 129 | > - Share real interview experiences in the **Discussions** section. 130 | > 131 | > **🔗 [Jump to the Interview Questions](#-quick-access-to-questions)** 132 | 133 | --- 134 | 135 | ## 🔥 Mock Interviews & Real-World Scenarios 136 | 137 | > [!NOTE] 138 | > 139 | > In addition to standard interview questions, we include: 140 | > ✅ **Real-world problems DevOps engineers face** 141 | > ✅ **Kubernetes troubleshooting case studies** 142 | > ✅ **CI/CD pipeline failures & debugging challenges** 143 | > ✅ **Cloud deployment strategies & best practices** 144 | > ✅ **Networking & Security compliance scenarios** 145 | > 146 | > 📌 **[Check Out Mock Interviews & Scenarios](mock-interviews/README.md)** 147 | 148 | --- 149 | 150 | ## 📖 DevOps Cheat Sheets & Quick References 151 | 152 | We provide **cheat sheets** for quick learning and interview revision: 153 | 📌 **Linux Commands Cheat Sheet** 154 | 📌 **Git & GitHub Cheat Sheet** 155 | 📌 **Docker & Kubernetes Commands** 156 | 📌 **Jenkins & CI/CD Pipeline Examples** 157 | 158 | 📌 **[Explore Cheat Sheets](cheat-sheets/README.md)** 159 | 160 | --- 161 | 162 | ### **📝 DevOps Interview PDFs & Docs** 163 | 164 | Looking for **downloadable PDFs** of **DevOps interview questions, cheat sheets, and study guides**? We've got you covered! 🚀 165 | 166 | 📂 **What You’ll Find Here:** 167 | ✔️ **DevOps Interview Questions (PDF Format)** – Download **550+ curated questions** in one file 168 | ✔️ **Cheat Sheets & Quick References** – Linux, Git, Kubernetes, Docker, Terraform, and more 169 | ✔️ **Mock Interview Scenarios & Case Studies** – Real-world troubleshooting and hands-on challenges 170 | ✔️ **Cloud & DevOps Roadmaps** – Step-by-step learning paths for AWS, Azure, GCP, and Kubernetes 171 | 172 | 📥 **[Download PDFs & Docs](docs/README.md)** 173 | 174 | 📌 **Want to contribute?** If you have useful PDFs, case studies, or additional questions, feel free to **submit a pull request**! 175 | 176 | --- 177 | 178 | ## 🤝 Contribute 179 | 180 | 💡 **Want to add questions or improve answers?** Your contributions are welcome! 181 | 182 | 📑 **How to contribute:** 183 | 1️⃣ Fork this repository. 184 | 2️⃣ Add your questions/answers in the relevant folder. 185 | 3️⃣ Submit a pull request with clear explanations. 186 | 4️⃣ Help improve and maintain this valuable resource for the community! 187 | 188 | 📄 Read the [CONTRIBUTING.md](CONTRIBUTING.md) for detailed guidelines. 189 | 190 | --- 191 | 192 | ## 🚀 What's Coming Next? 193 | 194 | ✅ **More Real-World Case Studies** 195 | ✅ **Cloud & Kubernetes Troubleshooting Questions** 196 | ✅ **DevOps Roadmaps for Beginners & Experts** 197 | ✅ **Live Mock Interview Recordings (YouTube/Blog)** 198 | 199 | 📌 **Follow for Updates:** 200 | 🔗 **GitHub**: [@NotHarshhaa](https://github.com/NotHarshhaa) 201 | 📝 **Blog**: [ProDevOpsGuy](https://blog.prodevopsguy.xyz) 202 | 💬 **Telegram Community**: [Join Here](https://t.me/prodevopsguy) 203 | 204 | --- 205 | 206 | ## ⭐ Support This Project 207 | 208 | If this repository **helped you**, please: 209 | ✅ **Star** ⭐ the repository 210 | ✅ **Share** it with fellow DevOps learners 211 | ✅ **Contribute** by adding new questions 212 | 213 | 🚀 **Happy Learning & Best of Luck for Your DevOps Interviews!** 🚀 214 | 215 | ![banner](https://imgur.com/8ypFtRx.png) 216 | -------------------------------------------------------------------------------- /automation-scripting/README.md: -------------------------------------------------------------------------------- 1 | # Automation & Scripting Interview Questions 2 | 3 | ## **Beginner-Level (1-20) Questions** 4 | 5 | ### **1. What is automation in DevOps?** 6 | 7 | Automation in DevOps refers to scripting repetitive tasks like provisioning, configuration, deployment, and monitoring to improve efficiency and reduce errors. 8 | 9 | ### **2. What are the benefits of scripting in DevOps?** 10 | 11 | - Reduces manual effort 12 | - Increases consistency and repeatability 13 | - Improves efficiency and speed 14 | - Reduces errors and enhances security 15 | 16 | ### **3. What is Bash scripting?** 17 | 18 | Bash scripting is writing command-line instructions in a script file (`.sh`) to automate tasks in Unix/Linux environments. 19 | 20 | ### **4. How do you write a basic Bash script?** 21 | 22 | ```bash 23 | #!/bin/bash 24 | echo "Hello, DevOps!" 25 | ``` 26 | 27 | Save the file (`script.sh`), make it executable (`chmod +x script.sh`), and run it (`./script.sh`). 28 | 29 | ### **5. What is the difference between Bash and Shell scripting?** 30 | 31 | Bash is a type of shell, but shell scripting can also be done in other shells like **sh, csh, and zsh**. Bash provides more advanced scripting features. 32 | 33 | ### **6. What are variables in Bash?** 34 | 35 | Variables store values and are defined without a `$` sign but accessed using `$`. 36 | 37 | ```bash 38 | name="DevOps" 39 | echo "Hello, $name" 40 | ``` 41 | 42 | ### **7. What is Python scripting used for in DevOps?** 43 | 44 | - Infrastructure as Code (IaC) 45 | - CI/CD automation 46 | - Log analysis 47 | - Cloud automation (AWS, Azure, GCP SDKs) 48 | 49 | ### **8. How do you define a function in Python?** 50 | 51 | ```python 52 | def greet(): 53 | print("Hello, DevOps!") 54 | greet() 55 | ``` 56 | 57 | ### **9. What is YAML, and where is it used?** 58 | 59 | YAML (Yet Another Markup Language) is a human-readable format used for **Kubernetes configurations, Ansible playbooks, CI/CD pipelines**, etc. 60 | 61 | ### **10. What is a YAML file example?** 62 | 63 | ```yaml 64 | version: '3' 65 | services: 66 | web: 67 | image: nginx 68 | ports: 69 | - "80:80" 70 | ``` 71 | 72 | ### **11. How do you write a simple Groovy script?** 73 | 74 | ```groovy 75 | println "Hello, DevOps!" 76 | ``` 77 | 78 | Groovy is used in **Jenkins pipelines and automation tasks**. 79 | 80 | ### **12. What is the shebang (`#!`) in a script?** 81 | 82 | The shebang (`#!/bin/bash` or `#!/usr/bin/python3`) specifies the interpreter for executing the script. 83 | 84 | ### **13. What are loops in Bash?** 85 | 86 | Bash supports `for`, `while`, and `until` loops. Example: 87 | 88 | ```bash 89 | for i in {1..5}; do echo "Iteration $i"; done 90 | ``` 91 | 92 | ### **14. What are conditional statements in Bash?** 93 | 94 | `if-else` statements execute different code based on conditions. 95 | 96 | ```bash 97 | if [ $USER == "root" ]; then echo "Admin access"; else echo "User access"; fi 98 | ``` 99 | 100 | ### **15. How do you read input in Bash?** 101 | 102 | ```bash 103 | echo "Enter name: " 104 | read name 105 | echo "Hello, $name" 106 | ``` 107 | 108 | ### **16. How do you create a Python virtual environment?** 109 | 110 | ```bash 111 | python3 -m venv myenv 112 | source myenv/bin/activate 113 | ``` 114 | 115 | ### **17. How do you parse JSON in Python?** 116 | 117 | ```python 118 | import json 119 | data = '{"name": "DevOps"}' 120 | parsed = json.loads(data) 121 | print(parsed["name"]) 122 | ``` 123 | 124 | ### **18. What is the `awk` command in Bash?** 125 | 126 | `awk` is used for text processing. Example: 127 | 128 | ```bash 129 | awk '{print $1}' file.txt 130 | ``` 131 | 132 | Extracts the first column from `file.txt`. 133 | 134 | ### **19. How do you comment in YAML?** 135 | 136 | Use `#` for comments. 137 | 138 | ```yaml 139 | # This is a comment 140 | name: DevOps 141 | ``` 142 | 143 | ### **20. How do you declare variables in Groovy?** 144 | 145 | ```groovy 146 | def name = "DevOps" 147 | println name 148 | ``` 149 | 150 | --- 151 | 152 | ## **Intermediate-Level (21-40) Questions** 153 | 154 | ### **21. How do you pass arguments to a Bash script?** 155 | 156 | ```bash 157 | #!/bin/bash 158 | echo "Hello, $1!" 159 | ``` 160 | 161 | Run: `./script.sh DevOps` → Output: `Hello, DevOps!` 162 | 163 | ### **22. How do you handle errors in Bash scripts?** 164 | 165 | Use `set -e` to stop execution on errors. 166 | 167 | ### **23. What is an Ansible playbook?** 168 | 169 | A YAML file that defines automation tasks for servers. 170 | 171 | ### **24. How do you handle exceptions in Python?** 172 | 173 | ```python 174 | try: 175 | print(1 / 0) 176 | except ZeroDivisionError: 177 | print("Cannot divide by zero") 178 | ``` 179 | 180 | ### **25. How do you schedule a script with Cron?** 181 | 182 | Edit `crontab -e` and add: 183 | 184 | ```bash 185 | 0 5 * * * /path/to/script.sh 186 | ``` 187 | 188 | Runs the script daily at 5 AM. 189 | 190 | ### **26. How do you execute a Groovy script in Jenkins?** 191 | 192 | Use `script {}` inside a Jenkins pipeline. 193 | 194 | ### **27. How do you create a list in Python?** 195 | 196 | ```python 197 | mylist = [1, 2, 3] 198 | print(mylist[0]) 199 | ``` 200 | 201 | ### **28. What is `sed` in Bash?** 202 | 203 | Used for text replacement. Example: 204 | 205 | ```bash 206 | sed -i 's/old/new/g' file.txt 207 | ``` 208 | 209 | ### **29. How do you define a dictionary in Python?** 210 | 211 | ```python 212 | mydict = {"name": "DevOps"} 213 | print(mydict["name"]) 214 | ``` 215 | 216 | ### **30. How do you validate a YAML file?** 217 | 218 | Use `yamllint` or `kubectl apply -f --dry-run=client`. 219 | 220 | ### **31. How do you install Python modules?** 221 | 222 | ```bash 223 | pip install requests 224 | ``` 225 | 226 | ### **32. What is Jenkins pipeline syntax for automation?** 227 | 228 | ```groovy 229 | pipeline { 230 | agent any 231 | stages { 232 | stage('Build') { 233 | steps { 234 | echo "Building..." 235 | } 236 | } 237 | } 238 | } 239 | ``` 240 | 241 | ### **33. How do you iterate over a dictionary in Python?** 242 | 243 | ```python 244 | for key, value in mydict.items(): 245 | print(key, value) 246 | ``` 247 | 248 | ### **34. How do you set environment variables in Bash?** 249 | 250 | ```bash 251 | export VAR="DevOps" 252 | ``` 253 | 254 | ### **35. What is an Ansible role?** 255 | 256 | A reusable way to organize Ansible tasks, handlers, and templates. 257 | 258 | ### **36. What is a multiline string in YAML?** 259 | 260 | ```yaml 261 | message: | 262 | Line 1 263 | Line 2 264 | ``` 265 | 266 | ### **37. What is an associative array in Bash?** 267 | 268 | ```bash 269 | declare -A myarray 270 | myarray[name]="DevOps" 271 | echo ${myarray[name]} 272 | ``` 273 | 274 | ### **38. How do you run a shell command in Python?** 275 | 276 | ```python 277 | import os 278 | os.system("ls") 279 | ``` 280 | 281 | ### **39. What is `jq` in Linux?** 282 | 283 | Used to parse JSON. Example: 284 | 285 | ```bash 286 | cat data.json | jq '.name' 287 | ``` 288 | 289 | ### **40. How do you exit a script with a status code?** 290 | 291 | ```bash 292 | exit 1 293 | ``` 294 | 295 | --- 296 | 297 | ## **Advanced-Level (41-60) Questions** 298 | 299 | ### **41. How do you debug a Bash script?** 300 | 301 | Use `set -x` for debugging: 302 | 303 | ```bash 304 | #!/bin/bash 305 | set -x 306 | echo "Debugging mode enabled" 307 | ``` 308 | 309 | ### **42. How do you trap signals in a Bash script?** 310 | 311 | ```bash 312 | trap "echo 'Script interrupted'; exit" SIGINT SIGTERM 313 | ``` 314 | 315 | Catches `Ctrl+C` (SIGINT) and terminates gracefully. 316 | 317 | ### **43. What is the difference between `$(command)` and backticks `` `command` `` in Bash?** 318 | 319 | Both execute commands, but `$(command)` is preferred as it's **nestable**. 320 | 321 | ### **44. How do you handle multiline commands in a Bash script?** 322 | 323 | Use `\` for line continuation: 324 | 325 | ```bash 326 | echo "This is a \ 327 | multiline command" 328 | ``` 329 | 330 | ### **45. How do you use conditionals inside a YAML file?** 331 | 332 | With Jinja2 templating in Ansible: 333 | 334 | ```yaml 335 | tasks: 336 | - name: Install package 337 | yum: 338 | name: httpd 339 | when: ansible_os_family == "RedHat" 340 | ``` 341 | 342 | ### **46. How do you encrypt secrets in YAML?** 343 | 344 | Use **Ansible Vault**: 345 | 346 | ```bash 347 | ansible-vault encrypt secrets.yaml 348 | ``` 349 | 350 | ### **47. How do you execute a Python script inside a Bash script?** 351 | 352 | ```bash 353 | python3 <`. 181 | 182 | ### **39. What are the best practices for writing Dockerfiles?** 183 | 184 | - Use lightweight base images. 185 | - Minimize layers. 186 | - Avoid hardcoding secrets. 187 | - Use multi-stage builds. 188 | 189 | ### **40. What is FinOps in cloud computing?** 190 | 191 | A practice for optimizing cloud costs and budgeting efficiently. 192 | 193 | --- 194 | 195 | ## **Advanced-Level (41-60) Questions** 196 | 197 | ### **41. How do you implement policy-as-code in DevOps?** 198 | 199 | Using tools like **Open Policy Agent (OPA)** and **HashiCorp Sentinel**. 200 | 201 | ### **42. How do you handle incident response in DevOps?** 202 | 203 | Using an **on-call rotation**, **alerting**, and **post-mortems**. 204 | 205 | ### **43. What is site reliability engineering (SRE)?** 206 | 207 | A discipline that applies software engineering principles to system reliability. 208 | 209 | ### **44. How do you enforce security compliance in a DevOps pipeline?** 210 | 211 | By integrating **security scanning**, **linting**, and **automated compliance tests**. 212 | 213 | ### **45. How do you manage hybrid cloud environments?** 214 | 215 | Using tools like **Anthos, Azure Arc, and Terraform**. 216 | 217 | ### **46. What is an SBOM (Software Bill of Materials)?** 218 | 219 | A list of all components in software, used for security analysis. 220 | 221 | ### **47. How do you implement auto-remediation in DevOps?** 222 | 223 | Using **AWS Lambda, Ansible, or Kubernetes operators** to fix issues automatically. 224 | 225 | ### **48. How do you secure a Kubernetes cluster?** 226 | 227 | - Use **RBAC (Role-Based Access Control)** 228 | - Enable **Pod Security Policies** 229 | - Rotate **TLS certificates** 230 | 231 | ### **49. How do you optimize cloud costs in a DevOps environment?** 232 | 233 | By using **spot instances, auto-scaling, and rightsizing resources**. 234 | 235 | ### **51. How did Netflix achieve high availability using DevOps practices?** 236 | 237 | #### **Case Study:** 238 | 239 | Netflix uses **chaos engineering** with **Chaos Monkey** to simulate failures and ensure resilience. It also relies on: 240 | 241 | - **Auto-scaling with AWS** 242 | - **Service discovery with Eureka** 243 | - **CI/CD pipelines for rapid deployments** 244 | 245 | ### **52. How did Facebook reduce deployment failures with DevOps?** 246 | 247 | #### **Case Study:** 248 | 249 | Facebook follows **dark launching** and **feature flagging** to test features before full release. 250 | 251 | - **Blue-Green deployments** minimize risk. 252 | - **Automated testing & rollbacks** prevent issues. 253 | 254 | ### **53. How does Google ensure zero-downtime deployments?** 255 | 256 | #### **Case Study:** 257 | 258 | Google uses **SRE (Site Reliability Engineering)** with: 259 | 260 | - **Canary deployments** to test updates. 261 | - **Load balancing & Kubernetes** for seamless scaling. 262 | 263 | ### **54. How did Capital One implement DevSecOps to enhance security?** 264 | 265 | #### **Case Study:** 266 | 267 | Capital One integrates security early in CI/CD pipelines by: 268 | 269 | - Using **Terraform for infrastructure compliance** 270 | - Running **SAST (Static Application Security Testing)** 271 | - Automating **security audits with Open Policy Agent (OPA)** 272 | 273 | ### **55. How did Etsy achieve faster deployments?** 274 | 275 | #### **Case Study:** 276 | 277 | Etsy moved from **weekly releases** to **50+ deployments per day** by: 278 | 279 | - Using **feature flags** 280 | - Implementing **continuous deployment** 281 | - Automating **infrastructure with Ansible** 282 | 283 | ### **56. How did Amazon implement DevOps at scale?** 284 | 285 | #### **Case Study:** 286 | 287 | Amazon follows a **two-pizza team model** (small, autonomous teams) with: 288 | 289 | - **Microservices architecture** 290 | - **Infrastructure automation with AWS Lambda** 291 | - **Performance monitoring using AWS CloudWatch** 292 | 293 | ### **57. How did LinkedIn improve site reliability using DevOps?** 294 | 295 | #### **Case Study:** 296 | 297 | LinkedIn handles **5+ billion messages daily** by: 298 | 299 | - Using **Kafka for real-time data processing** 300 | - Implementing **auto-remediation scripts** 301 | - Running **machine learning-based anomaly detection** 302 | 303 | ### **58. How does NASA ensure high system reliability?** 304 | 305 | #### **Case Study:** 306 | 307 | NASA runs mission-critical DevOps with: 308 | 309 | - **Immutable infrastructure to prevent drift** 310 | - **Automated rollback strategies** 311 | - **Strict security compliance with FedRAMP & NIST** 312 | 313 | ### **59. How does Spotify optimize CI/CD pipelines for faster feature releases?** 314 | 315 | #### **Case Study:** 316 | 317 | Spotify enables **developer autonomy** with: 318 | 319 | - **Trunk-based development** 320 | - **Decentralized microservices** 321 | - **Experimentation using feature toggles** 322 | 323 | ### **60. How did Uber scale DevOps for millions of daily users?** 324 | 325 | #### **Case Study:** 326 | 327 | Uber optimized **latency and availability** using: 328 | 329 | - **Service Mesh (Istio) for observability** 330 | - **Multi-cloud deployments with Kubernetes** 331 | - **Automated incident response with PagerDuty** 332 | 333 | --- 334 | 335 | ### **Summary** 336 | 337 | These real-world case studies show how leading companies use **DevOps best practices** to enhance **reliability, security, and scalability**. 338 | 339 | --- 340 | 341 | ## **📢 Contribute & Stay Updated** 342 | 343 | 💡 **Want to contribute?** 344 | We **welcome contributions!** If you have insights, new tools, or improvements, feel free to submit a **pull request**. 345 | 346 | 📌 **How to Contribute?** 347 | 348 | - Read the **[CONTRIBUTING.md](https://github.com/NotHarshhaa/DevOps-Interview-Questions/blob/master/CONTRIBUTING.md)** guide. 349 | - Fix errors, add missing topics, or suggest improvements. 350 | - Submit a **pull request** with your updates. 351 | 352 | 📢 **Stay Updated:** 353 | ⭐ **Star the repository** to get notified about new updates and additions. 354 | 💬 **Join discussions** in **[GitHub Issues](https://github.com/NotHarshhaa/DevOps-Interview-Questions/issues)** to suggest improvements. 355 | 356 | --- 357 | 358 | ## **🌍 Community & Support** 359 | 360 | 🔗 **GitHub:** [@NotHarshhaa](https://github.com/NotHarshhaa) 361 | 📝 **Blog:** [ProDevOpsGuy](https://blog.prodevopsguy.xyz) 362 | 💬 **Telegram Community:** [Join Here](https://t.me/prodevopsguy) 363 | 364 | ![Follow Me](https://imgur.com/2j7GSPs.png) 365 | -------------------------------------------------------------------------------- /cheat-sheets/README.md: -------------------------------------------------------------------------------- 1 | # **📖 DevOps Cheat Sheets – Quick Reference Guide** 2 | 3 | 🚀 **Looking for quick commands, best practices, and essential tips for DevOps tools?** 4 | 📌 **Want a single place to recall important configurations for CI/CD, Containers, Cloud, Monitoring, Security, and more?** 5 | 6 | This section provides a **high-level overview** of DevOps toolsets, but for **detailed, well-structured cheat sheets**, we maintain a separate **dedicated repository**. 7 | 8 | 👉 **Access the Full Cheatsheet Collection:** 9 | 🔗 **[DevOps Tools Cheatsheet Repository](https://github.com/NotHarshhaa/devops-cheatsheet)** 10 | 11 | --- 12 | 13 | ## **📚 What’s Inside?** 14 | 15 | The **DevOps Cheatsheet Repository** is designed to be a **one-stop solution** for quick DevOps references. Instead of scattered notes, it provides well-structured cheat sheets covering: 16 | 17 | ✅ **CI/CD Automation** – Jenkins, GitHub Actions, GitLab CI/CD, CircleCI 18 | ✅ **Containers & Orchestration** – Docker, Kubernetes, Helm, OpenShift 19 | ✅ **Cloud & Infrastructure as Code (IaC)** – AWS, Azure, GCP, Terraform 20 | ✅ **Monitoring & Observability** – Prometheus, Grafana, ELK Stack 21 | ✅ **Security & Compliance** – Trivy, SonarQube, HashiCorp Vault 22 | ✅ **Networking & GitOps** – Istio, Envoy, Consul, GitLab, GitHub 23 | 24 | 📌 **Why a separate repository?** 25 | Instead of duplicating content, all cheatsheets are maintained in a **dedicated GitHub repository** to ensure up-to-date and well-organized documentation. 26 | 27 | --- 28 | 29 | ## **📂 Cheatsheets Overview** 30 | 31 | 💡 **Navigate the categories in the DevOps Cheatsheet Repository:** 32 | 33 | | **Category** | **Topics Covered** | 34 | |----------------------------|------------------------------------------------| 35 | | **CI/CD & Automation** | Jenkins, GitHub Actions, GitLab CI, CircleCI | 36 | | **Containers & Orchestration** | Docker, Kubernetes, Helm, OpenShift | 37 | | **Infrastructure as Code (IaC)** | Terraform, Ansible, CloudFormation | 38 | | **Monitoring & Logging** | Prometheus, Grafana, ELK Stack, CloudWatch | 39 | | **Security & Compliance** | Trivy, SonarQube, HashiCorp Vault | 40 | | **Networking & GitOps** | Istio, Envoy, Consul, GitHub, GitLab | 41 | 42 | 📌 **👉 [Explore the Full Cheatsheet Collection](https://github.com/NotHarshhaa/devops-cheatsheet)** 43 | 44 | --- 45 | 46 | ## **🚀 Why Use This Cheatsheet Repository?** 47 | 48 | ✅ **Instant Access:** Quickly recall essential commands and configurations 49 | ✅ **Beginner to Expert Friendly:** Covers both **fundamentals** and **advanced** topics 50 | ✅ **Structured & Well-Organized:** Easily find what you need in seconds 51 | ✅ **Regular Updates:** Stay up-to-date with the latest DevOps tools and best practices 52 | ✅ **Community-Driven:** Open-source project where everyone can contribute 53 | 54 | --- 55 | 56 | ## **📌 How to Use These Cheatsheets?** 57 | 58 | 1️⃣ **Navigate the Categories** – Find the tool or technology you need. 59 | 2️⃣ **Use the Cheatsheets** – Each file contains quick commands, configurations, and best practices. 60 | 3️⃣ **Bookmark for Quick Reference** – No need to Google every time! 61 | 4️⃣ **Contribute & Improve** – Share your insights, report errors, or add missing tools. 62 | 63 | 🔗 **Start Exploring:** 👉 [DevOps Cheatsheet Repository](https://github.com/NotHarshhaa/devops-cheatsheet) 64 | 65 | --- 66 | 67 | ## **👥 Who Should Use This?** 68 | 69 | This collection is **useful for everyone in the DevOps ecosystem**: 70 | 71 | > 🛠️ **DevOps Engineers** – Quick access to essential commands & workflows 72 | > 🖥️ **Sysadmins** – Efficiently manage servers, monitoring, and deployments 73 | > 👨‍💻 **Developers** – Learn & apply DevOps best practices 74 | > 🚀 **Beginners** – Get started with step-by-step guides and practical examples 75 | 76 | 💡 Whether you're automating deployments, managing cloud infrastructure, or enhancing security, this cheatsheet repository is your **ultimate DevOps reference**! 77 | 78 | --- 79 | 80 | ## **📢 Contribute & Stay Updated** 81 | 82 | 💡 **Want to contribute?** 83 | We **welcome contributions!** If you have insights, new tools, or improvements, feel free to submit a **pull request**. 84 | 85 | 📌 **How to Contribute?** 86 | - Read the **[CONTRIBUTING.md](https://github.com/NotHarshhaa/devops-cheatsheet/blob/main/CONTRIBUTING.md)** guide. 87 | - Fix errors, add missing topics, or suggest improvements. 88 | - Submit a **pull request** with your updates. 89 | 90 | 📢 **Stay Updated:** 91 | ⭐ **Star the repository** to get notified about new updates and additions. 92 | 💬 **Join discussions** in **[GitHub Issues](https://github.com/NotHarshhaa/devops-cheatsheet/issues)** to suggest improvements. 93 | 94 | --- 95 | 96 | ## **🌍 Community & Support** 97 | 98 | 🔗 **GitHub:** [@NotHarshhaa](https://github.com/NotHarshhaa) 99 | 📝 **Blog:** [ProDevOpsGuy](https://blog.prodevopsguy.xyz) 100 | 💬 **Telegram Community:** [Join Here](https://t.me/prodevopsguy) 101 | 102 | --- 103 | 104 | ## **🔹 Ready to Supercharge Your DevOps Workflow?** 105 | 106 | 🚀 **[Check Out the DevOps Cheatsheet Repository](https://github.com/NotHarshhaa/devops-cheatsheet)** 107 | 108 | 🔥 **Master DevOps – One Command at a Time!** 🔥 109 | -------------------------------------------------------------------------------- /ci-cd/README.md: -------------------------------------------------------------------------------- 1 | # **CI/CD - DevOps Interview Questions** 2 | 3 | ## **Beginner Level (1-20 Questions)** 4 | 5 | ### **1. What is CI/CD in DevOps?** 6 | 7 | **Answer:** 8 | CI/CD stands for **Continuous Integration (CI) and Continuous Deployment (CD)**. 9 | 10 | - **CI (Continuous Integration):** Developers frequently merge code into a shared repository, and automated tests are run to catch issues early. 11 | - **CD (Continuous Deployment/Delivery):** Automates the deployment of software. 12 | - **Continuous Delivery:** Requires manual approval before deployment. 13 | - **Continuous Deployment:** Fully automated, no manual intervention. 14 | 15 | ### **2. What are the benefits of using CI/CD?** 16 | 17 | **Answer:** 18 | 19 | - **Faster Releases:** Automates software delivery. 20 | - **Early Bug Detection:** Runs tests automatically on new code. 21 | - **Improved Collaboration:** Developers merge code frequently, reducing integration issues. 22 | - **Consistent Deployments:** Eliminates manual errors with automated builds and releases. 23 | 24 | ### **3. What are some popular CI/CD tools?** 25 | 26 | **Answer:** 27 | 28 | - **Jenkins** – Open-source, highly customizable. 29 | - **GitHub Actions** – Integrated with GitHub. 30 | - **GitLab CI/CD** – Built-in with GitLab. 31 | - **CircleCI, Travis CI** – Cloud-based solutions. 32 | - **Azure DevOps Pipelines, AWS CodePipeline** – Cloud-native CI/CD. 33 | 34 | ### **4. What is a CI pipeline?** 35 | 36 | **Answer:** 37 | A **CI pipeline** is an automated workflow that builds, tests, and validates new code before merging it into production. 38 | 39 | - Steps: **Code Commit → Build → Test → Artifact Storage → Deployment** 40 | - Example tools: **Jenkinsfile, GitHub Actions YAML, GitLab CI/CD YAML** 41 | 42 | ### **5. What is a build artifact in CI/CD?** 43 | 44 | **Answer:** 45 | A **build artifact** is a compiled and packaged version of code ready for deployment. 46 | 47 | - Examples: 48 | - **JAR, WAR, or ZIP files** for Java projects 49 | - **Docker images** for containerized applications 50 | 51 | ### **6. How does source control work in CI/CD?** 52 | 53 | **Answer:** 54 | Source control (e.g., **Git**) helps track changes in code. 55 | 56 | - Developers push code to repositories (**GitHub, GitLab, Bitbucket**). 57 | - CI/CD tools trigger **automated builds and tests** on new commits. 58 | 59 | ### **7. What is the purpose of unit tests in CI/CD?** 60 | 61 | **Answer:** 62 | Unit tests validate **individual components of code** to catch early-stage bugs. 63 | 64 | - Tools: **JUnit, pytest, Mocha, Jest** 65 | - Example: 66 | 67 | ```python 68 | def add(x, y): 69 | return x + y 70 | 71 | def test_add(): 72 | assert add(2, 3) == 5 73 | ``` 74 | 75 | ### **8. What is versioning in CI/CD?** 76 | 77 | **Answer:** 78 | Versioning assigns unique numbers to each software release to track changes. 79 | 80 | - **Semantic Versioning (SemVer):** **MAJOR.MINOR.PATCH** (e.g., **1.2.3**) 81 | - **Git Tags:** CI/CD pipelines deploy specific versions using tags. 82 | 83 | ### **9. What is a rollback in CI/CD?** 84 | 85 | **Answer:** 86 | A rollback reverts to a previous stable release when the new deployment fails. 87 | 88 | - Example: Rolling back an application using Kubernetes: 89 | 90 | ```sh 91 | kubectl rollout undo deployment my-app 92 | ``` 93 | 94 | ### **10. What is a canary deployment?** 95 | 96 | **Answer:** 97 | Canary deployment releases new changes to a **subset of users** before full deployment. 98 | 99 | - Example: **Deploy to 10% of users → Monitor logs → Full release** 100 | 101 | --- 102 | 103 | ## **Intermediate Level (21-40 Questions)** 104 | 105 | ### **21. What is the difference between GitHub Actions and GitLab CI/CD?** 106 | 107 | **Answer:** 108 | 109 | | Feature | GitHub Actions | GitLab CI/CD | 110 | |---------|--------------|--------------| 111 | | **Integration** | Best with GitHub | Best with GitLab | 112 | | **Configuration** | `.github/workflows/*.yml` | `.gitlab-ci.yml` | 113 | | **Runners** | GitHub-hosted & self-hosted | GitLab Runners | 114 | | **Container Support** | Uses Docker containers | Strong native container support | 115 | 116 | ### **22. How do you trigger a Jenkins pipeline?** 117 | 118 | **Answer:** 119 | Jenkins pipelines can be triggered using: 120 | 121 | - **Webhooks:** Automatically triggered by a Git commit. 122 | - **Cron Jobs:** Run at scheduled times. 123 | - **Manually:** Click ‘Build Now’ in Jenkins UI. 124 | 125 | ### **23. What is a deployment strategy?** 126 | 127 | **Answer:** 128 | Deployment strategies ensure smooth updates. Common types: 129 | 130 | - **Rolling Deployment:** Replaces old instances gradually. 131 | - **Blue-Green Deployment:** Deploys new version alongside the old one. 132 | - **Canary Deployment:** Releases updates to a small group first. 133 | 134 | ### **24. How do you secure CI/CD pipelines?** 135 | 136 | **Answer:** 137 | 138 | - **Use Secrets Management** (e.g., HashiCorp Vault, AWS Secrets Manager). 139 | - **Restrict Access:** Use role-based access control (RBAC). 140 | - **Scan for Vulnerabilities:** Use tools like **Snyk, SonarQube**. 141 | 142 | ### **25. How do you integrate CI/CD with Infrastructure as Code (IaC)?** 143 | 144 | **Answer:** 145 | Integrating **CI/CD with Infrastructure as Code (IaC)** ensures that infrastructure changes are automated and version-controlled. 146 | 147 | - **Best Practices:** 148 | - Store IaC scripts (**Terraform, Ansible, CloudFormation**) in **Git**. 149 | - Use **automated testing** (e.g., `terraform validate`, `ansible-lint`). 150 | - Apply changes using CI/CD pipelines (`terraform apply`). 151 | - **Example GitHub Actions Pipeline for Terraform:** 152 | 153 | ```yaml 154 | jobs: 155 | terraform: 156 | steps: 157 | - run: terraform init 158 | - run: terraform validate 159 | - run: terraform apply -auto-approve 160 | ``` 161 | 162 | ### **26. What is a pipeline as code?** 163 | 164 | **Answer:** 165 | Pipeline as Code means defining **CI/CD workflows using configuration files**. 166 | 167 | - Example tools: **Jenkinsfile, GitHub Actions YAML, GitLab CI/CD YAML**. 168 | - **Example Jenkinsfile:** 169 | 170 | ```groovy 171 | pipeline { 172 | agent any 173 | stages { 174 | stage('Build') { steps { sh 'mvn package' } } 175 | stage('Test') { steps { sh 'mvn test' } } 176 | } 177 | } 178 | ``` 179 | 180 | ### **27. What is an ephemeral build environment in CI/CD?** 181 | 182 | **Answer:** 183 | An **ephemeral build environment** is a temporary environment spun up **only during the build process** and discarded after execution. 184 | 185 | - Used in **GitHub Actions Runners, Jenkins Agents, Kubernetes Jobs**. 186 | - **Benefits:** 187 | - Ensures **clean state** for each build. 188 | - Reduces **resource costs**. 189 | 190 | ### **28. What is the purpose of a staging environment in CI/CD?** 191 | 192 | **Answer:** 193 | A **staging environment** replicates production to test before deployment. 194 | 195 | - **Why it matters:** 196 | - Helps catch bugs **before they reach production**. 197 | - Enables **performance testing, security testing**. 198 | - **CI/CD flow:** 199 | - Dev → QA → **Staging** → Production 200 | 201 | ### **29. How does a monorepo impact CI/CD pipelines?** 202 | 203 | **Answer:** 204 | A **monorepo** is a single repository for multiple projects/services. 205 | 206 | - **Challenges:** 207 | - Running **CI/CD for only changed services** can be complex. 208 | - **Large build times** if not optimized. 209 | - **Solution:** 210 | - Use **Bazel, NX, or GitHub Actions path filters** to build/test only **modified code**. 211 | 212 | ### **30. What are pipeline triggers, and how are they used?** 213 | 214 | **Answer:** 215 | Triggers **automatically start CI/CD workflows** based on specific events. 216 | 217 | - **Examples:** 218 | - **Git Push:** Run pipeline when new code is pushed. 219 | - **Pull Requests:** Trigger tests before merging. 220 | - **Schedule:** Run a job every night (`cron`). 221 | - **Example GitLab CI/CD trigger:** 222 | 223 | ```yaml 224 | trigger: 225 | event: push 226 | ``` 227 | 228 | ### **31. What is artifact versioning in CI/CD?** 229 | 230 | **Answer:** 231 | Versioning assigns **unique identifiers** to builds for tracking. 232 | 233 | - **Best Practices:** 234 | - Use **Semantic Versioning (1.2.3)** for clarity. 235 | - Tag artifacts using commit hashes (`v1.0.0-commitSHA`). 236 | - **Example:** 237 | 238 | ```sh 239 | docker tag my-app:latest my-app:1.2.3 240 | ``` 241 | 242 | ### **32. How do you handle environment variables in CI/CD?** 243 | 244 | **Answer:** 245 | 246 | - Use **.env files** or **CI/CD secrets storage**. 247 | - **Example GitHub Actions Environment Variable:** 248 | 249 | ```yaml 250 | env: 251 | NODE_ENV: production 252 | ``` 253 | 254 | - **Best Practices:** 255 | - **Never hardcode secrets.** 256 | - Use tools like **Vault, AWS Secrets Manager**. 257 | 258 | ### **33. What is a multi-branch pipeline in CI/CD?** 259 | 260 | **Answer:** 261 | A **multi-branch pipeline** runs different workflows for different Git branches. 262 | 263 | - **Example (Jenkins):** 264 | - `main` → Deploy to production. 265 | - `develop` → Deploy to staging. 266 | - **Jenkinsfile example:** 267 | 268 | ```groovy 269 | if (env.BRANCH_NAME == 'main') { 270 | deployToProd() 271 | } else { 272 | deployToStaging() 273 | } 274 | ``` 275 | 276 | ### **34. How do you automate rollback in CI/CD?** 277 | 278 | **Answer:** 279 | If a deployment fails, CI/CD should **automatically revert to a stable version**. 280 | 281 | - **Strategies:** 282 | - **Git Revert:** Roll back code changes. 283 | - **Kubernetes Rollback:** `kubectl rollout undo deployment my-app`. 284 | - **Feature Flags:** Disable a new feature without redeployment. 285 | 286 | ### **35. What is test-driven development (TDD), and how does it integrate with CI/CD?** 287 | 288 | **Answer:** 289 | TDD means **writing tests before writing code**. 290 | 291 | - **CI/CD Best Practice:** 292 | - Run unit tests **before merging code**. 293 | - Block deployment if tests fail. 294 | - **Example:** 295 | 296 | ```python 297 | def test_addition(): 298 | assert add(2, 3) == 5 299 | ``` 300 | 301 | ### **36. How do you handle dependencies in a CI/CD pipeline?** 302 | 303 | **Answer:** 304 | Managing dependencies ensures **consistent builds**. 305 | 306 | - **Solutions:** 307 | - Use **lock files** (`package-lock.json`, `Pipfile.lock`). 308 | - Cache dependencies (`npm ci`, `pip freeze`). 309 | - **Example:** 310 | 311 | ```yaml 312 | - uses: actions/cache@v3 313 | with: 314 | path: ~/.npm 315 | key: node-${{ hashFiles('**/package-lock.json') }} 316 | ``` 317 | 318 | ### **37. What is containerized CI/CD?** 319 | 320 | **Answer:** 321 | Running CI/CD jobs inside **containers** ensures **consistency and isolation**. 322 | 323 | - **Tools:** Docker, Kubernetes, GitHub Actions. 324 | - **Example:** 325 | 326 | ```yaml 327 | jobs: 328 | build: 329 | runs-on: ubuntu-latest 330 | container: node:16 331 | ``` 332 | 333 | ### **38. How do you optimize CI/CD pipelines for speed?** 334 | 335 | **Answer:** 336 | 337 | - **Run Tests in Parallel** 338 | - **Cache Dependencies** 339 | - **Use Lightweight Docker Images** 340 | - **Only Deploy Changed Services** 341 | 342 | ### **39. What is an approval stage in CI/CD pipelines?** 343 | 344 | **Answer:** 345 | An **approval stage** requires **manual approval** before deploying to production. 346 | 347 | - **Example:** 348 | - GitLab CI/CD: `when: manual`. 349 | - Jenkins: Use `input` step. 350 | 351 | ### **40. How do you handle secrets in CI/CD pipelines?** 352 | 353 | **Answer:** 354 | Secrets should **never be stored in Git**. 355 | 356 | - **Solutions:** 357 | - **Vault, AWS Secrets Manager**. 358 | - **GitHub Secrets (`secrets.MY_SECRET`)**. 359 | - **Environment variables**. 360 | - **Example:** 361 | 362 | ```yaml 363 | env: 364 | DATABASE_PASSWORD: ${{ secrets.DB_PASSWORD }} 365 | ``` 366 | 367 | --- 368 | 369 | ## **Advanced Level (41-60 Questions)** 370 | 371 | ### **41. What are self-hosted runners in CI/CD?** 372 | 373 | **Answer:** 374 | Self-hosted runners are custom machines for executing CI/CD jobs instead of cloud-hosted ones. 375 | 376 | - Example: GitHub Actions supports **Linux, Windows, macOS** runners. 377 | 378 | ### **42. How does caching improve CI/CD performance?** 379 | 380 | **Answer:** 381 | Caching stores **dependencies** and **artifacts** to speed up builds. 382 | 383 | - Example: Caching npm dependencies in GitHub Actions: 384 | 385 | ```yaml 386 | steps: 387 | - uses: actions/cache@v3 388 | with: 389 | path: ~/.npm 390 | key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} 391 | ``` 392 | 393 | ### **43. What is parallel execution in CI/CD?** 394 | 395 | **Answer:** 396 | Parallel execution runs multiple tasks **simultaneously** to speed up pipelines. 397 | 398 | - Example: Running multiple tests at once in Jenkins. 399 | 400 | ### **44. What is dynamic vs. static analysis in CI/CD security?** 401 | 402 | **Answer:** 403 | 404 | - **Static Analysis:** Scans code **before execution** (e.g., SonarQube). 405 | - **Dynamic Analysis:** Scans code **during runtime** (e.g., OWASP ZAP). 406 | 407 | ### **45. What is a feature flag, and how does it work in CI/CD?** 408 | 409 | **Answer:** 410 | A feature flag enables/disables features without deploying new code. 411 | 412 | - Example: Toggle dark mode using a flag instead of redeploying. 413 | 414 | ### **46. How do you handle secrets in CI/CD pipelines?** 415 | 416 | **Answer:** 417 | 418 | - Use **environment variables** securely. 419 | - Store secrets in **AWS Secrets Manager, HashiCorp Vault**. 420 | - Example: 421 | 422 | ```yaml 423 | secrets: 424 | AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} 425 | ``` 426 | 427 | ### **47. What is observability in CI/CD?** 428 | 429 | **Answer:** 430 | Observability means **monitoring logs, metrics, and traces** to debug CI/CD failures. 431 | 432 | ### **48. What is immutable infrastructure?** 433 | 434 | **Answer:** 435 | Immutable infrastructure means **servers are never updated** but replaced instead. 436 | 437 | ### **49. What are the key metrics for CI/CD performance?** 438 | 439 | **Answer:** 440 | 441 | - **Lead Time:** Time from commit to deployment. 442 | - **Mean Time to Recovery (MTTR):** Time to recover from failures. 443 | 444 | ### **50. How do you ensure zero-downtime deployments?** 445 | 446 | **Answer:** 447 | 448 | - **Use rolling updates, blue-green, and canary deployments.** 449 | - **Deploy with Kubernetes and load balancers.** 450 | 451 | ### **51. What is a release train in CI/CD?** 452 | 453 | **Answer:** 454 | A **release train** is a deployment strategy where software releases are scheduled at **fixed intervals**, rather than waiting for all features to be ready. 455 | 456 | - Common in **Agile** environments. 457 | - Ensures **predictability** and **reduces deployment risks**. 458 | - Example: **Google Chrome** releases every 4 weeks regardless of pending features. 459 | 460 | ### **52. How do you handle database migrations in a CI/CD pipeline?** 461 | 462 | **Answer:** 463 | Database migrations ensure **schema changes** are applied safely in an automated pipeline. 464 | 465 | - Use tools like **Liquibase, Flyway, Django Migrations**. 466 | - Steps in CI/CD: 467 | 1. **Check migrations** before deployment (`liquibase validate`). 468 | 2. **Apply migrations** during deployment (`flyway migrate`). 469 | 3. **Rollback if failure** (`flyway undo`). 470 | - Example in a pipeline (Flyway): 471 | 472 | ```yaml 473 | steps: 474 | - name: Apply database migrations 475 | run: flyway migrate -url=jdbc:mysql://db -user=root -password=secret 476 | ``` 477 | 478 | ### **53. What is trunk-based development, and how does it impact CI/CD?** 479 | 480 | **Answer:** 481 | Trunk-based development means developers **commit directly to the main branch** (trunk) instead of using long-lived feature branches. 482 | 483 | - **Pros:** 484 | - **Faster CI/CD cycles** with fewer merge conflicts. 485 | - Reduces integration complexity. 486 | - **Cons:** 487 | - Requires **strict automated testing** to prevent breaking changes. 488 | - Example workflow: 489 | - Commit to `main` → Automated Tests → Deploy to Staging → Deploy to Production. 490 | 491 | ### **54. How do you implement blue-green deployments in Kubernetes?** 492 | 493 | **Answer:** 494 | A **blue-green deployment** runs **two versions** of an application simultaneously, allowing **instant rollback** if issues occur. 495 | 496 | - Steps: 497 | 1. Deploy **new version (green)** while **old version (blue) stays live**. 498 | 2. Switch traffic to green using a **load balancer or Ingress**. 499 | 3. Rollback if issues arise by redirecting traffic back to blue. 500 | - Example Kubernetes YAML: 501 | 502 | ```yaml 503 | apiVersion: networking.k8s.io/v1 504 | kind: Ingress 505 | metadata: 506 | name: blue-green 507 | spec: 508 | rules: 509 | - http: 510 | paths: 511 | - path: "/" 512 | backend: 513 | service: 514 | name: green-service 515 | port: 516 | number: 80 517 | ``` 518 | 519 | ### **55. What is a service mesh, and how does it help CI/CD?** 520 | 521 | **Answer:** 522 | A **service mesh** is a dedicated infrastructure layer for handling **service-to-service communication** in microservices. 523 | 524 | - Examples: **Istio, Linkerd, Consul**. 525 | - Benefits in CI/CD: 526 | - **Canary deployments**: Route traffic gradually. 527 | - **A/B Testing**: Split traffic between versions. 528 | - **Security**: Implements zero-trust policies (e.g., **mTLS**). 529 | 530 | ### **56. What is progressive delivery in CI/CD?** 531 | 532 | **Answer:** 533 | Progressive delivery is an **evolution of CI/CD** that deploys features gradually, rather than all at once. 534 | 535 | - **Includes:** 536 | - **Feature Flags:** Enable/disable features dynamically. 537 | - **Canary Releases:** Test with a small user group first. 538 | - **A/B Testing:** Deploy different versions for analytics. 539 | 540 | ### **57. How do you handle long-running tests in CI/CD pipelines?** 541 | 542 | **Answer:** 543 | Long-running tests slow down deployments. Strategies to optimize: 544 | 545 | - **Parallel Test Execution:** Run tests across multiple machines. 546 | - **Test Selection:** Run only impacted tests using **test impact analysis**. 547 | - **Mocking Dependencies:** Reduce external calls using **Mockito, WireMock**. 548 | - **Shift-Left Testing:** Run tests **early in the pipeline** to detect failures faster. 549 | 550 | ### **58. What is Chaos Engineering, and how does it fit into CI/CD?** 551 | 552 | **Answer:** 553 | Chaos Engineering involves **intentionally injecting failures** to test system resilience. 554 | 555 | - **Example tools:** 556 | - **Gremlin, LitmusChaos** (Kubernetes-based). 557 | - **AWS Fault Injection Simulator (FIS)**. 558 | - **In CI/CD Pipelines:** 559 | - Add a **chaos test stage** before production deployment. 560 | - Example: 561 | 562 | ```yaml 563 | steps: 564 | - name: Run Chaos Test 565 | run: gremlin attack --target kubernetes --cpu 90% 566 | ``` 567 | 568 | ### **59. How do you implement immutable deployments in CI/CD?** 569 | 570 | **Answer:** 571 | Immutable deployments mean **never modifying running instances**—instead, deploying a new version entirely. 572 | 573 | - Best for **containers, serverless, and cloud-native applications**. 574 | - Tools: 575 | - **Docker images** (`image: my-app:v2`). 576 | - **Infrastructure as Code (Terraform, CloudFormation)** to replace instances. 577 | - **Example:** 578 | - **Bad approach:** `ssh into a server & update the app`. 579 | - **Good approach:** `Deploy a new container & replace old one`. 580 | 581 | ### **60. What are the best practices for securing CI/CD pipelines?** 582 | 583 | **Answer:** 584 | To secure CI/CD, follow **these best practices**: 585 | ✅ **Use Secret Management:** Store secrets in **Vault, AWS Secrets Manager, or Kubernetes Secrets**. 586 | ✅ **Enable Role-Based Access Control (RBAC):** Restrict who can trigger deployments. 587 | ✅ **Enforce Code Signing:** Sign artifacts to ensure they are not tampered with. 588 | ✅ **Run Security Scans:** Use **SAST, DAST, and dependency scanning** tools. 589 | ✅ **Monitor CI/CD Pipelines:** Detect suspicious activity using **SIEM tools** like Splunk or Datadog. 590 | 591 | --- 592 | 593 | ## **📢 Contribute & Stay Updated** 594 | 595 | 💡 **Want to contribute?** 596 | We **welcome contributions!** If you have insights, new tools, or improvements, feel free to submit a **pull request**. 597 | 598 | 📌 **How to Contribute?** 599 | 600 | - Read the **[CONTRIBUTING.md](https://github.com/NotHarshhaa/DevOps-Interview-Questions/blob/master/CONTRIBUTING.md)** guide. 601 | - Fix errors, add missing topics, or suggest improvements. 602 | - Submit a **pull request** with your updates. 603 | 604 | 📢 **Stay Updated:** 605 | ⭐ **Star the repository** to get notified about new updates and additions. 606 | 💬 **Join discussions** in **[GitHub Issues](https://github.com/NotHarshhaa/DevOps-Interview-Questions/issues)** to suggest improvements. 607 | 608 | --- 609 | 610 | ## **🌍 Community & Support** 611 | 612 | 🔗 **GitHub:** [@NotHarshhaa](https://github.com/NotHarshhaa) 613 | 📝 **Blog:** [ProDevOpsGuy](https://blog.prodevopsguy.xyz) 614 | 💬 **Telegram Community:** [Join Here](https://t.me/prodevopsguy) 615 | 616 | ![Follow Me](https://imgur.com/2j7GSPs.png) 617 | -------------------------------------------------------------------------------- /cloud/README.md: -------------------------------------------------------------------------------- 1 | # **Cloud - DevOps Interview Questions** 2 | 3 | ## **Beginner Level (1-20 Questions)** 4 | 5 | ### **1. What is cloud computing?** 6 | 7 | **Answer:** 8 | Cloud computing is the on-demand delivery of computing services such as servers, storage, databases, networking, and software over the internet. It eliminates the need for owning and maintaining physical hardware, allowing users to access scalable resources on a pay-as-you-go model. 9 | 10 | ### **2. What are the different types of cloud computing?** 11 | 12 | **Answer:** 13 | Cloud computing is classified into three types: 14 | 15 | - **Public Cloud:** Services provided by third-party vendors like AWS, Azure, and GCP, accessible over the internet. 16 | - **Private Cloud:** Cloud infrastructure dedicated to a single organization, either on-premises or hosted by a provider. 17 | - **Hybrid Cloud:** A combination of public and private clouds, allowing data and applications to be shared between them. 18 | 19 | ### **3. What are the benefits of cloud computing?** 20 | 21 | **Answer:** 22 | 23 | - **Scalability:** Resources can be easily scaled up or down. 24 | - **Cost Efficiency:** No need to invest in physical hardware. 25 | - **Flexibility:** Access from anywhere using the internet. 26 | - **Disaster Recovery:** Cloud providers offer backup and recovery solutions. 27 | 28 | ### **4. What are the different cloud service models?** 29 | 30 | **Answer:** 31 | 32 | - **Infrastructure as a Service (IaaS):** Provides virtualized computing resources (e.g., AWS EC2, Azure Virtual Machines). 33 | - **Platform as a Service (PaaS):** Offers a managed environment for application development (e.g., AWS Elastic Beanstalk, Google App Engine). 34 | - **Software as a Service (SaaS):** Delivers software applications over the internet (e.g., Gmail, Office 365, Salesforce). 35 | 36 | ### **5. What is serverless computing?** 37 | 38 | **Answer:** 39 | Serverless computing allows developers to run applications without managing underlying infrastructure. The cloud provider dynamically allocates resources as needed. Examples include AWS Lambda, Azure Functions, and Google Cloud Functions. 40 | 41 | ### **6. What is virtualization in cloud computing?** 42 | 43 | **Answer:** 44 | Virtualization is the process of creating virtual instances of servers, storage, or networks. It enables multiple virtual machines (VMs) to run on a single physical server, improving resource utilization. 45 | 46 | ### **7. What is multi-cloud?** 47 | 48 | **Answer:** 49 | Multi-cloud refers to using multiple cloud service providers (e.g., AWS, Azure, GCP) for redundancy, cost optimization, and avoiding vendor lock-in. 50 | 51 | ### **8. What are some common cloud deployment models?** 52 | 53 | **Answer:** 54 | 55 | - **Community Cloud:** Shared infrastructure for a specific group of organizations. 56 | - **Hybrid Cloud:** Combination of on-premises, private, and public clouds. 57 | - **Public Cloud:** Services offered to multiple customers over the internet. 58 | 59 | ### **9. What is the difference between vertical and horizontal scaling?** 60 | 61 | **Answer:** 62 | 63 | - **Vertical Scaling (Scaling Up):** Increasing resources (CPU, RAM) in an existing server. 64 | - **Horizontal Scaling (Scaling Out):** Adding more servers to distribute the load. 65 | 66 | ### **10. What is an Availability Zone (AZ)?** 67 | 68 | **Answer:** 69 | An Availability Zone is a physically separate data center within a cloud provider's region, designed for fault tolerance and high availability. 70 | 71 | ### **11. What is the Shared Responsibility Model in cloud security?** 72 | 73 | **Answer:** 74 | Cloud providers and customers share security responsibilities: 75 | 76 | - **Provider:** Secures hardware, networking, and cloud infrastructure. 77 | - **Customer:** Secures applications, data, and user access. 78 | 79 | ### **12. What is a Virtual Private Cloud (VPC)?** 80 | 81 | **Answer:** 82 | A VPC is an isolated cloud environment where users can define their own network settings, including subnets, IP addresses, and security groups. 83 | 84 | ### **13. What is an Elastic Load Balancer (ELB)?** 85 | 86 | **Answer:** 87 | An ELB distributes incoming traffic across multiple servers to ensure high availability and fault tolerance. 88 | 89 | ### **14. What is Object Storage in the cloud?** 90 | 91 | **Answer:** 92 | Object storage is a cloud-based storage architecture that stores data as objects (instead of files or blocks). Examples include Amazon S3 and Azure Blob Storage. 93 | 94 | ### **15. What is Block Storage in cloud computing?** 95 | 96 | **Answer:** 97 | Block storage stores data in fixed-sized blocks, commonly used for databases and virtual machines. Examples: AWS EBS, Azure Managed Disks. 98 | 99 | ### **16. What is a Content Delivery Network (CDN)?** 100 | 101 | **Answer:** 102 | A CDN is a distributed network of servers that caches content close to users for faster delivery. Examples: AWS CloudFront, Azure CDN. 103 | 104 | ### **17. What is an IAM role in cloud security?** 105 | 106 | **Answer:** 107 | An IAM (Identity and Access Management) role grants permissions to cloud services without needing credentials stored on a server. 108 | 109 | ### **18. What is CloudFormation in AWS?** 110 | 111 | **Answer:** 112 | AWS CloudFormation is an Infrastructure as Code (IaC) tool that automates provisioning of cloud resources using YAML or JSON templates. 113 | 114 | ### **19. What is Google Kubernetes Engine (GKE)?** 115 | 116 | **Answer:** 117 | GKE is Google Cloud's managed Kubernetes service for deploying and managing containerized applications. 118 | 119 | ### **20. What is Azure DevOps?** 120 | 121 | **Answer:** 122 | Azure DevOps is a set of development and CI/CD tools for building, testing, and deploying applications in the cloud. 123 | 124 | --- 125 | 126 | I'll now provide detailed answers for the **Intermediate and Advanced** level questions in the **Cloud** section. 127 | 128 | --- 129 | 130 | ## **Intermediate Level (21-40 Questions)** 131 | 132 | ### **21. What is a cloud region?** 133 | 134 | **Answer:** 135 | A cloud region is a geographic area where a cloud provider has multiple data centers. Each region consists of multiple **availability zones (AZs)**, ensuring redundancy and high availability. 136 | 137 | - Example: AWS **us-east-1 (North Virginia)** has multiple AZs like **us-east-1a, us-east-1b, etc.** 138 | - Cloud providers like **AWS, Azure, and GCP** allow users to select regions based on factors like **latency, compliance, and pricing.** 139 | 140 | ### **22. How does AWS Lambda differ from EC2?** 141 | 142 | **Answer:** 143 | 144 | | Feature | AWS Lambda | Amazon EC2 | 145 | |---------|------------|------------| 146 | | **Type** | Serverless function | Virtual machine | 147 | | **Scaling** | Auto-scales instantly | Requires manual scaling or auto-scaling setup | 148 | | **Billing** | Pay-per-execution | Pay for running instances | 149 | | **Use case** | Short-lived tasks | Long-running applications | 150 | | **Example** | Trigger a function when an S3 file is uploaded | Run a web server for hosting applications | 151 | 152 | ### **23. What are Reserved Instances in AWS?** 153 | 154 | **Answer:** 155 | Reserved Instances (RIs) are a pricing model in AWS where users commit to a specific instance type for **1 or 3 years** in exchange for significant discounts (up to 75%) compared to On-Demand pricing. 156 | 157 | - **Types of RIs:** 158 | - **Standard RIs** – Best discounts, but limited flexibility. 159 | - **Convertible RIs** – Can switch to another instance type. 160 | - **Scheduled RIs** – Available at specific times (e.g., weekends). 161 | 162 | ### **24. How do you secure data in cloud storage?** 163 | 164 | **Answer:** 165 | To secure data in cloud storage: 166 | 167 | - **Encryption:** Use AES-256 encryption for data at rest and TLS for data in transit. 168 | - **Access Control:** Implement IAM policies and bucket policies to restrict access. 169 | - **Versioning:** Enable object versioning to recover deleted/modified files. 170 | - **Auditing:** Use AWS CloudTrail, Azure Monitor, or GCP Audit Logs to track access. 171 | 172 | ### **25. What is the difference between Kubernetes and Docker Swarm?** 173 | 174 | **Answer:** 175 | 176 | | Feature | Kubernetes | Docker Swarm | 177 | |---------|------------|--------------| 178 | | **Complexity** | Steeper learning curve | Easier to set up | 179 | | **Scaling** | Automated, fine-grained | Manual or auto-scaling | 180 | | **Networking** | Uses CNI (Customizable) | Simple overlay network | 181 | | **Load Balancing** | Built-in service discovery | DNS-based service discovery | 182 | | **Use case** | Enterprise-grade orchestration | Lightweight container orchestration | 183 | 184 | ### **26. What is a Stateful vs. Stateless application in the cloud?** 185 | 186 | **Answer:** 187 | 188 | - **Stateless Application:** Doesn’t retain session data. Each request is independent (e.g., REST APIs, serverless functions). 189 | - **Stateful Application:** Retains user state across requests (e.g., databases, messaging queues). 190 | - **Cloud Implication:** Stateless apps scale easily, while stateful apps require persistent storage (e.g., AWS EBS, Azure Managed Disks). 191 | 192 | ### **27. What is auto-scaling, and how does it work?** 193 | 194 | **Answer:** 195 | Auto-scaling automatically adjusts the number of cloud instances based on traffic load. 196 | 197 | - **Types:** 198 | - **Horizontal scaling:** Adds/removes instances. 199 | - **Vertical scaling:** Increases/decreases resources on existing instances. 200 | - **Example:** AWS Auto Scaling Group increases EC2 instances when CPU usage exceeds 70%. 201 | 202 | ### **28. What is Terraform, and how does it help in cloud automation?** 203 | 204 | **Answer:** 205 | Terraform is an **Infrastructure as Code (IaC)** tool used to define and provision cloud resources using declarative configurations. 206 | 207 | - **Benefits:** 208 | - Enables version control for infrastructure 209 | - Supports multi-cloud deployments 210 | - Automates infrastructure provisioning 211 | 212 | ### **29. How do you handle logging in a cloud environment?** 213 | 214 | **Answer:** 215 | 216 | - **AWS:** Use CloudWatch Logs and CloudTrail 217 | - **Azure:** Use Monitor and Log Analytics 218 | - **GCP:** Use Stackdriver Logging 219 | - Best practices: **Centralized logging, structured logs (JSON), retention policies** 220 | 221 | ### **30. What is a Bastion Host, and why is it used?** 222 | 223 | **Answer:** 224 | A **Bastion Host** is a publicly accessible server that provides secure SSH access to private cloud resources. 225 | 226 | - Reduces **attack surface** by acting as an **entry point** to internal instances. 227 | 228 | --- 229 | 230 | ## **Advanced Level (41-60 Questions)** 231 | 232 | ### **41. What is a Service Level Agreement (SLA) in cloud computing?** 233 | 234 | **Answer:** 235 | An SLA is a contract between a cloud provider and a customer that defines: 236 | 237 | - **Uptime Guarantee** (e.g., AWS offers 99.99% uptime for EC2). 238 | - **Response Time** (e.g., Support request resolution in 24 hours). 239 | - **Penalties** if SLA is not met (e.g., refund or service credits). 240 | 241 | ### **42. How do you optimize cloud costs?** 242 | 243 | **Answer:** 244 | 245 | - **Use Reserved or Spot Instances** instead of On-Demand. 246 | - **Enable Auto-scaling** to scale down during low traffic. 247 | - **Monitor usage with AWS Cost Explorer/Azure Cost Management.** 248 | - **Right-size resources** by selecting appropriate instance sizes. 249 | 250 | ### **43. What is Kubernetes federation?** 251 | 252 | **Answer:** 253 | Kubernetes Federation allows managing multiple Kubernetes clusters as a single unit for **high availability** and **multi-cloud support.** 254 | 255 | ### **44. How does Chaos Engineering apply to cloud environments?** 256 | 257 | **Answer:** 258 | Chaos Engineering **intentionally injects failures** to test system resilience. 259 | 260 | - Example: Netflix **Simian Army** kills random instances to test system fault tolerance. 261 | 262 | ### **45. What is a Kubernetes operator?** 263 | 264 | **Answer:** 265 | A **Kubernetes Operator** automates complex tasks for stateful applications (e.g., managing databases in Kubernetes). 266 | 267 | ### **46. How do you implement multi-region deployments?** 268 | 269 | **Answer:** 270 | 271 | - **Data Replication:** Sync databases across regions. 272 | - **Traffic Routing:** Use DNS-based routing (e.g., AWS Route 53). 273 | - **Failover Mechanism:** Auto-switch to another region in case of failure. 274 | 275 | ### **47. What is a Cloud Access Security Broker (CASB)?** 276 | 277 | **Answer:** 278 | A CASB is a security layer between cloud users and providers, enforcing **compliance, threat protection, and data security.** 279 | 280 | ### **48. How do you ensure compliance in cloud environments?** 281 | 282 | **Answer:** 283 | 284 | - **Use Compliance Frameworks:** HIPAA, SOC 2, GDPR. 285 | - **Enable Logging & Auditing:** AWS CloudTrail, Azure Security Center. 286 | 287 | ### **49. What is zero-trust security in cloud environments?** 288 | 289 | **Answer:** 290 | Zero-trust security assumes **no implicit trust** and enforces strict identity verification for every request. 291 | 292 | ### **50. How does serverless architecture improve scalability?** 293 | 294 | **Answer:** 295 | Serverless auto-scales **instantly** based on demand, eliminating pre-provisioning of resources. 296 | 297 | ### **51. What is an egress charge in cloud pricing?** 298 | 299 | **Answer:** 300 | Egress charges are fees for **data transfer out of the cloud provider's network.** 301 | 302 | ### **52. How do you prevent DDoS attacks in the cloud?** 303 | 304 | **Answer:** 305 | 306 | - Use **AWS Shield, Azure DDoS Protection, Cloudflare WAF.** 307 | - Implement **Rate Limiting** on API endpoints. 308 | 309 | ### **53. What are the best practices for cloud security?** 310 | 311 | **Answer:** 312 | 313 | - **Least Privilege Access** (IAM policies). 314 | - **Encrypt Data at Rest & Transit** (KMS, SSL/TLS). 315 | - **Enable Multi-Factor Authentication (MFA).** 316 | 317 | ### **54. What are the risks of vendor lock-in, and how do you mitigate them?** 318 | 319 | **Answer:** 320 | Vendor lock-in occurs when a company becomes dependent on a single cloud provider, making migration difficult due to high costs or compatibility issues. 321 | **Mitigation strategies:** 322 | 323 | - Use **multi-cloud** strategies to distribute workloads. 324 | - Adopt **open-source** and **portable** tools (e.g., Kubernetes, Terraform). 325 | - Design applications with **cloud-agnostic architectures** using containerization and microservices. 326 | 327 | ### **55. What is Kubernetes pod affinity and anti-affinity?** 328 | 329 | **Answer:** 330 | Pod affinity and anti-affinity define rules for **where Kubernetes pods should be scheduled** based on labels. 331 | 332 | - **Pod Affinity:** Ensures pods are scheduled together (e.g., for performance reasons). 333 | - **Pod Anti-Affinity:** Ensures pods are placed on different nodes (e.g., for high availability). 334 | - **Example YAML:** 335 | 336 | ```yaml 337 | affinity: 338 | podAntiAffinity: 339 | requiredDuringSchedulingIgnoredDuringExecution: 340 | - labelSelector: 341 | matchExpressions: 342 | - key: app 343 | operator: In 344 | values: 345 | - backend 346 | topologyKey: "kubernetes.io/hostname" 347 | ``` 348 | 349 | ### **56. How do you prevent DDoS attacks in cloud environments?** 350 | 351 | **Answer:** 352 | To prevent **DDoS (Distributed Denial of Service) attacks**, use: 353 | 354 | - **Web Application Firewalls (WAF):** AWS WAF, Azure WAF. 355 | - **DDoS Protection Services:** AWS Shield, Azure DDoS Protection, Cloudflare. 356 | - **Rate Limiting & Traffic Throttling:** Block excessive requests from suspicious IPs. 357 | - **Network ACLs & Security Groups:** Restrict unnecessary traffic at the firewall level. 358 | 359 | ### **57. What is confidential computing in the cloud?** 360 | 361 | **Answer:** 362 | Confidential computing encrypts data **even while it is being processed** to enhance security. 363 | 364 | - Uses **Trusted Execution Environments (TEEs)** to protect data. 365 | - Examples: 366 | - **AWS Nitro Enclaves** 367 | - **Azure Confidential Computing** 368 | - **Google Cloud Confidential VMs** 369 | 370 | ### **58. What is a policy-as-code approach in cloud security?** 371 | 372 | **Answer:** 373 | Policy-as-Code (PaC) automates security and compliance checks using **code-based policies**. 374 | 375 | - Tools: 376 | - **AWS Config, Azure Policy** 377 | - **OPA (Open Policy Agent)** 378 | - **HashiCorp Sentinel** 379 | - Example: Enforce that all S3 buckets must be encrypted. 380 | 381 | ### **59. How do you implement cloud governance?** 382 | 383 | **Answer:** 384 | Cloud governance ensures compliance, security, and cost control. 385 | 386 | - **Identity & Access Control:** Enforce least-privilege access. 387 | - **Budget & Cost Management:** Use AWS Budgets, Azure Cost Management. 388 | - **Automated Compliance Checks:** Use AWS Config, Azure Policy. 389 | 390 | ### **60. What are the best practices for cloud security?** 391 | 392 | **Answer:** 393 | 394 | - **Identity & Access Management (IAM):** Enforce **least privilege** access. 395 | - **Data Encryption:** Encrypt at rest (AES-256) and in transit (TLS). 396 | - **Multi-Factor Authentication (MFA):** Require MFA for user accounts. 397 | - **Network Security:** Implement firewalls, VPNs, and private subnets. 398 | - **Logging & Monitoring:** Enable **AWS CloudTrail, Azure Monitor, Google Cloud Logging** for real-time threat detection. 399 | 400 | --- 401 | 402 | ## **📢 Contribute & Stay Updated** 403 | 404 | 💡 **Want to contribute?** 405 | We **welcome contributions!** If you have insights, new tools, or improvements, feel free to submit a **pull request**. 406 | 407 | 📌 **How to Contribute?** 408 | 409 | - Read the **[CONTRIBUTING.md](https://github.com/NotHarshhaa/DevOps-Interview-Questions/blob/master/CONTRIBUTING.md)** guide. 410 | - Fix errors, add missing topics, or suggest improvements. 411 | - Submit a **pull request** with your updates. 412 | 413 | 📢 **Stay Updated:** 414 | ⭐ **Star the repository** to get notified about new updates and additions. 415 | 💬 **Join discussions** in **[GitHub Issues](https://github.com/NotHarshhaa/DevOps-Interview-Questions/issues)** to suggest improvements. 416 | 417 | --- 418 | 419 | ## **🌍 Community & Support** 420 | 421 | 🔗 **GitHub:** [@NotHarshhaa](https://github.com/NotHarshhaa) 422 | 📝 **Blog:** [ProDevOpsGuy](https://blog.prodevopsguy.xyz) 423 | 💬 **Telegram Community:** [Join Here](https://t.me/prodevopsguy) 424 | 425 | ![Follow Me](https://imgur.com/2j7GSPs.png) 426 | -------------------------------------------------------------------------------- /containers/README.md: -------------------------------------------------------------------------------- 1 | # **📌 Containers (Docker & Kubernetes) - 60 Questions** 2 | 3 | - **Beginner (1-20)** 4 | - **Intermediate (21-40)** 5 | - **Advanced (41-60)** 6 | 7 | --- 8 | 9 | ## **🚀 Beginner-Level Docker & Kubernetes Questions (1-20)** 10 | 11 | ### **Docker Basics** 12 | 13 | ### **1. What is Docker, and why is it used?** 14 | 15 | **Answer:** 16 | Docker is a **containerization platform** that allows developers to package applications along with their dependencies into a single unit called a **container**. 17 | 18 | - **Why use Docker?** 19 | ✅ Ensures **consistent environments** across different machines. 20 | ✅ **Lightweight & faster** than virtual machines. 21 | ✅ **Easy scaling** of applications in microservices architectures. 22 | 23 | --- 24 | 25 | ### **2. What is the difference between Docker and a Virtual Machine (VM)?** 26 | 27 | **Answer:** 28 | 29 | | Feature | Docker | Virtual Machine | 30 | |---------|--------|----------------| 31 | | **Isolation** | Uses **containers** to isolate apps | Uses **hypervisor** to run separate OS instances | 32 | | **Performance** | **Faster, lightweight** | **Slower, resource-intensive** | 33 | | **Startup Time** | **Milliseconds** | **Minutes** | 34 | | **Use Case** | Ideal for **microservices** | Best for **full OS emulation** | 35 | 36 | --- 37 | 38 | ### **3. What is a Docker image?** 39 | 40 | **Answer:** 41 | A **Docker image** is a **read-only template** containing everything needed to run an application, including: 42 | 43 | - Source code 44 | - Libraries & dependencies 45 | - Configuration files 46 | 47 | A container is created from a **Docker image** using the `docker run` command. 48 | 49 | --- 50 | 51 | ### **4. What is a Docker container?** 52 | 53 | **Answer:** 54 | A **Docker container** is a **running instance of a Docker image**. It is: 55 | ✅ **Lightweight** (shares OS kernel) 56 | ✅ **Isolated** (has its own filesystem, network, and process space) 57 | ✅ **Portable** (can run on any system with Docker installed) 58 | 59 | --- 60 | 61 | ### **5. How do you create and run a Docker container?** 62 | 63 | **Answer:** 64 | To run a container from an image: 65 | 66 | ```sh 67 | docker run -d --name myapp nginx 68 | ``` 69 | 70 | - `-d`: Run in **detached mode** (background). 71 | - `--name myapp`: Name the container `myapp`. 72 | - `nginx`: Use the **nginx image**. 73 | 74 | --- 75 | 76 | ### **6. What is the purpose of the Dockerfile?** 77 | 78 | **Answer:** 79 | A **Dockerfile** is a script that contains **instructions to build a Docker image**. 80 | Example `Dockerfile`: 81 | 82 | ```Dockerfile 83 | FROM node:16 84 | WORKDIR /app 85 | COPY . . 86 | RUN npm install 87 | CMD ["node", "app.js"] 88 | ``` 89 | 90 | - `FROM`: Base image. 91 | - `WORKDIR`: Set working directory. 92 | - `COPY`: Copy files. 93 | - `RUN`: Execute commands (install dependencies). 94 | - `CMD`: Define the default command to run. 95 | 96 | --- 97 | 98 | ### **7. What are Docker volumes?** 99 | 100 | **Answer:** 101 | Docker **volumes** store persistent data outside a container's filesystem. 102 | 103 | - **Types:** 104 | - **Anonymous Volumes**: `docker run -v /data nginx` 105 | - **Named Volumes**: `docker volume create mydata` 106 | - **Bind Mounts**: `docker run -v /host/path:/container/path nginx` 107 | 108 | --- 109 | 110 | ### **8. How do you list running Docker containers?** 111 | 112 | **Answer:** 113 | Use the command: 114 | 115 | ```sh 116 | docker ps 117 | ``` 118 | 119 | To list **all containers** (including stopped ones): 120 | 121 | ```sh 122 | docker ps -a 123 | ``` 124 | 125 | --- 126 | 127 | ### **9. What is Docker Compose?** 128 | 129 | **Answer:** 130 | Docker Compose is a tool for **defining and running multi-container applications**. 131 | 132 | - Example `docker-compose.yml`: 133 | 134 | ```yaml 135 | version: "3" 136 | services: 137 | web: 138 | image: nginx 139 | ports: 140 | - "80:80" 141 | db: 142 | image: mysql 143 | environment: 144 | MYSQL_ROOT_PASSWORD: root 145 | ``` 146 | 147 | - Start with: `docker-compose up -d` 148 | - Stop with: `docker-compose down` 149 | 150 | --- 151 | 152 | ### **10. What is the difference between CMD and ENTRYPOINT in Docker?** 153 | 154 | **Answer:** 155 | 156 | | Feature | CMD | ENTRYPOINT | 157 | |---------|-----|-----------| 158 | | **Purpose** | Default command | Fixed executable command | 159 | | **Overridable?** | Yes | No (unless `--entrypoint` is used) | 160 | | **Example** | `CMD ["python", "app.py"]` | `ENTRYPOINT ["nginx", "-g", "daemon off;"]` | 161 | 162 | --- 163 | 164 | ## **Kubernetes Basics** 165 | 166 | ### **11. What is Kubernetes?** 167 | 168 | **Answer:** 169 | Kubernetes (K8s) is an **orchestration platform** for managing containerized applications. 170 | 171 | - **Features:** 172 | ✅ **Automated scaling** 173 | ✅ **Self-healing** (restarts failed containers) 174 | ✅ **Load balancing** 175 | ✅ **Rolling updates** 176 | 177 | --- 178 | 179 | ### **12. What is a Kubernetes Pod?** 180 | 181 | **Answer:** 182 | A **Pod** is the smallest unit in Kubernetes. It **groups one or more containers** that share the same network and storage. 183 | 184 | --- 185 | 186 | ### **13. What is a Kubernetes Deployment?** 187 | 188 | **Answer:** 189 | A **Deployment** manages Pod creation and updates. 190 | Example YAML: 191 | 192 | ```yaml 193 | apiVersion: apps/v1 194 | kind: Deployment 195 | metadata: 196 | name: my-app 197 | spec: 198 | replicas: 3 199 | selector: 200 | matchLabels: 201 | app: my-app 202 | template: 203 | metadata: 204 | labels: 205 | app: my-app 206 | spec: 207 | containers: 208 | - name: app 209 | image: nginx 210 | ``` 211 | 212 | - `replicas: 3` → Runs **3 instances**. 213 | - `matchLabels` → Ensures the correct Pods are managed. 214 | 215 | --- 216 | 217 | ### **14. What is a Kubernetes Service?** 218 | 219 | **Answer:** 220 | A **Service** exposes a set of Pods over a network. 221 | 222 | - **Types:** 223 | - **ClusterIP** (default) 224 | - **NodePort** (exposes on a fixed port) 225 | - **LoadBalancer** (uses cloud provider's load balancer) 226 | 227 | Example YAML: 228 | 229 | ```yaml 230 | apiVersion: v1 231 | kind: Service 232 | metadata: 233 | name: my-service 234 | spec: 235 | type: NodePort 236 | selector: 237 | app: my-app 238 | ports: 239 | - port: 80 240 | targetPort: 8080 241 | nodePort: 30007 242 | ``` 243 | 244 | --- 245 | 246 | ### **15. What is the purpose of Kubernetes ConfigMaps and Secrets?** 247 | 248 | **Answer:** 249 | 250 | - **ConfigMaps** store non-sensitive configuration data. 251 | - **Secrets** store **sensitive** data (passwords, API keys). 252 | 253 | Example Secret: 254 | 255 | ```yaml 256 | apiVersion: v1 257 | kind: Secret 258 | metadata: 259 | name: my-secret 260 | data: 261 | password: bXlwYXNzd29yZA== 262 | ``` 263 | 264 | --- 265 | 266 | ### **16. What is a Kubernetes Namespace?** 267 | 268 | **Answer:** 269 | Namespaces **logically separate resources** within a cluster. 270 | 271 | ```sh 272 | kubectl create namespace dev 273 | kubectl get namespaces 274 | ``` 275 | 276 | --- 277 | 278 | ### **17. What is a StatefulSet in Kubernetes?** 279 | 280 | **Answer:** 281 | A **StatefulSet** is used for **stateful applications** like databases. Unlike Deployments, it maintains: 282 | ✅ **Stable pod identity** 283 | ✅ **Persistent storage** 284 | 285 | --- 286 | 287 | ### **18. How do you scale a Deployment in Kubernetes?** 288 | 289 | **Answer:** 290 | Manually scale using: 291 | 292 | ```sh 293 | kubectl scale deployment my-app --replicas=5 294 | ``` 295 | 296 | --- 297 | 298 | ### **19. What is a DaemonSet?** 299 | 300 | **Answer:** 301 | A **DaemonSet** ensures that **one Pod runs on every node** (e.g., logging agents, monitoring). 302 | 303 | --- 304 | 305 | ### **20. How do you update a Kubernetes Deployment?** 306 | 307 | **Answer:** 308 | Update the image and apply changes: 309 | 310 | ```sh 311 | kubectl set image deployment/my-app my-container=nginx:latest 312 | ``` 313 | 314 | --- 315 | 316 | ## **🚀 Intermediate-Level Docker & Kubernetes Questions (21-40)** 317 | 318 | ### **Docker Intermediate Questions** 319 | 320 | ### **21. What is the difference between Docker ADD and COPY?** 321 | 322 | **Answer:** 323 | 324 | | Feature | ADD | COPY | 325 | |---------|----|------| 326 | | **Function** | Copies files & extracts compressed files | Copies files only | 327 | | **Supports URLs?** | Yes | No | 328 | | **Best Practice** | Use for archives (`.tar.gz`) | Use for simple file copies | 329 | 330 | Example: 331 | 332 | ```Dockerfile 333 | COPY config.json /app/config.json 334 | ADD myapp.tar.gz /app/ 335 | ``` 336 | 337 | --- 338 | 339 | ### **22. How do you optimize Docker images?** 340 | 341 | **Answer:** 342 | 343 | - Use **smaller base images** (e.g., `alpine` instead of `ubuntu`). 344 | - **Multi-stage builds** to reduce image size: 345 | 346 | ```Dockerfile 347 | FROM node:16 AS build 348 | WORKDIR /app 349 | COPY . . 350 | RUN npm install && npm run build 351 | 352 | FROM nginx:alpine 353 | COPY --from=build /app/dist /usr/share/nginx/html 354 | ``` 355 | 356 | - Use `.dockerignore` to avoid unnecessary files. 357 | 358 | --- 359 | 360 | ### **23. What is the difference between Docker ENTRYPOINT and CMD?** 361 | 362 | **Answer:** 363 | 364 | - `ENTRYPOINT` is **not overridden by command-line arguments**, while `CMD` can be. 365 | - Best practice: Use `ENTRYPOINT` for fixed commands. 366 | 367 | Example: 368 | 369 | ```Dockerfile 370 | ENTRYPOINT ["nginx", "-g", "daemon off;"] 371 | CMD ["-p", "80"] 372 | ``` 373 | 374 | --- 375 | 376 | ### **24. How do you debug a running Docker container?** 377 | 378 | **Answer:** 379 | 380 | - **Get container logs:** `docker logs my-container` 381 | - **Attach to a running container:** `docker exec -it my-container /bin/sh` 382 | - **Inspect container details:** `docker inspect my-container` 383 | 384 | --- 385 | 386 | ### **25. What is a Docker Multi-Stage Build?** 387 | 388 | **Answer:** 389 | A **multi-stage build** reduces image size by using multiple `FROM` statements. 390 | 391 | ```Dockerfile 392 | FROM golang:1.17 AS builder 393 | WORKDIR /app 394 | COPY . . 395 | RUN go build -o myapp 396 | 397 | FROM alpine 398 | COPY --from=builder /app/myapp /myapp 399 | ENTRYPOINT ["/myapp"] 400 | ``` 401 | 402 | The final image **only contains the built binary**. 403 | 404 | --- 405 | 406 | ### **26. How does Docker handle networking?** 407 | 408 | **Answer:** 409 | 410 | - **Bridge network (default):** Containers communicate via virtual network. 411 | - **Host network:** Container shares the host’s networking stack. 412 | - **Overlay network:** Used in **Docker Swarm** for multi-host networking. 413 | 414 | Example: 415 | 416 | ```sh 417 | docker network create mynetwork 418 | docker run --network=mynetwork nginx 419 | ``` 420 | 421 | --- 422 | 423 | ### **27. What is the difference between Docker Swarm and Kubernetes?** 424 | 425 | **Answer:** 426 | 427 | | Feature | Docker Swarm | Kubernetes | 428 | |---------|-------------|------------| 429 | | **Orchestration** | Lightweight, built into Docker | Advanced, feature-rich | 430 | | **Scaling** | Manual | Auto-scaling | 431 | | **Service Discovery** | Built-in | Needs external setup (DNS, Ingress) | 432 | 433 | --- 434 | 435 | ### **28. How do you remove unused Docker images and containers?** 436 | 437 | **Answer:** 438 | 439 | ```sh 440 | docker system prune -a 441 | ``` 442 | 443 | This removes **stopped containers, unused networks, and dangling images**. 444 | 445 | --- 446 | 447 | ### **29. What is Docker BuildKit?** 448 | 449 | **Answer:** 450 | Docker **BuildKit** improves build speed and caching. 451 | Enable it with: 452 | 453 | ```sh 454 | DOCKER_BUILDKIT=1 docker build . 455 | ``` 456 | 457 | Benefits: 458 | ✅ **Faster builds** 459 | ✅ **Parallel execution** 460 | ✅ **Improved caching** 461 | 462 | --- 463 | 464 | ### **30. How do you limit container resource usage?** 465 | 466 | **Answer:** 467 | Use `--memory` and `--cpus`: 468 | 469 | ```sh 470 | docker run --memory=512m --cpus=1 nginx 471 | ``` 472 | 473 | This limits memory to **512MB** and CPU usage to **1 core**. 474 | 475 | --- 476 | 477 | ## **Kubernetes Intermediate Questions** 478 | 479 | ### **31. How does Kubernetes handle high availability?** 480 | 481 | **Answer:** 482 | 483 | - Uses **multiple master nodes** to avoid single points of failure. 484 | - Deployments use **replica sets** to keep applications running. 485 | - **Load balancing & failover mechanisms** ensure availability. 486 | 487 | --- 488 | 489 | ### **32. What is the role of kubelet in Kubernetes?** 490 | 491 | **Answer:** 492 | Kubelet runs on each node and: 493 | ✅ **Communicates with the master node** 494 | ✅ **Ensures containers are running** 495 | ✅ **Monitors container health** 496 | 497 | --- 498 | 499 | ### **33. How do you check logs of a running Pod in Kubernetes?** 500 | 501 | **Answer:** 502 | 503 | ```sh 504 | kubectl logs my-pod 505 | kubectl logs -f my-pod # Stream logs in real-time 506 | ``` 507 | 508 | --- 509 | 510 | ### **34. What are Kubernetes Labels and Selectors?** 511 | 512 | **Answer:** 513 | Labels **identify** resources, while selectors **filter resources**. 514 | Example: 515 | 516 | ```yaml 517 | metadata: 518 | labels: 519 | app: my-app 520 | ``` 521 | 522 | To filter pods by label: 523 | 524 | ```sh 525 | kubectl get pods -l app=my-app 526 | ``` 527 | 528 | --- 529 | 530 | ### **35. What is a Kubernetes Ingress?** 531 | 532 | **Answer:** 533 | An **Ingress** manages external access to services. 534 | Example: 535 | 536 | ```yaml 537 | apiVersion: networking.k8s.io/v1 538 | kind: Ingress 539 | metadata: 540 | name: my-ingress 541 | spec: 542 | rules: 543 | - host: myapp.com 544 | http: 545 | paths: 546 | - path: / 547 | backend: 548 | service: 549 | name: my-service 550 | port: 551 | number: 80 552 | ``` 553 | 554 | Use **Ingress controllers (NGINX, Traefik)** to manage Ingress resources. 555 | 556 | --- 557 | 558 | ### **36. What is the difference between Horizontal Pod Autoscaler (HPA) and Vertical Pod Autoscaler (VPA)?** 559 | 560 | **Answer:** 561 | 562 | | Feature | HPA | VPA | 563 | |---------|----|----| 564 | | **Scaling Type** | Adds/removes pods | Adjusts CPU/memory of existing pods | 565 | | **Use Case** | High traffic apps | Resource optimization | 566 | 567 | Example of **HPA**: 568 | 569 | ```sh 570 | kubectl autoscale deployment my-app --cpu-percent=50 --min=2 --max=10 571 | ``` 572 | 573 | --- 574 | 575 | ### **37. What is a Kubernetes Persistent Volume (PV) and Persistent Volume Claim (PVC)?** 576 | 577 | **Answer:** 578 | A **Persistent Volume (PV)** is a storage resource, and a **Persistent Volume Claim (PVC)** requests storage. 579 | Example: 580 | 581 | ```yaml 582 | apiVersion: v1 583 | kind: PersistentVolumeClaim 584 | metadata: 585 | name: my-pvc 586 | spec: 587 | accessModes: 588 | - ReadWriteOnce 589 | resources: 590 | requests: 591 | storage: 1Gi 592 | ``` 593 | 594 | --- 595 | 596 | ### **38. How do you upgrade a running application in Kubernetes?** 597 | 598 | **Answer:** 599 | Modify the image and apply the deployment: 600 | 601 | ```sh 602 | kubectl set image deployment/my-app my-container=nginx:1.20 603 | kubectl rollout status deployment my-app 604 | ``` 605 | 606 | --- 607 | 608 | ### **39. What is a Kubernetes Job and CronJob?** 609 | 610 | **Answer:** 611 | 612 | - **Job**: Runs **once** and exits. 613 | - **CronJob**: Runs **on a schedule** (like a Linux cron). 614 | 615 | Example: 616 | 617 | ```yaml 618 | apiVersion: batch/v1 619 | kind: CronJob 620 | metadata: 621 | name: my-cronjob 622 | spec: 623 | schedule: "0 * * * *" 624 | jobTemplate: 625 | spec: 626 | template: 627 | spec: 628 | containers: 629 | - name: hello 630 | image: busybox 631 | command: ["echo", "Hello from Kubernetes"] 632 | restartPolicy: OnFailure 633 | ``` 634 | 635 | --- 636 | 637 | ### **40. How do you debug Kubernetes pods that are stuck in "CrashLoopBackOff"?** 638 | 639 | **Answer:** 640 | 641 | 1. **Check pod logs:** 642 | 643 | ```sh 644 | kubectl logs my-pod 645 | ``` 646 | 647 | 2. **Describe the pod for errors:** 648 | 649 | ```sh 650 | kubectl describe pod my-pod 651 | ``` 652 | 653 | 3. **Exec into the container:** 654 | 655 | ```sh 656 | kubectl exec -it my-pod -- /bin/sh 657 | ``` 658 | 659 | --- 660 | 661 | ## **🚀 Advanced-Level Docker & Kubernetes Questions (41-60)** 662 | 663 | ### **Docker Advanced Questions** 664 | 665 | ### **41. What are Docker namespaces and cgroups? How do they contribute to containerization?** 666 | 667 | **Answer:** 668 | 669 | - **Namespaces** isolate resources (PID, network, mount points, etc.) for each container. 670 | - **Cgroups (Control Groups)** limit CPU, memory, and disk usage. 671 | - Together, they **ensure process isolation and resource allocation**. 672 | 673 | Example: 674 | 675 | ```sh 676 | cat /proc/self/cgroup 677 | ``` 678 | 679 | --- 680 | 681 | ### **42. What is the difference between Docker Volumes, Bind Mounts, and tmpfs?** 682 | 683 | **Answer:** 684 | 685 | | Type | Persistent? | Use Case | 686 | |------|------------|----------| 687 | | **Volumes** | Yes | Best for data persistence | 688 | | **Bind Mounts** | Yes | Direct host file access | 689 | | **tmpfs** | No | In-memory storage for performance | 690 | 691 | Example (Volume): 692 | 693 | ```sh 694 | docker run -v myvolume:/data nginx 695 | ``` 696 | 697 | --- 698 | 699 | ### **43. What are Docker BuildKit advantages?** 700 | 701 | **Answer:** 702 | 703 | - **Parallel execution** speeds up builds. 704 | - **Efficient caching** reduces rebuild time. 705 | - **Security improvements** via secret mounts. 706 | 707 | Enable BuildKit: 708 | 709 | ```sh 710 | DOCKER_BUILDKIT=1 docker build . 711 | ``` 712 | 713 | --- 714 | 715 | ### **44. How do you secure a Docker container?** 716 | 717 | **Answer:** 718 | 719 | - **Use minimal base images** (e.g., `alpine`). 720 | - **Run as non-root user**. 721 | - **Limit container capabilities** (`--cap-drop=ALL`). 722 | - **Use read-only filesystems** (`--read-only`). 723 | 724 | Example: 725 | 726 | ```sh 727 | docker run --user 1001 --read-only nginx 728 | ``` 729 | 730 | --- 731 | 732 | ### **45. How do multi-stage builds improve security in Docker?** 733 | 734 | **Answer:** 735 | 736 | - Keeps **sensitive files out of the final image**. 737 | - Reduces **attack surface** by discarding unnecessary dependencies. 738 | 739 | Example: 740 | 741 | ```Dockerfile 742 | FROM golang AS build 743 | COPY . . 744 | RUN go build -o myapp 745 | 746 | FROM alpine 747 | COPY --from=build /myapp /myapp 748 | ENTRYPOINT ["/myapp"] 749 | ``` 750 | 751 | --- 752 | 753 | ### **46. What are immutable infrastructure principles, and how do they apply to Docker?** 754 | 755 | **Answer:** 756 | 757 | - Containers should be **replaced, not modified**. 758 | - Use **image versioning** instead of patching live containers. 759 | - Example: Deploy **new image versions** instead of updating running containers. 760 | 761 | --- 762 | 763 | ### **47. How does Docker Content Trust (DCT) improve security?** 764 | 765 | **Answer:** 766 | 767 | - **Ensures image integrity** with digital signatures. 768 | - Enable DCT: 769 | 770 | ```sh 771 | export DOCKER_CONTENT_TRUST=1 772 | ``` 773 | 774 | --- 775 | 776 | ### **48. How do you troubleshoot a Docker daemon issue?** 777 | 778 | **Answer:** 779 | 780 | - **Check logs:** `journalctl -u docker.service` 781 | - **Restart service:** `systemctl restart docker` 782 | - **Debug mode:** `dockerd --debug` 783 | 784 | --- 785 | 786 | ### **49. What is the difference between Docker stack and Docker compose?** 787 | 788 | **Answer:** 789 | 790 | - **Docker Compose** is for single-host deployments. 791 | - **Docker Stack** is for multi-node Swarm clusters. 792 | 793 | --- 794 | 795 | ### **50. How do you handle container networking in a multi-host Docker Swarm?** 796 | 797 | **Answer:** 798 | 799 | - **Overlay networks** span multiple hosts. 800 | - Example: 801 | 802 | ```sh 803 | docker network create -d overlay mynetwork 804 | ``` 805 | 806 | --- 807 | 808 | ## **Kubernetes Advanced Questions** 809 | 810 | ### **51. How does Kubernetes handle stateful applications?** 811 | 812 | **Answer:** 813 | 814 | - Uses **StatefulSets** instead of Deployments. 815 | - Provides **stable network identities and persistent storage**. 816 | 817 | Example: 818 | 819 | ```yaml 820 | apiVersion: apps/v1 821 | kind: StatefulSet 822 | metadata: 823 | name: mysql 824 | spec: 825 | serviceName: "mysql" 826 | replicas: 3 827 | ``` 828 | 829 | --- 830 | 831 | ### **52. What are PodDisruptionBudgets (PDBs)?** 832 | 833 | **Answer:** 834 | 835 | - Ensures **minimum availability** during voluntary disruptions. 836 | - Example: 837 | 838 | ```yaml 839 | apiVersion: policy/v1 840 | kind: PodDisruptionBudget 841 | metadata: 842 | name: my-pdb 843 | spec: 844 | minAvailable: 2 845 | selector: 846 | matchLabels: 847 | app: my-app 848 | ``` 849 | 850 | --- 851 | 852 | ### **53. How do you secure Kubernetes Secrets?** 853 | 854 | **Answer:** 855 | 856 | - Use **encryption at rest**. 857 | - Store secrets in **external vaults** (e.g., HashiCorp Vault). 858 | - Example: 859 | 860 | ```sh 861 | kubectl create secret generic db-secret --from-literal=password=mysecurepassword 862 | ``` 863 | 864 | --- 865 | 866 | ### **54. What are Kubernetes Admission Controllers?** 867 | 868 | **Answer:** 869 | 870 | - They **intercept API requests** before they reach the cluster. 871 | - Example: `PodSecurityPolicies`, `ValidatingWebhookConfiguration`. 872 | 873 | --- 874 | 875 | ### **55. How does Kubernetes handle node failures?** 876 | 877 | **Answer:** 878 | 879 | - **Kubelet marks node as NotReady**. 880 | - **Pods are rescheduled** onto healthy nodes. 881 | - **Node auto-repair** triggers in cloud-managed clusters. 882 | 883 | --- 884 | 885 | ### **56. What is a Kubernetes Mutating Webhook?** 886 | 887 | **Answer:** 888 | 889 | - **Modifies requests dynamically** before they reach the cluster. 890 | - Example: Injecting sidecars into Pods. 891 | 892 | --- 893 | 894 | ### **57. How do you debug networking issues in Kubernetes?** 895 | 896 | **Answer:** 897 | 898 | - Check **Pod-to-Pod connectivity**: 899 | 900 | ```sh 901 | kubectl exec -it pod1 -- ping pod2 902 | ``` 903 | 904 | - Inspect **network policies**: 905 | 906 | ```sh 907 | kubectl get networkpolicy 908 | ``` 909 | 910 | - Validate **DNS resolution**: 911 | 912 | ```sh 913 | kubectl exec -it pod -- nslookup my-service 914 | ``` 915 | 916 | --- 917 | 918 | ### **58. How does Kubernetes Horizontal Pod Autoscaler (HPA) work internally?** 919 | 920 | **Answer:** 921 | 922 | - Uses **metrics API** (CPU/memory usage). 923 | - Adjusts **replica count dynamically**. 924 | - Example: 925 | 926 | ```sh 927 | kubectl autoscale deployment my-app --cpu-percent=50 --min=2 --max=10 928 | ``` 929 | 930 | --- 931 | 932 | ### **59. How do you implement multi-tenancy in Kubernetes?** 933 | 934 | **Answer:** 935 | 936 | - Use **Namespaces** to isolate workloads. 937 | - Apply **RBAC (Role-Based Access Control)**. 938 | - Example: 939 | 940 | ```yaml 941 | apiVersion: rbac.authorization.k8s.io/v1 942 | kind: Role 943 | metadata: 944 | namespace: team-a 945 | name: team-a-role 946 | rules: 947 | - apiGroups: [""] 948 | resources: ["pods"] 949 | verbs: ["get", "list", "watch"] 950 | ``` 951 | 952 | --- 953 | 954 | ### **60. What is Kubernetes Cluster Federation?** 955 | 956 | **Answer:** 957 | 958 | - Manages **multiple clusters** as a **single entity**. 959 | - Benefits: **Cross-region high availability, policy consistency**. 960 | - Example tool: `kubefed` 961 | 962 | --- 963 | 964 | ## **📢 Contribute & Stay Updated** 965 | 966 | 💡 **Want to contribute?** 967 | We **welcome contributions!** If you have insights, new tools, or improvements, feel free to submit a **pull request**. 968 | 969 | 📌 **How to Contribute?** 970 | 971 | - Read the **[CONTRIBUTING.md](https://github.com/NotHarshhaa/DevOps-Interview-Questions/blob/master/CONTRIBUTING.md)** guide. 972 | - Fix errors, add missing topics, or suggest improvements. 973 | - Submit a **pull request** with your updates. 974 | 975 | 📢 **Stay Updated:** 976 | ⭐ **Star the repository** to get notified about new updates and additions. 977 | 💬 **Join discussions** in **[GitHub Issues](https://github.com/NotHarshhaa/DevOps-Interview-Questions/issues)** to suggest improvements. 978 | 979 | --- 980 | 981 | ## **🌍 Community & Support** 982 | 983 | 🔗 **GitHub:** [@NotHarshhaa](https://github.com/NotHarshhaa) 984 | 📝 **Blog:** [ProDevOpsGuy](https://blog.prodevopsguy.xyz) 985 | 💬 **Telegram Community:** [Join Here](https://t.me/prodevopsguy) 986 | 987 | ![Follow Me](https://imgur.com/2j7GSPs.png) 988 | -------------------------------------------------------------------------------- /core-concepts/README.md: -------------------------------------------------------------------------------- 1 | # **Core Concepts - DevOps Fundamentals** 2 | 3 | ## **Beginner Level (1-20 Questions)** 4 | 5 | ### **1. What is DevOps?** 6 | 7 | **Answer:** DevOps is a set of practices that combine software development (Dev) and IT operations (Ops) to improve collaboration, automate workflows, and accelerate software delivery. 8 | 9 | ### **2. What are the main goals of DevOps?** 10 | 11 | **Answer:** 12 | 13 | - Faster delivery of software 14 | - Improved collaboration between teams 15 | - Automation of repetitive tasks 16 | - Continuous feedback and improvement 17 | 18 | ### **3. What are the key components of DevOps?** 19 | 20 | **Answer:** 21 | 22 | - **CI/CD** (Continuous Integration/Continuous Deployment) 23 | - **Infrastructure as Code (IaC)** 24 | - **Monitoring and Logging** 25 | - **Collaboration and Communication** 26 | 27 | ### **4. How does DevOps differ from traditional IT operations?** 28 | 29 | **Answer:** DevOps focuses on automation, collaboration, and continuous feedback, whereas traditional IT operations follow a siloed approach with manual deployments and slow release cycles. 30 | 31 | ### **5. What is Continuous Integration (CI)?** 32 | 33 | **Answer:** CI is a practice where developers frequently integrate code into a shared repository, followed by automated testing to detect errors early. 34 | 35 | ### **6. What is Continuous Deployment (CD)?** 36 | 37 | **Answer:** CD is the automated release of validated code changes into production, ensuring rapid and reliable delivery. 38 | 39 | ### **7. What is Infrastructure as Code (IaC)?** 40 | 41 | **Answer:** IaC is managing infrastructure using code, enabling automation, consistency, and easy scalability. Examples: Terraform, CloudFormation. 42 | 43 | ### **8. What is version control, and why is it important?** 44 | 45 | **Answer:** Version control tracks code changes, enabling collaboration and rollback. Example: Git. 46 | 47 | ### **9. What are some popular version control tools?** 48 | 49 | **Answer:** Git, GitHub, GitLab, Bitbucket, Subversion (SVN). 50 | 51 | ### **10. What is a DevOps pipeline?** 52 | 53 | **Answer:** A DevOps pipeline automates software delivery using stages like build, test, deploy, and monitor. 54 | 55 | ### **11. What is containerization?** 56 | 57 | **Answer:** Containerization packages applications with dependencies, making them portable and consistent across environments. Example: Docker. 58 | 59 | ### **12. What are microservices?** 60 | 61 | **Answer:** Microservices are small, independent services that communicate via APIs, improving scalability and maintainability. 62 | 63 | ### **13. What is a monolithic vs. microservices architecture?** 64 | 65 | **Answer:** Monolithic apps have a single codebase; microservices break the application into independent, loosely coupled services. 66 | 67 | ### **14. What are some common DevOps automation tools?** 68 | 69 | **Answer:** 70 | 71 | - CI/CD: Jenkins, GitHub Actions 72 | - Configuration Management: Ansible, Puppet 73 | - Infrastructure as Code: Terraform 74 | 75 | ### **15. What is Shift-Left Testing?** 76 | 77 | **Answer:** Shift-left testing integrates testing early in the development cycle to detect bugs earlier. 78 | 79 | ### **16. What is observability in DevOps?** 80 | 81 | **Answer:** Observability provides insights into system health using logs, metrics, and tracing. 82 | 83 | ### **17. What is a rollback strategy?** 84 | 85 | **Answer:** A rollback strategy reverts to a previous stable version if a new deployment fails. 86 | 87 | ### **18. What is the role of a DevOps Engineer?** 88 | 89 | **Answer:** A DevOps engineer bridges development and operations, focusing on automation, CI/CD, and cloud management. 90 | 91 | ### **19. What are feature flags in DevOps?** 92 | 93 | **Answer:** Feature flags allow toggling features on/off without deploying new code. 94 | 95 | ### **20. What is a blue-green deployment?** 96 | 97 | **Answer:** Blue-green deployment maintains two environments, switching traffic between them for zero-downtime updates. 98 | 99 | --- 100 | 101 | ## **Intermediate Level (21-40 Questions)** 102 | 103 | ### **21. What is Site Reliability Engineering (SRE)?** 104 | 105 | **Answer:** SRE applies software engineering principles to operations, improving reliability and scalability. 106 | 107 | ### **22. How does DevOps help in cloud computing?** 108 | 109 | **Answer:** DevOps automates infrastructure, deployments, and monitoring, making cloud environments scalable and efficient. 110 | 111 | ### **23. What is Immutable Infrastructure?** 112 | 113 | **Answer:** Immutable infrastructure replaces servers instead of modifying them, ensuring consistency and reducing drift. 114 | 115 | ### **24. How does DevSecOps integrate security into DevOps?** 116 | 117 | **Answer:** DevSecOps embeds security at every stage of the DevOps lifecycle, using automated security scans and compliance checks. 118 | 119 | ### **25. What are the benefits of CI/CD pipelines?** 120 | 121 | **Answer:** 122 | 123 | - Faster releases 124 | - Automated testing 125 | - Reduced manual errors 126 | - Enhanced collaboration 127 | 128 | ### **26. What is canary deployment?** 129 | 130 | **Answer:** Canary deployment gradually rolls out changes to a small user group before full deployment. 131 | 132 | ### **27. What are some common monitoring tools?** 133 | 134 | **Answer:** Prometheus, Grafana, ELK Stack, Datadog, New Relic. 135 | 136 | ### **28. What is Configuration Management in DevOps?** 137 | 138 | **Answer:** Configuration management automates infrastructure setup and maintenance. Examples: Ansible, Puppet, Chef. 139 | 140 | ### **29. What is GitOps?** 141 | 142 | **Answer:** GitOps manages infrastructure using Git repositories, ensuring version control and automation. 143 | 144 | ### **30. How do you handle secrets management in DevOps?** 145 | 146 | **Answer:** Using tools like HashiCorp Vault, AWS Secrets Manager, and Kubernetes Secrets. 147 | 148 | ### **31. What is Chaos Engineering?** 149 | 150 | **Answer:** Chaos Engineering tests system resilience by introducing controlled failures. 151 | 152 | ### **32. What is a service mesh?** 153 | 154 | **Answer:** A service mesh manages microservices communication using proxies like Istio and Linkerd. 155 | 156 | ### **33. What is an API gateway?** 157 | 158 | **Answer:** An API gateway manages API traffic, security, and load balancing. 159 | 160 | ### **34. How do you optimize CI/CD pipelines?** 161 | 162 | **Answer:** By parallelizing builds, caching dependencies, and using automated testing. 163 | 164 | ### **35. What is hybrid cloud in DevOps?** 165 | 166 | **Answer:** A hybrid cloud combines private and public cloud environments. 167 | 168 | ### **36. What is observability vs. monitoring?** 169 | 170 | **Answer:** Monitoring collects data; observability provides deeper insights into system behavior. 171 | 172 | ### **37. What are Helm charts?** 173 | 174 | **Answer:** Helm charts package Kubernetes applications for easier deployment. 175 | 176 | ### **38. What is A/B testing in DevOps?** 177 | 178 | **Answer:** A/B testing compares different versions of an application to determine the best performance. 179 | 180 | ### **39. How do you handle database schema changes in CI/CD?** 181 | 182 | **Answer:** Using tools like Flyway or Liquibase for version-controlled migrations. 183 | 184 | ### **40. What is autoscaling in cloud environments?** 185 | 186 | **Answer:** Autoscaling automatically adjusts resource allocation based on demand. 187 | 188 | --- 189 | 190 | ## **Advanced Level (41-60 Questions)** 191 | 192 | ### **41. What is the Twelve-Factor App methodology?** 193 | 194 | **Answer:** The Twelve-Factor App is a set of best practices for building modern, scalable cloud applications. The 12 principles focus on aspects like codebase, dependencies, configuration, logging, and disposability. 195 | 196 | ### **42. How do you implement zero-trust security in DevOps?** 197 | 198 | **Answer:** Zero-trust security enforces strict identity verification and least-privilege access across the entire system. It includes: 199 | 200 | - Multi-factor authentication (MFA) 201 | - Role-Based Access Control (RBAC) 202 | - Encryption of data in transit and at rest 203 | - Continuous monitoring and logging 204 | 205 | ### **43. What are sidecars in Kubernetes?** 206 | 207 | **Answer:** A sidecar is a helper container that runs alongside a main application container within the same pod. Sidecars enhance functionality without modifying the primary application (e.g., logging, monitoring, service mesh). 208 | 209 | ### **44. How does Kubernetes handle self-healing?** 210 | 211 | **Answer:** Kubernetes ensures self-healing by: 212 | 213 | - Restarting failed containers 214 | - Rescheduling pods on healthy nodes 215 | - Automatically scaling replicas 216 | - Rolling back deployments if necessary 217 | 218 | ### **45. What is progressive delivery?** 219 | 220 | **Answer:** Progressive delivery is an advanced deployment strategy that introduces new changes incrementally to users, using techniques like: 221 | 222 | - **Canary releases** (small group testing) 223 | - **Feature flags** (turning features on/off dynamically) 224 | - **A/B testing** (comparing multiple versions in production) 225 | 226 | ### **46. What is a service mesh, and why is it important?** 227 | 228 | **Answer:** A service mesh (e.g., Istio, Linkerd) is a dedicated infrastructure layer that manages service-to-service communication in microservices architectures. It provides: 229 | 230 | - Traffic control (load balancing, retries) 231 | - Security (mutual TLS authentication) 232 | - Observability (tracing, metrics, logging) 233 | 234 | ### **47. What is GitOps, and how does it improve DevOps workflows?** 235 | 236 | **Answer:** GitOps uses Git repositories as the single source of truth for declarative infrastructure and applications. Benefits include: 237 | 238 | - **Version-controlled deployments** 239 | - **Automated reconciliation of state** 240 | - **Increased security via RBAC** 241 | 242 | ### **48. What is Blue/Green vs. Rolling deployment?** 243 | 244 | **Answer:** 245 | 246 | - **Blue/Green Deployment**: Two identical environments (Blue and Green). Traffic is switched instantly. 247 | - **Rolling Deployment**: Gradual update of application instances, minimizing downtime but increasing rollback complexity. 248 | 249 | ### **49. How do you handle secrets management in DevOps?** 250 | 251 | **Answer:** Best practices for secrets management include: 252 | 253 | - Using **vault solutions** (e.g., HashiCorp Vault, AWS Secrets Manager) 254 | - Avoiding hardcoded secrets in code 255 | - Using **environment variables or encrypted configuration files** 256 | 257 | ### **50. What is a chaos engineering experiment?** 258 | 259 | **Answer:** Chaos engineering involves intentionally introducing failures to test system resilience. Examples include: 260 | 261 | - **Network disruptions** (latency, packet loss) 262 | - **Server crashes** (killing pods or nodes) 263 | - **Resource exhaustion** (CPU/memory spikes) 264 | 265 | ### **51. How do you implement compliance in DevOps pipelines?** 266 | 267 | **Answer:** Compliance can be enforced using: 268 | 269 | - **Automated security scans** (e.g., SonarQube, Snyk) 270 | - **Policy-as-Code** (e.g., Open Policy Agent) 271 | - **Audit logging and access controls** 272 | 273 | ### **52. What is infrastructure drift, and how do you prevent it?** 274 | 275 | **Answer:** Infrastructure drift occurs when real-world infrastructure deviates from its declared state in code. Prevention methods: 276 | 277 | - **Use Infrastructure as Code (IaC) tools** 278 | - **Regularly run drift detection checks** 279 | - **Automate infrastructure provisioning** 280 | 281 | ### **53. What is a deployment freeze, and when should it be used?** 282 | 283 | **Answer:** A deployment freeze is a temporary halt on new releases, typically during critical business periods (e.g., holiday sales, tax season). 284 | 285 | ### **54. How do you ensure high availability in a DevOps environment?** 286 | 287 | **Answer:** High availability can be ensured through: 288 | 289 | - **Multi-region deployments** 290 | - **Load balancing & auto-scaling** 291 | - **Database replication & failover mechanisms** 292 | 293 | ### **55. What is a multi-cloud strategy?** 294 | 295 | **Answer:** A multi-cloud strategy uses multiple cloud providers (e.g., AWS, Azure, GCP) to: 296 | 297 | - Reduce vendor lock-in 298 | - Improve redundancy and fault tolerance 299 | - Optimize costs 300 | 301 | ### **56. How does FinOps fit into DevOps?** 302 | 303 | **Answer:** FinOps (Financial Operations) helps manage cloud spending efficiently. Practices include: 304 | 305 | - **Cost monitoring tools** (AWS Cost Explorer, Azure Cost Management) 306 | - **Auto-scaling and right-sizing resources** 307 | - **Tagging and budgeting policies** 308 | 309 | ### **57. What are the challenges of DevOps adoption in large enterprises?** 310 | 311 | **Answer:** 312 | 313 | - **Legacy system integration** 314 | - **Security and compliance concerns** 315 | - **Cultural resistance to automation** 316 | - **Skill gaps within teams** 317 | 318 | ### **58. What is a Kubernetes operator?** 319 | 320 | **Answer:** A Kubernetes Operator automates complex application lifecycle management tasks by extending Kubernetes capabilities using custom controllers. 321 | 322 | ### **59. What are observability pillars in DevOps?** 323 | 324 | **Answer:** The three pillars of observability are: 325 | 326 | - **Logs** (text-based records of system events) 327 | - **Metrics** (numerical measurements like CPU usage) 328 | - **Tracing** (tracking requests across distributed systems) 329 | 330 | ### **60. What are the best practices for incident response in DevOps?** 331 | 332 | **Answer:** 333 | 334 | - **Automated alerts and monitoring** (PagerDuty, Prometheus) 335 | - **Runbooks and playbooks for issue resolution** 336 | - **Post-mortems for continuous learning** 337 | 338 | --- 339 | 340 | ## **📢 Contribute & Stay Updated** 341 | 342 | 💡 **Want to contribute?** 343 | We **welcome contributions!** If you have insights, new tools, or improvements, feel free to submit a **pull request**. 344 | 345 | 📌 **How to Contribute?** 346 | 347 | - Read the **[CONTRIBUTING.md](https://github.com/NotHarshhaa/DevOps-Interview-Questions/blob/master/CONTRIBUTING.md)** guide. 348 | - Fix errors, add missing topics, or suggest improvements. 349 | - Submit a **pull request** with your updates. 350 | 351 | 📢 **Stay Updated:** 352 | ⭐ **Star the repository** to get notified about new updates and additions. 353 | 💬 **Join discussions** in **[GitHub Issues](https://github.com/NotHarshhaa/DevOps-Interview-Questions/issues)** to suggest improvements. 354 | 355 | --- 356 | 357 | ## **🌍 Community & Support** 358 | 359 | 🔗 **GitHub:** [@NotHarshhaa](https://github.com/NotHarshhaa) 360 | 📝 **Blog:** [ProDevOpsGuy](https://blog.prodevopsguy.xyz) 361 | 💬 **Telegram Community:** [Join Here](https://t.me/prodevopsguy) 362 | 363 | ![Follow Me](https://imgur.com/2j7GSPs.png) 364 | -------------------------------------------------------------------------------- /docs/100 AWS interview questions.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/100 AWS interview questions.pdf -------------------------------------------------------------------------------- /docs/12 Interview Questions You Need To Know.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/12 Interview Questions You Need To Know.pdf -------------------------------------------------------------------------------- /docs/50 Docker Interview Questions.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/50 Docker Interview Questions.pdf -------------------------------------------------------------------------------- /docs/50 HR Round Interview Questions and Answers.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/50 HR Round Interview Questions and Answers.pdf -------------------------------------------------------------------------------- /docs/500 DevSecOps Interview Questions & Answers.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/500 DevSecOps Interview Questions & Answers.pdf -------------------------------------------------------------------------------- /docs/70 Toughest Interview Questions and Answers .pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/70 Toughest Interview Questions and Answers .pdf -------------------------------------------------------------------------------- /docs/ACE YOUR JOB INTERVIEW.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/ACE YOUR JOB INTERVIEW.pdf -------------------------------------------------------------------------------- /docs/APPLICATION SECURITY INTERVIEW QUESTIONS & ANSWERS.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/APPLICATION SECURITY INTERVIEW QUESTIONS & ANSWERS.pdf -------------------------------------------------------------------------------- /docs/AWS DevOps Interview Questions & Answers .pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/AWS DevOps Interview Questions & Answers .pdf -------------------------------------------------------------------------------- /docs/AWS DevOps Interview questions and answers.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/AWS DevOps Interview questions and answers.pdf -------------------------------------------------------------------------------- /docs/AWS IAM Interview Questions Answer .pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/AWS IAM Interview Questions Answer .pdf -------------------------------------------------------------------------------- /docs/AWS Interview Questions & Answers .pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/AWS Interview Questions & Answers .pdf -------------------------------------------------------------------------------- /docs/AWS interview questions.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/AWS interview questions.pdf -------------------------------------------------------------------------------- /docs/AWSInterview.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/AWSInterview.pdf -------------------------------------------------------------------------------- /docs/Ace Your DevOps Interview with These Key Insights.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/Ace Your DevOps Interview with These Key Insights.pdf -------------------------------------------------------------------------------- /docs/Advance DevOps Interview Questions and Answers .pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/Advance DevOps Interview Questions and Answers .pdf -------------------------------------------------------------------------------- /docs/Advanced Ansible Interview Questions.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/Advanced Ansible Interview Questions.pdf -------------------------------------------------------------------------------- /docs/Ansible Interview Questions.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/Ansible Interview Questions.pdf -------------------------------------------------------------------------------- /docs/Azure Devops Interview Questions .pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/Azure Devops Interview Questions .pdf -------------------------------------------------------------------------------- /docs/Basic AWS interview Q and A .pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/Basic AWS interview Q and A .pdf -------------------------------------------------------------------------------- /docs/Complete DevOps end to end interview questions .pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/Complete DevOps end to end interview questions .pdf -------------------------------------------------------------------------------- /docs/DevOps Engineer Interview Questions & Answers -1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/DevOps Engineer Interview Questions & Answers -1.pdf -------------------------------------------------------------------------------- /docs/DevOps Engineer Interview Questions & Answers .pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/DevOps Engineer Interview Questions & Answers .pdf -------------------------------------------------------------------------------- /docs/DevOps Interview .pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/DevOps Interview .pdf -------------------------------------------------------------------------------- /docs/DevOps Interview Questions-1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/DevOps Interview Questions-1.pdf -------------------------------------------------------------------------------- /docs/DevOps Interview Questions-2.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/DevOps Interview Questions-2.pdf -------------------------------------------------------------------------------- /docs/DevOps Interview Questions.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/DevOps Interview Questions.pdf -------------------------------------------------------------------------------- /docs/DevOps Interview.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/DevOps Interview.pdf -------------------------------------------------------------------------------- /docs/DevOps Real Time Interview Questions.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/DevOps Real Time Interview Questions.pdf -------------------------------------------------------------------------------- /docs/Devops interview questions -1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/Devops interview questions -1.pdf -------------------------------------------------------------------------------- /docs/Docker Interview .pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/Docker Interview .pdf -------------------------------------------------------------------------------- /docs/Docker Interview Questions & Answers .pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/Docker Interview Questions & Answers .pdf -------------------------------------------------------------------------------- /docs/Docker Interview_ FAQs & Answers.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/Docker Interview_ FAQs & Answers.pdf -------------------------------------------------------------------------------- /docs/Essential Docker Q&A for Your Next Interview.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/Essential Docker Q&A for Your Next Interview.pdf -------------------------------------------------------------------------------- /docs/Explain DevOps project in interview-1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/Explain DevOps project in interview-1.pdf -------------------------------------------------------------------------------- /docs/GIT-HUB DevOps interview questions .pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/GIT-HUB DevOps interview questions .pdf -------------------------------------------------------------------------------- /docs/Git Interview Questions & Answers .pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/Git Interview Questions & Answers .pdf -------------------------------------------------------------------------------- /docs/Jenkins Important interview Questions.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/Jenkins Important interview Questions.pdf -------------------------------------------------------------------------------- /docs/Jenkins interview questions and answers .pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/Jenkins interview questions and answers .pdf -------------------------------------------------------------------------------- /docs/Questions are based on the interviews attended by folks.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/Questions are based on the interviews attended by folks.pdf -------------------------------------------------------------------------------- /docs/README.md: -------------------------------------------------------------------------------- 1 | # 📂 Downloadable PDFs & Interview Guides 2 | 3 | ![docs](https://imgur.com/azjSOfp.png) 4 | 5 | Welcome to the **Docs Section** of the **DevOps Interview Questions & Answers** repository! 🚀 6 | 7 | This section contains **100+ carefully curated PDFs, cheat sheets, and interview guides** to help you **prepare efficiently** and **revise quickly** before your DevOps interviews. And the best part? **More documents are coming soon!** Stay tuned for continuous updates. 8 | 9 | ## 📌 What's Inside? 10 | 11 | ✅ **DevOps Interview Cheat Sheets** – Quick reference guides for essential DevOps concepts 12 | ✅ **Kubernetes & Docker Command Guides** – Must-know commands for containers & orchestration 13 | ✅ **CI/CD Pipeline Examples & Workflows** – Hands-on guides for Jenkins, GitHub Actions, ArgoCD 14 | ✅ **Terraform & Ansible Best Practices** – Infrastructure as Code (IaC) key insights 15 | ✅ **Mock Interview Q&A PDFs** – Real-world DevOps interview scenarios with solutions 16 | ✅ **Cloud & Infrastructure Guides** – AWS, Azure, and GCP architecture best practices 17 | ✅ **Networking & Security Reference Docs** – IAM, Load Balancers, Firewalls, SSL/TLS, Compliance 18 | ✅ **More Topics Coming Soon!** – Regularly updated with new PDFs & study materials 19 | 20 | ## 🔥 How to Use These Docs? 21 | 22 | > [!NOTE] 23 | > 24 | > 1️⃣ **Browse the Docs** – Open the `docs/` folder to explore different guides. 25 | > 2️⃣ **Download & Study** – Click on the PDFs to download them for offline reading. 26 | > 3️⃣ **Quick Revision** – Use cheat sheets for last-minute interview preparation. 27 | > 4️⃣ **Hands-on Practice** – Follow real-world scenarios and best practices for DevOps tools. 28 | 29 | ### 🚀🔥 **Happy Learning & Best of Luck for Your Interviews!** 30 | 31 | --- 32 | 33 | ## **📢 Contribute & Stay Updated** 34 | 35 | > [!IMPORTANT] 36 | > 37 | > 💡 **Want to contribute?** 38 | > We **welcome contributions!** If you have insights, new tools, or improvements, feel free to submit a **pull request**. 39 | > 40 | > 📌 **How to Contribute?** 41 | > 42 | > - Read the **[CONTRIBUTING.md](https://github.com/NotHarshhaa/DevOps-Interview-Questions/blob/master/CONTRIBUTING.md)** guide. 43 | > - Fix errors, add missing topics, or suggest improvements. 44 | > - Submit a **pull request** with your updates. 45 | 46 | 📢 **Stay Updated:** 47 | ⭐ **Star the repository** to get notified about new updates and additions. 48 | 💬 **Join discussions** in **[GitHub Issues](https://github.com/NotHarshhaa/DevOps-Interview-Questions/issues)** to suggest improvements. 49 | 50 | --- 51 | 52 | ## **🌍 Community & Support** 53 | 54 | 🔗 **GitHub:** [@NotHarshhaa](https://github.com/NotHarshhaa) 55 | 📝 **Blog:** [ProDevOpsGuy](https://blog.prodevopsguy.xyz) 56 | 💬 **Telegram Community:** [Join Here](https://t.me/prodevopsguy) 57 | 58 | ![Follow Me](https://imgur.com/2j7GSPs.png) 59 | -------------------------------------------------------------------------------- /docs/SRE Interview Questions .pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/SRE Interview Questions .pdf -------------------------------------------------------------------------------- /docs/TOP MNCs Interview Questions 🔥.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/TOP MNCs Interview Questions 🔥.pdf -------------------------------------------------------------------------------- /docs/Terraform Interview Questions & Answers .pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/Terraform Interview Questions & Answers .pdf -------------------------------------------------------------------------------- /docs/Terraform Interview Questions-1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/Terraform Interview Questions-1.pdf -------------------------------------------------------------------------------- /docs/Terraform Interview Questions.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/Terraform Interview Questions.pdf -------------------------------------------------------------------------------- /docs/Terraform-Interview-Q&A.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/Terraform-Interview-Q&A.pdf -------------------------------------------------------------------------------- /docs/Top AWS DevOps Interview Questions.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/Top AWS DevOps Interview Questions.pdf -------------------------------------------------------------------------------- /docs/Top_200_Linux_Interview_questions.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/Top_200_Linux_Interview_questions.pdf -------------------------------------------------------------------------------- /docs/__ Interview Preparation for DevOps Engineers Checklist.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/__ Interview Preparation for DevOps Engineers Checklist.pdf -------------------------------------------------------------------------------- /docs/devops shack jenkins interview Q&A.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NotHarshhaa/DevOps-Interview-Questions/dabc4a8da7066ab0126ab99298d5747d81fe3ca7/docs/devops shack jenkins interview Q&A.pdf -------------------------------------------------------------------------------- /infrastructure-as-code/README.md: -------------------------------------------------------------------------------- 1 | ## **🚀 Beginner-Level Infrastructure as Code (IaC) Questions (1-20)** 2 | 3 | #### *(Terraform, Ansible, CloudFormation)* 4 | 5 | ### **Terraform Questions** 6 | 7 | ### **1. What is Infrastructure as Code (IaC) and why is it important?** 8 | 9 | **Answer:** 10 | Infrastructure as Code (IaC) is a **method of managing and provisioning infrastructure** using code instead of manual processes. It allows: 11 | ✅ **Automation** of infrastructure deployment 12 | ✅ **Consistency** by reducing human errors 13 | ✅ **Scalability** through repeatable scripts 14 | 15 | --- 16 | 17 | ### **2. What is Terraform and how does it work?** 18 | 19 | **Answer:** 20 | Terraform is an **open-source IaC tool** by HashiCorp that helps define and provision infrastructure using a declarative configuration language. It follows three steps: 21 | 22 | 1. **Write**: Define infrastructure in `.tf` files 23 | 2. **Plan**: Preview changes before applying 24 | 3. **Apply**: Deploy and manage resources 25 | 26 | Example: 27 | 28 | ```hcl 29 | provider "aws" { 30 | region = "us-east-1" 31 | } 32 | 33 | resource "aws_instance" "my_instance" { 34 | ami = "ami-12345678" 35 | instance_type = "t2.micro" 36 | } 37 | ``` 38 | 39 | --- 40 | 41 | ### **3. What is the difference between Terraform and Ansible?** 42 | 43 | **Answer:** 44 | 45 | | Feature | Terraform | Ansible | 46 | |---------|----------|---------| 47 | | **Type** | Declarative | Imperative | 48 | | **Purpose** | Infrastructure provisioning | Configuration management | 49 | | **State Management** | Uses state file | Stateless | 50 | | **Example Use** | Creating VMs, Networks | Installing software, configuring OS | 51 | 52 | --- 53 | 54 | ### **4. What are Terraform Providers?** 55 | 56 | **Answer:** 57 | Providers are **plugins** that allow Terraform to manage resources on different platforms (AWS, Azure, GCP, Kubernetes, etc.). 58 | 59 | Example: 60 | 61 | ```hcl 62 | provider "aws" { 63 | region = "us-west-2" 64 | } 65 | ``` 66 | 67 | --- 68 | 69 | ### **5. What is a Terraform State File?** 70 | 71 | **Answer:** 72 | Terraform maintains infrastructure details in a **state file (`terraform.tfstate`)**, which: 73 | ✅ Tracks existing resources 74 | ✅ Enables incremental changes 75 | ✅ Supports remote storage (e.g., S3, Azure Blob) 76 | 77 | To store state remotely: 78 | 79 | ```hcl 80 | backend "s3" { 81 | bucket = "my-terraform-state" 82 | key = "terraform.tfstate" 83 | region = "us-east-1" 84 | } 85 | ``` 86 | 87 | --- 88 | 89 | ### **6. What is the purpose of `terraform init`?** 90 | 91 | **Answer:** 92 | It initializes the working directory by: 93 | ✅ Downloading providers 94 | ✅ Setting up backend storage 95 | ✅ Validating configuration 96 | 97 | Command: 98 | 99 | ```sh 100 | terraform init 101 | ``` 102 | 103 | --- 104 | 105 | ### **7. How does Terraform manage dependencies between resources?** 106 | 107 | **Answer:** 108 | Terraform uses **implicit and explicit dependencies**: 109 | 110 | - **Implicit:** Recognized automatically 111 | - **Explicit:** Defined using `depends_on` 112 | 113 | Example: 114 | 115 | ```hcl 116 | resource "aws_instance" "web" { 117 | ami = "ami-12345678" 118 | instance_type = "t2.micro" 119 | } 120 | 121 | resource "aws_ebs_volume" "data" { 122 | size = 10 123 | availability_zone = "us-east-1a" 124 | depends_on = [aws_instance.web] 125 | } 126 | ``` 127 | 128 | --- 129 | 130 | ### **8. What is the difference between Terraform `apply` and `plan`?** 131 | 132 | **Answer:** 133 | 134 | | Command | Purpose | 135 | |---------|---------| 136 | | `terraform plan` | Shows proposed changes before applying | 137 | | `terraform apply` | Executes changes to create/update resources | 138 | 139 | --- 140 | 141 | ### **9. What is a Terraform Module?** 142 | 143 | **Answer:** 144 | A **module** is a reusable collection of Terraform configurations that helps **organize** code. 145 | 146 | Example of a module (`main.tf`): 147 | 148 | ```hcl 149 | module "network" { 150 | source = "./modules/vpc" 151 | } 152 | ``` 153 | 154 | --- 155 | 156 | ### **10. How do you destroy resources in Terraform?** 157 | 158 | **Answer:** 159 | Use: 160 | 161 | ```sh 162 | terraform destroy 163 | ``` 164 | 165 | This removes all resources defined in the configuration. 166 | 167 | --- 168 | 169 | ### **Ansible Questions** 170 | 171 | ### **11. What is Ansible and how does it work?** 172 | 173 | **Answer:** 174 | Ansible is an **open-source configuration management tool** that automates tasks like software installation, updates, and deployments. It works **agentless**, using SSH or WinRM. 175 | 176 | --- 177 | 178 | ### **12. What are Ansible Playbooks?** 179 | 180 | **Answer:** 181 | A playbook is a **YAML-based automation script** that defines tasks to be executed. 182 | 183 | Example (`playbook.yml`): 184 | 185 | ```yaml 186 | - name: Install Nginx 187 | hosts: web 188 | tasks: 189 | - name: Install Nginx 190 | apt: 191 | name: nginx 192 | state: present 193 | ``` 194 | 195 | --- 196 | 197 | ### **13. What is an Ansible Inventory file?** 198 | 199 | **Answer:** 200 | The inventory file **lists managed servers** and their details. 201 | 202 | Example (`inventory.ini`): 203 | 204 | ```ini 205 | [web] 206 | server1 ansible_host=192.168.1.10 207 | server2 ansible_host=192.168.1.11 208 | ``` 209 | 210 | --- 211 | 212 | ### **14. What is the difference between Ansible Roles and Playbooks?** 213 | 214 | **Answer:** 215 | 216 | | Feature | Playbook | Role | 217 | |---------|---------|------| 218 | | **Scope** | Task-oriented | Component-oriented | 219 | | **Organization** | Single YAML file | Structured directory | 220 | | **Usage** | Small-scale automation | Large-scale projects | 221 | 222 | --- 223 | 224 | ### **15. How do you run an Ansible Playbook?** 225 | 226 | **Answer:** 227 | Command: 228 | 229 | ```sh 230 | ansible-playbook playbook.yml -i inventory.ini 231 | ``` 232 | 233 | --- 234 | 235 | ### **16. What is an Ansible Galaxy?** 236 | 237 | **Answer:** 238 | Ansible Galaxy is a **repository for pre-built Ansible roles**. 239 | 240 | Example: 241 | 242 | ```sh 243 | ansible-galaxy install geerlingguy.nginx 244 | ``` 245 | 246 | --- 247 | 248 | ### **17. How does Ansible handle idempotency?** 249 | 250 | **Answer:** 251 | Ansible ensures **repeated executions produce the same result** by only applying changes when needed. 252 | 253 | Example: 254 | 255 | ```yaml 256 | - name: Ensure Nginx is installed 257 | apt: 258 | name: nginx 259 | state: present 260 | ``` 261 | 262 | If Nginx is already installed, the task is skipped. 263 | 264 | --- 265 | 266 | ### **18. What is Ansible Vault?** 267 | 268 | **Answer:** 269 | Ansible Vault **encrypts sensitive data** like passwords. 270 | 271 | To create an encrypted file: 272 | 273 | ```sh 274 | ansible-vault encrypt secrets.yml 275 | ``` 276 | 277 | --- 278 | 279 | ### **CloudFormation Questions** 280 | 281 | ### **19. What is AWS CloudFormation?** 282 | 283 | **Answer:** 284 | AWS CloudFormation is an **IaC service** that provisions AWS infrastructure using YAML/JSON templates. 285 | 286 | Example: 287 | 288 | ```yaml 289 | Resources: 290 | MyBucket: 291 | Type: "AWS::S3::Bucket" 292 | ``` 293 | 294 | --- 295 | 296 | ### **20. How do you create a CloudFormation stack?** 297 | 298 | **Answer:** 299 | Command: 300 | 301 | ```sh 302 | aws cloudformation create-stack --stack-name my-stack --template-body file://template.yml 303 | ``` 304 | 305 | --- 306 | 307 | ## **🚀 Intermediate-Level Infrastructure as Code (IaC) Questions (21-40)** 308 | 309 | #### *(Terraform, Ansible, CloudFormation)* 310 | 311 | --- 312 | 313 | ### **Terraform Questions** 314 | 315 | ### **21. What is the difference between Terraform `local` and `remote` state?** 316 | 317 | **Answer:** 318 | Terraform state can be stored **locally** (on disk) or **remotely** (in S3, Consul, etc.). 319 | 320 | | Storage | Pros | Cons | 321 | |---------|------|------| 322 | | **Local State** (`terraform.tfstate`) | Fast, simple | Not suitable for teams | 323 | | **Remote State** (S3, etc.) | Shared, secure | Slightly slower | 324 | 325 | Example remote state (S3 backend): 326 | 327 | ```hcl 328 | terraform { 329 | backend "s3" { 330 | bucket = "my-terraform-state" 331 | key = "prod/terraform.tfstate" 332 | region = "us-east-1" 333 | } 334 | } 335 | ``` 336 | 337 | --- 338 | 339 | ### **22. How do you handle secrets in Terraform?** 340 | 341 | **Answer:** 342 | Avoid hardcoding secrets in `.tf` files: 343 | ✅ Use **environment variables** 344 | ✅ Use **Terraform Vault Provider** 345 | ✅ Store secrets in **AWS Secrets Manager** 346 | 347 | Example using environment variables: 348 | 349 | ```sh 350 | export TF_VAR_db_password="mypassword" 351 | ``` 352 | 353 | --- 354 | 355 | ### **23. What is Terraform Locking, and why is it important?** 356 | 357 | **Answer:** 358 | Terraform uses **state locking** to prevent simultaneous updates by multiple users. 359 | 360 | - **Enabled automatically** for remote state backends (e.g., S3 + DynamoDB). 361 | 362 | Example (DynamoDB locking): 363 | 364 | ```hcl 365 | backend "s3" { 366 | bucket = "my-terraform-bucket" 367 | dynamodb_table = "terraform-lock" 368 | } 369 | ``` 370 | 371 | --- 372 | 373 | ### **24. What is Terraform Workspaces?** 374 | 375 | **Answer:** 376 | Terraform **Workspaces** allow managing multiple environments within a single configuration. 377 | 378 | ```sh 379 | terraform workspace new dev 380 | terraform workspace select dev 381 | ``` 382 | 383 | --- 384 | 385 | ### **25. How do you create reusable Terraform modules?** 386 | 387 | **Answer:** 388 | Modules help organize and reuse code. 389 | 390 | Example (`modules/network/main.tf`): 391 | 392 | ```hcl 393 | variable "vpc_cidr" {} 394 | 395 | resource "aws_vpc" "main" { 396 | cidr_block = var.vpc_cidr 397 | } 398 | ``` 399 | 400 | Usage: 401 | 402 | ```hcl 403 | module "vpc" { 404 | source = "./modules/network" 405 | vpc_cidr = "10.0.0.0/16" 406 | } 407 | ``` 408 | 409 | --- 410 | 411 | ### **26. What is Terraform Cloud and Terraform Enterprise?** 412 | 413 | **Answer:** 414 | 415 | | Feature | Terraform Cloud | Terraform Enterprise | 416 | |---------|----------------|----------------------| 417 | | **Type** | SaaS | Self-hosted | 418 | | **Use Case** | Collaboration, remote state | Large enterprises | 419 | | **Extras** | Remote execution, VCS integration | Advanced security & governance | 420 | 421 | --- 422 | 423 | ### **27. How does Terraform handle drift detection?** 424 | 425 | **Answer:** 426 | Terraform detects drift by running: 427 | 428 | ```sh 429 | terraform plan 430 | ``` 431 | 432 | Drift occurs when **actual infrastructure** changes outside Terraform’s control. 433 | 434 | --- 435 | 436 | ### **28. How do you use `count` and `for_each` in Terraform?** 437 | 438 | **Answer:** 439 | 440 | - `count` is used for **simple lists**. 441 | - `for_each` is used for **maps or sets**. 442 | 443 | Example (`count`): 444 | 445 | ```hcl 446 | resource "aws_instance" "web" { 447 | count = 3 448 | ami = "ami-12345678" 449 | } 450 | ``` 451 | 452 | Example (`for_each`): 453 | 454 | ```hcl 455 | resource "aws_s3_bucket" "buckets" { 456 | for_each = toset(["dev", "prod"]) 457 | bucket = "my-app-${each.value}" 458 | } 459 | ``` 460 | 461 | --- 462 | 463 | ### **Ansible Questions** 464 | 465 | ### **29. How do you use Ansible variables?** 466 | 467 | **Answer:** 468 | Variables can be defined in: 469 | ✅ Playbooks (`vars:`) 470 | ✅ Inventory (`host_vars`, `group_vars`) 471 | ✅ Command-line (`-e` flag) 472 | 473 | Example: 474 | 475 | ```yaml 476 | - hosts: web 477 | vars: 478 | app_port: 8080 479 | tasks: 480 | - debug: msg="App runs on port {{ app_port }}" 481 | ``` 482 | 483 | --- 484 | 485 | ### **30. What are Ansible Facts?** 486 | 487 | **Answer:** 488 | Facts are **system information** collected automatically. 489 | 490 | Example: 491 | 492 | ```sh 493 | ansible all -m setup 494 | ``` 495 | 496 | --- 497 | 498 | ### **31. What is the purpose of Ansible Handlers?** 499 | 500 | **Answer:** 501 | Handlers run **only when notified**. 502 | 503 | Example: 504 | 505 | ```yaml 506 | - name: Install Nginx 507 | apt: 508 | name: nginx 509 | notify: Restart Nginx 510 | 511 | - name: Restart Nginx 512 | service: 513 | name: nginx 514 | state: restarted 515 | listen: Restart Nginx 516 | ``` 517 | 518 | --- 519 | 520 | ### **32. How does Ansible manage dependencies?** 521 | 522 | **Answer:** 523 | Ansible Roles handle dependencies using `meta/main.yml`. 524 | 525 | Example: 526 | 527 | ```yaml 528 | dependencies: 529 | - role: common 530 | ``` 531 | 532 | --- 533 | 534 | ### **33. What is the difference between `command` and `shell` modules in Ansible?** 535 | 536 | **Answer:** 537 | 538 | | Module | When to Use | Example | 539 | |--------|------------|---------| 540 | | `command` | Runs a command without shell features | `ansible all -m command -a "ls"` | 541 | | `shell` | Runs commands with shell features (`|`,`&&`) | `ansible all -m shell -a "echo hello | tee file.txt"` | 542 | 543 | --- 544 | 545 | ### **34. What is Ansible Dynamic Inventory?** 546 | 547 | **Answer:** 548 | Dynamic Inventory **fetches live host lists** from AWS, Azure, GCP. 549 | 550 | Example for AWS: 551 | 552 | ```sh 553 | ansible-inventory --list -i aws_ec2.yml 554 | ``` 555 | 556 | --- 557 | 558 | ## **CloudFormation Questions** 559 | 560 | ### **35. What are the main components of AWS CloudFormation?** 561 | 562 | **Answer:** 563 | 564 | | Component | Description | 565 | |-----------|------------| 566 | | **Templates** | Defines resources in YAML/JSON | 567 | | **Stacks** | Collection of AWS resources | 568 | | **StackSets** | Deploy stacks across multiple accounts | 569 | 570 | --- 571 | 572 | ### **36. How do you update a CloudFormation stack?** 573 | 574 | **Answer:** 575 | Use: 576 | 577 | ```sh 578 | aws cloudformation update-stack --stack-name my-stack --template-body file://template.yml 579 | ``` 580 | 581 | --- 582 | 583 | ### **37. What is the difference between `DependsOn` and `CreationPolicy` in CloudFormation?** 584 | 585 | **Answer:** 586 | 587 | | Feature | Purpose | 588 | |---------|---------| 589 | | `DependsOn` | Ensures a resource is created before another | 590 | | `CreationPolicy` | Waits for a signal before marking as successful | 591 | 592 | Example (`DependsOn`): 593 | 594 | ```yaml 595 | Resources: 596 | WebServer: 597 | Type: AWS::EC2::Instance 598 | DependsOn: MyDB 599 | ``` 600 | 601 | --- 602 | 603 | ### **38. How do you use Conditions in CloudFormation?** 604 | 605 | **Answer:** 606 | Conditions allow resources to be created based on parameters. 607 | 608 | Example: 609 | 610 | ```yaml 611 | Conditions: 612 | IsProd: !Equals [!Ref EnvType, "Prod"] 613 | Resources: 614 | MyBucket: 615 | Type: AWS::S3::Bucket 616 | Condition: IsProd 617 | ``` 618 | 619 | --- 620 | 621 | ### **39. What is AWS CloudFormation Drift Detection?** 622 | 623 | **Answer:** 624 | Detects **manual changes** to resources outside CloudFormation. 625 | 626 | Run drift check: 627 | 628 | ```sh 629 | aws cloudformation detect-stack-drift --stack-name my-stack 630 | ``` 631 | 632 | --- 633 | 634 | ### **40. What are Intrinsic Functions in CloudFormation?** 635 | 636 | **Answer:** 637 | Intrinsic functions **dynamically reference values**. 638 | 639 | Example (`!Sub` for string interpolation): 640 | 641 | ```yaml 642 | Resources: 643 | MyBucket: 644 | Type: AWS::S3::Bucket 645 | Properties: 646 | BucketName: !Sub "${AWS::AccountId}-my-bucket" 647 | ``` 648 | 649 | --- 650 | 651 | ## **🚀 Advanced-Level Infrastructure as Code (IaC) Questions (41-60)** 652 | 653 | #### *(Terraform, Ansible, CloudFormation)* 654 | 655 | --- 656 | 657 | ### **Terraform Questions** 658 | 659 | ### **41. How do you implement CI/CD pipelines with Terraform?** 660 | 661 | **Answer:** 662 | Terraform can be integrated into CI/CD pipelines using **GitHub Actions, GitLab CI, or Jenkins**. 663 | ✅ **Linting & Validation:** `terraform fmt`, `terraform validate` 664 | ✅ **Planning:** `terraform plan -out=tfplan` 665 | ✅ **Apply Changes:** `terraform apply tfplan` 666 | 667 | Example GitHub Actions workflow: 668 | 669 | ```yaml 670 | jobs: 671 | terraform: 672 | runs-on: ubuntu-latest 673 | steps: 674 | - name: Checkout code 675 | uses: actions/checkout@v2 676 | - name: Setup Terraform 677 | uses: hashicorp/setup-terraform@v1 678 | - name: Terraform Init 679 | run: terraform init 680 | - name: Terraform Plan 681 | run: terraform plan -out=tfplan 682 | - name: Terraform Apply 683 | run: terraform apply tfplan 684 | ``` 685 | 686 | --- 687 | 688 | ### **42. What are Terraform Data Sources?** 689 | 690 | **Answer:** 691 | Data sources allow Terraform to **query external resources** without managing them. 692 | 693 | Example: 694 | 695 | ```hcl 696 | data "aws_vpc" "existing_vpc" { 697 | filter { 698 | name = "tag:Name" 699 | values = ["my-vpc"] 700 | } 701 | } 702 | ``` 703 | 704 | --- 705 | 706 | ### **43. How do you manage Terraform module versions?** 707 | 708 | **Answer:** 709 | Use version constraints in `source`. 710 | 711 | Example (`versions.tf`): 712 | 713 | ```hcl 714 | module "vpc" { 715 | source = "terraform-aws-modules/vpc/aws" 716 | version = "3.5.0" 717 | } 718 | ``` 719 | 720 | --- 721 | 722 | ### **44. How does Terraform handle circular dependencies?** 723 | 724 | **Answer:** 725 | Terraform detects and prevents **circular dependencies** by analyzing the **DAG (Directed Acyclic Graph)**. 726 | Solution: 727 | ✅ **Use `depends_on`** explicitly 728 | ✅ **Refactor resources** 729 | 730 | Example: 731 | 732 | ```hcl 733 | resource "aws_instance" "web" { 734 | depends_on = [aws_s3_bucket.logs] 735 | } 736 | ``` 737 | 738 | --- 739 | 740 | ### **45. What are Terraform `locals` and `output` variables?** 741 | 742 | **Answer:** 743 | 744 | - `locals`: Store **temporary values** 745 | - `output`: Expose values after deployment 746 | 747 | Example: 748 | 749 | ```hcl 750 | locals { 751 | env_name = "dev" 752 | } 753 | 754 | output "instance_ip" { 755 | value = aws_instance.web.public_ip 756 | } 757 | ``` 758 | 759 | --- 760 | 761 | ### **46. What is a Terraform Sentinel Policy?** 762 | 763 | **Answer:** 764 | Sentinel is a **policy-as-code framework** that enforces compliance. 765 | 766 | Example policy (`enforce_cost.sentinel`): 767 | 768 | ```hcl 769 | import "tfplan" 770 | 771 | main = rule { tfplan.cost_estimate.total_monthly_cost < 500 } 772 | ``` 773 | 774 | --- 775 | 776 | ### **47. How do you roll back changes in Terraform?** 777 | 778 | **Answer:** 779 | 780 | - **Option 1:** Use version control (`git revert`) 781 | - **Option 2:** Manually restore the previous state 782 | - **Option 3:** Import last known working state: 783 | 784 | ```sh 785 | terraform apply "tfstate-previous.json" 786 | ``` 787 | 788 | --- 789 | 790 | ### **48. What is Terraform Refresh?** 791 | 792 | **Answer:** 793 | `terraform refresh` updates the state file **without modifying resources**. 794 | 795 | ```sh 796 | terraform refresh 797 | ``` 798 | 799 | --- 800 | 801 | ### **49. How do you enforce security best practices in Terraform?** 802 | 803 | **Answer:** 804 | ✅ Use **IAM least privilege** for Terraform executions 805 | ✅ Store **state files securely** (S3 + DynamoDB) 806 | ✅ Run **security scans** with tools like **tfsec** 807 | 808 | Example: 809 | 810 | ```sh 811 | tfsec . 812 | ``` 813 | 814 | --- 815 | 816 | ### **50. How does Terraform manage multi-cloud environments?** 817 | 818 | **Answer:** 819 | By using **multiple providers** in a single configuration. 820 | 821 | Example (AWS + Azure): 822 | 823 | ```hcl 824 | provider "aws" { 825 | region = "us-east-1" 826 | } 827 | 828 | provider "azurerm" { 829 | features {} 830 | } 831 | ``` 832 | 833 | --- 834 | 835 | ### **Ansible Questions** 836 | 837 | ### **51. How do you test Ansible Playbooks before applying them?** 838 | 839 | **Answer:** 840 | ✅ Use `ansible-lint` for syntax validation 841 | ✅ Use **Molecule** for testing 842 | 843 | Example: 844 | 845 | ```sh 846 | molecule test 847 | ``` 848 | 849 | --- 850 | 851 | ### **52. How do you handle error handling in Ansible?** 852 | 853 | **Answer:** 854 | Use `ignore_errors: yes` or `rescue` blocks. 855 | 856 | Example: 857 | 858 | ```yaml 859 | tasks: 860 | - name: Try to restart service 861 | service: 862 | name: nginx 863 | state: restarted 864 | ignore_errors: yes 865 | ``` 866 | 867 | --- 868 | 869 | ### **53. How do you implement Ansible Vault in CI/CD?** 870 | 871 | **Answer:** 872 | Use environment variables to decrypt secrets. 873 | 874 | Example: 875 | 876 | ```sh 877 | ANSIBLE_VAULT_PASSWORD="myvaultpassword" ansible-playbook deploy.yml 878 | ``` 879 | 880 | --- 881 | 882 | ### **54. How does Ansible integrate with Kubernetes?** 883 | 884 | **Answer:** 885 | ✅ Use the **k8s module** 886 | ✅ Define Kubernetes manifests in YAML 887 | 888 | Example: 889 | 890 | ```yaml 891 | - name: Deploy to Kubernetes 892 | k8s: 893 | state: present 894 | definition: "{{ lookup('file', 'deployment.yml') }}" 895 | ``` 896 | 897 | --- 898 | 899 | ### **55. How do you ensure Ansible Playbooks are idempotent?** 900 | 901 | **Answer:** 902 | ✅ Always use `state: present` 903 | ✅ Run playbooks multiple times to check consistency 904 | 905 | Example: 906 | 907 | ```yaml 908 | - name: Ensure Nginx is installed 909 | apt: 910 | name: nginx 911 | state: present 912 | ``` 913 | 914 | --- 915 | 916 | ### **CloudFormation Questions** 917 | 918 | ### **56. How do you modularize CloudFormation templates?** 919 | 920 | **Answer:** 921 | ✅ Use **Nested Stacks** 922 | ✅ Use `AWS::CloudFormation::Stack` 923 | 924 | Example: 925 | 926 | ```yaml 927 | Resources: 928 | MyNetworkStack: 929 | Type: AWS::CloudFormation::Stack 930 | Properties: 931 | TemplateURL: "https://s3.amazonaws.com/my-bucket/network.yml" 932 | ``` 933 | 934 | --- 935 | 936 | ### **57. How do you manage parameter changes in CloudFormation?** 937 | 938 | **Answer:** 939 | Use the `--parameters` flag during updates. 940 | 941 | Example: 942 | 943 | ```sh 944 | aws cloudformation update-stack --stack-name my-stack \ 945 | --parameters ParameterKey=InstanceType,ParameterValue=t2.large 946 | ``` 947 | 948 | --- 949 | 950 | ### **58. How do you handle stateful resources in CloudFormation?** 951 | 952 | **Answer:** 953 | ✅ Use **Stack Policies** to prevent deletions 954 | ✅ Enable **RetainPolicy** for S3, RDS 955 | 956 | Example: 957 | 958 | ```yaml 959 | Resources: 960 | MyBucket: 961 | Type: AWS::S3::Bucket 962 | DeletionPolicy: Retain 963 | ``` 964 | 965 | --- 966 | 967 | ### **59. What is AWS CloudFormation Stack Policy?** 968 | 969 | **Answer:** 970 | A Stack Policy **prevents accidental updates or deletions**. 971 | 972 | Example: 973 | 974 | ```json 975 | { 976 | "Statement": [ 977 | { 978 | "Effect": "Deny", 979 | "Action": "Update:Delete", 980 | "Principal": "*", 981 | "Resource": "*" 982 | } 983 | ] 984 | } 985 | ``` 986 | 987 | --- 988 | 989 | ### **60. How do you debug CloudFormation failures?** 990 | 991 | **Answer:** 992 | ✅ Check the **CloudFormation console** 993 | ✅ Use `aws cloudformation describe-stack-events` 994 | ✅ Enable **rollback debugging** 995 | 996 | Example: 997 | 998 | ```sh 999 | aws cloudformation describe-stack-events --stack-name my-stack 1000 | ``` 1001 | 1002 | --- 1003 | 1004 | ## **📢 Contribute & Stay Updated** 1005 | 1006 | 💡 **Want to contribute?** 1007 | We **welcome contributions!** If you have insights, new tools, or improvements, feel free to submit a **pull request**. 1008 | 1009 | 📌 **How to Contribute?** 1010 | 1011 | - Read the **[CONTRIBUTING.md](https://github.com/NotHarshhaa/DevOps-Interview-Questions/blob/master/CONTRIBUTING.md)** guide. 1012 | - Fix errors, add missing topics, or suggest improvements. 1013 | - Submit a **pull request** with your updates. 1014 | 1015 | 📢 **Stay Updated:** 1016 | ⭐ **Star the repository** to get notified about new updates and additions. 1017 | 💬 **Join discussions** in **[GitHub Issues](https://github.com/NotHarshhaa/DevOps-Interview-Questions/issues)** to suggest improvements. 1018 | 1019 | --- 1020 | 1021 | ## **🌍 Community & Support** 1022 | 1023 | 🔗 **GitHub:** [@NotHarshhaa](https://github.com/NotHarshhaa) 1024 | 📝 **Blog:** [ProDevOpsGuy](https://blog.prodevopsguy.xyz) 1025 | 💬 **Telegram Community:** [Join Here](https://t.me/prodevopsguy) 1026 | 1027 | ![Follow Me](https://imgur.com/2j7GSPs.png) 1028 | -------------------------------------------------------------------------------- /mock-interviews/README.md: -------------------------------------------------------------------------------- 1 | # DevOps Mock Interview Questions and Answers 2 | 3 | ## **Beginner-Level (1-20) Questions with Solutions** 4 | 5 | ### **1. What is DevOps, and why is it important?** 6 | 7 | #### **Answer:** 8 | 9 | DevOps is a **set of practices** that combines **software development (Dev)** and **IT operations (Ops)** to shorten the **software development lifecycle (SDLC)** while ensuring **high quality and reliability**. 10 | 11 | ### **2. How does DevOps differ from traditional IT operations?** 12 | 13 | #### **Answer:** 14 | 15 | | **Aspect** | **Traditional IT Operations** | **DevOps** | 16 | |-----------------|------------------------------|------------| 17 | | Development & Operations | Separate teams | Integrated teams | 18 | | Deployment Frequency | Weeks/Months | Daily/Weekly | 19 | | Automation | Limited | Extensive (CI/CD, IaC) | 20 | | Collaboration | Siloed | Cross-functional | 21 | | Feedback Loop | Slow | Fast (Continuous Monitoring) | 22 | 23 | ### **3. What are the key principles of DevOps?** 24 | 25 | #### **Answer:** 26 | 27 | 1. **Collaboration** – Breaking silos between Dev & Ops 28 | 2. **Automation** – CI/CD, Infrastructure as Code (IaC) 29 | 3. **Continuous Integration & Continuous Deployment (CI/CD)** 30 | 4. **Monitoring & Logging** – Observability, real-time feedback 31 | 5. **Security (DevSecOps)** – Security integrated into SDLC 32 | 33 | ### **4. Explain the DevOps lifecycle.** 34 | 35 | #### **Answer:** 36 | 37 | 1. **Plan** – Jira, Trello 38 | 2. **Develop** – Git, GitHub 39 | 3. **Build** – Maven, Gradle 40 | 4. **Test** – Selenium, JUnit 41 | 5. **Release** – GitHub Actions, Jenkins 42 | 6. **Deploy** – Kubernetes, Docker 43 | 7. **Monitor** – Prometheus, Grafana 44 | 45 | ### **5. What are some common DevOps tools?** 46 | 47 | #### **Answer:** 48 | 49 | - **CI/CD**: Jenkins, GitHub Actions, GitLab CI 50 | - **Configuration Management**: Ansible, Puppet 51 | - **Containerization**: Docker, Kubernetes 52 | - **Monitoring & Logging**: Prometheus, Grafana, ELK Stack 53 | 54 | ### **6. What is CI/CD, and how does it work?** 55 | 56 | #### **Answer:** 57 | 58 | CI/CD is a DevOps practice that automates code integration, testing, and deployment. 59 | 60 | - **Continuous Integration (CI)** – Automates code merging & testing. 61 | - **Continuous Deployment (CD)** – Automates production releases. 62 | 63 | ### **7. Explain the difference between Continuous Deployment and Continuous Delivery.** 64 | 65 | #### **Answer:** 66 | 67 | | **Aspect** | **Continuous Delivery** | **Continuous Deployment** | 68 | |---------------|------------------------|--------------------------| 69 | | Automation | Deployments require manual approval | Fully automated deployments | 70 | | Risk | Lower risk, manual control | Higher automation, requires testing reliability | 71 | 72 | ### **8. What is version control, and why is Git used in DevOps?** 73 | 74 | #### **Answer:** 75 | 76 | Version control tracks code changes, allowing collaboration. Git is widely used because of: 77 | 78 | - **Branching & Merging** – Parallel development 79 | - **Distributed Version Control** – No central dependency 80 | 81 | ### **9. What is Infrastructure as Code (IaC)?** 82 | 83 | #### **Answer:** 84 | 85 | IaC automates infrastructure provisioning using code. Example: **Terraform, Ansible, CloudFormation**. 86 | 87 | ### **10. How does a DevOps engineer handle configuration management?** 88 | 89 | #### **Answer:** 90 | 91 | Using **Ansible, Puppet, Chef**, engineers automate configuration setup, ensuring consistency. 92 | 93 | ### **11. What is a container, and how does Docker help DevOps?** 94 | 95 | #### **Answer:** 96 | 97 | A container packages an app with dependencies, ensuring it runs identically anywhere. Docker simplifies container management. 98 | 99 | ### **12. Explain Kubernetes and why it’s used in DevOps.** 100 | 101 | #### **Answer:** 102 | 103 | Kubernetes orchestrates containers, automating deployment, scaling, and networking. 104 | 105 | ### **13. What is a microservices architecture?** 106 | 107 | #### **Answer:** 108 | 109 | Microservices break apps into independent, loosely coupled services for scalability and agility. 110 | 111 | ### **14. What is a reverse proxy, and why use Nginx in DevOps?** 112 | 113 | #### **Answer:** 114 | 115 | A reverse proxy (e.g., **Nginx**) balances traffic, improves security, and caches content. 116 | 117 | ### **15. How do you monitor system performance in DevOps?** 118 | 119 | #### **Answer:** 120 | 121 | Using tools like **Prometheus, Grafana, ELK Stack** to track logs, metrics, and alerts. 122 | 123 | ### **16. What is the purpose of logging in DevOps?** 124 | 125 | #### **Answer:** 126 | 127 | Logging helps capture system and application events, allowing developers and operations teams to diagnose issues and improve performance. 128 | 129 | - **Tools**: ELK Stack, Loki, Splunk 130 | 131 | ### **17. What are environment variables, and why are they important in DevOps?** 132 | 133 | #### **Answer:** 134 | 135 | Environment variables store configuration settings (e.g., API keys, DB credentials). They help manage different environments (Dev, QA, Production) without modifying code. 136 | 137 | ### **18. What is a load balancer, and why is it used?** 138 | 139 | #### **Answer:** 140 | 141 | A **load balancer** distributes traffic across multiple servers to improve availability, reliability, and performance. 142 | 143 | - **Example**: Nginx, AWS ELB 144 | 145 | ### **19. What is a service discovery mechanism in microservices?** 146 | 147 | #### **Answer:** 148 | 149 | Service discovery helps microservices locate and communicate with each other dynamically. 150 | 151 | - **Examples**: Consul, Eureka, Kubernetes Service Discovery 152 | 153 | ### **20. How do you implement error handling in a CI/CD pipeline?** 154 | 155 | #### **Answer:** 156 | 157 | 1. **Automated Testing** – Detects issues early 158 | 2. **Logging & Monitoring** – Alerts and logs errors 159 | 3. **Rollback Strategy** – Deploys a stable version if errors occur 160 | 161 | --- 162 | 163 | ## **Intermediate-Level (21-40) Questions with Solutions** 164 | 165 | ### **21. Explain the difference between Docker and Kubernetes.** 166 | 167 | #### **Answer:** 168 | 169 | | **Feature** | **Docker** | **Kubernetes** | 170 | |--------------|--------------------------------|--------------| 171 | | Purpose | Containerization tool | Orchestration of containers | 172 | | Deployment | Single-node containers | Multi-node cluster management | 173 | | Scaling | Manual scaling | Auto-scaling | 174 | 175 | ### **22. What is Blue-Green Deployment?** 176 | 177 | #### **Answer:** 178 | 179 | A strategy where two environments (Blue & Green) exist: 180 | 181 | - **Blue** – Active 182 | - **Green** – Staging (new version) 183 | Switching traffic to Green reduces downtime. 184 | 185 | ### **23. How does Terraform differ from Ansible?** 186 | 187 | #### **Answer:** 188 | 189 | - **Terraform**: Declarative, cloud provisioning 190 | - **Ansible**: Configuration management, procedural 191 | 192 | ### **24. What is Canary Deployment?** 193 | 194 | #### **Answer:** 195 | 196 | A small subset of users receives the new update before a full rollout. 197 | 198 | ### **25. What are Helm charts in Kubernetes?** 199 | 200 | #### **Answer:** 201 | 202 | Helm automates Kubernetes app deployment using **predefined templates**. 203 | 204 | ### **26. What is a rolling update in Kubernetes?** 205 | 206 | #### **Answer:** 207 | 208 | A **rolling update** gradually replaces old pods with new ones without downtime. 209 | 210 | ### **27. How do you handle secrets securely in a DevOps pipeline?** 211 | 212 | #### **Answer:** 213 | 214 | 1. **HashiCorp Vault** 215 | 2. **AWS Secrets Manager** 216 | 3. **Kubernetes Secrets** 217 | 218 | ### **28. What is an immutable infrastructure?** 219 | 220 | #### **Answer:** 221 | 222 | Infrastructure where components are **never modified** after deployment, reducing configuration drift. 223 | 224 | ### **29. What are the different types of Kubernetes services?** 225 | 226 | #### **Answer:** 227 | 228 | 1. **ClusterIP** – Internal communication 229 | 2. **NodePort** – Exposes a service on a port 230 | 3. **LoadBalancer** – External traffic balancing 231 | 232 | ### **30. How does Prometheus monitor Kubernetes clusters?** 233 | 234 | #### **Answer:** 235 | 236 | - Uses **exporters** to collect metrics 237 | - **Stores time-series data** 238 | - **Alerts on anomalies** via Alertmanager 239 | 240 | ### **31. What is the difference between monolithic and microservices architectures?** 241 | 242 | #### **Answer:** 243 | 244 | | **Aspect** | **Monolithic** | **Microservices** | 245 | |-------------|--------------|------------------| 246 | | Scalability | Harder | Easier | 247 | | Deployment | Single unit | Independent services | 248 | | Maintenance | Complex | Easier | 249 | 250 | ### **32. How does Ansible differ from Chef and Puppet?** 251 | 252 | #### **Answer:** 253 | 254 | - **Ansible** – Agentless, YAML-based, simple 255 | - **Chef/Puppet** – Require agents, more complex 256 | 257 | ### **33. How do you ensure high availability in a cloud environment?** 258 | 259 | #### **Answer:** 260 | 261 | 1. **Multi-AZ Deployments** 262 | 2. **Load Balancing** 263 | 3. **Auto Scaling** 264 | 265 | ### **34. How do you handle stateful applications in Kubernetes?** 266 | 267 | #### **Answer:** 268 | 269 | Using **StatefulSets**, **Persistent Volumes**, and **Storage Classes**. 270 | 271 | ### **35. What is a sidecar container pattern in Kubernetes?** 272 | 273 | #### **Answer:** 274 | 275 | A sidecar runs alongside the main app container to handle **logging, monitoring, or proxying**. 276 | 277 | ### **36. How do you implement security in a CI/CD pipeline?** 278 | 279 | #### **Answer:** 280 | 281 | 1. **Static Code Analysis (SAST)** 282 | 2. **Container Scanning** 283 | 3. **Dependency Scanning** 284 | 285 | ### **37. What is the concept of "Shift Left" in DevOps security?** 286 | 287 | #### **Answer:** 288 | 289 | "Shift Left" integrates security **earlier in the development cycle**, reducing vulnerabilities. 290 | 291 | ### **38. What is a Kubernetes DaemonSet?** 292 | 293 | #### **Answer:** 294 | 295 | A **DaemonSet** ensures that a pod runs on every node. 296 | 297 | ### **39. What is the difference between proactive and reactive monitoring?** 298 | 299 | #### **Answer:** 300 | 301 | - **Proactive** – Prevents issues (threshold-based alerts) 302 | - **Reactive** – Responds to issues (post-failure logs) 303 | 304 | ### **40. What is the role of service mesh in Kubernetes?** 305 | 306 | #### **Answer:** 307 | 308 | A **service mesh** (e.g., Istio) manages service-to-service communication, security, and monitoring. 309 | 310 | --- 311 | 312 | ## **Advanced-Level (41-60) Questions with Solutions** 313 | 314 | ### **41. How do you secure a Kubernetes cluster?** 315 | 316 | #### **Answer:** 317 | 318 | 1. **RBAC (Role-Based Access Control)** 319 | 2. **Network Policies** 320 | 3. **Secrets Management** 321 | 322 | ### **42. How would you handle a production failure in a CI/CD pipeline?** 323 | 324 | #### **Answer:** 325 | 326 | 1. **Identify the failure** (logs, monitoring tools) 327 | 2. **Rollback the last stable version** 328 | 3. **Fix and test the issue** 329 | 4. **Redeploy the fixed version** 330 | 5. **Post-mortem analysis** 331 | 332 | ### **43. What is GitOps, and how does it work?** 333 | 334 | #### **Answer:** 335 | 336 | GitOps automates infrastructure and app deployment using Git as the **single source of truth**. 337 | 338 | ### **44. How do you monitor microservices?** 339 | 340 | #### **Answer:** 341 | 342 | 1. **Distributed Tracing (Jaeger, Zipkin)** 343 | 2. **Centralized Logging (ELK, Loki)** 344 | 3. **Metrics (Prometheus, Grafana)** 345 | 346 | ### **45. How does service mesh improve microservices security?** 347 | 348 | #### **Answer:** 349 | 350 | A service mesh (e.g., Istio) provides: 351 | 352 | - **mTLS (Mutual TLS)** 353 | - **Traffic control & observability** 354 | 355 | ### **46. What is Open Policy Agent (OPA)?** 356 | 357 | #### **Answer:** 358 | 359 | OPA enforces security policies in cloud environments. 360 | 361 | ### **47. How do you manage secrets in Kubernetes?** 362 | 363 | #### **Answer:** 364 | 365 | 1. **Kubernetes Secrets** 366 | 2. **Vault by HashiCorp** 367 | 3. **AWS Secrets Manager** 368 | 369 | ### **48. How do you optimize Kubernetes performance?** 370 | 371 | #### **Answer:** 372 | 373 | 1. **Pod Auto-scaling (HPA, VPA)** 374 | 2. **Resource Limits & Requests** 375 | 3. **Efficient Networking** 376 | 377 | ### **49. How do you ensure compliance in DevOps pipelines?** 378 | 379 | #### **Answer:** 380 | 381 | 1. **Automated Policy Enforcement (OPA, Kyverno)** 382 | 2. **Audit Logging** 383 | 3. **Access Control & Role-Based Permissions** 384 | 385 | ### **50. What is Chaos Engineering, and why is it used?** 386 | 387 | #### **Answer:** 388 | 389 | **Chaos Engineering** tests system resilience by simulating failures (e.g., Chaos Monkey). 390 | 391 | ### **51. How do you implement zero-downtime deployments?** 392 | 393 | #### **Answer:** 394 | 395 | 1. **Blue-Green Deployments** 396 | 2. **Canary Releases** 397 | 3. **Rolling Updates** 398 | 399 | ### **52. What are the best practices for managing multi-cloud infrastructure?** 400 | 401 | #### **Answer:** 402 | 403 | 1. **Use a common IaC tool (Terraform)** 404 | 2. **Standardized security policies** 405 | 3. **Cross-cloud monitoring** 406 | 407 | ### **53. How do you secure container images?** 408 | 409 | #### **Answer:** 410 | 411 | 1. **Use minimal base images (Alpine, Distroless)** 412 | 2. **Scan images for vulnerabilities (Trivy, Clair)** 413 | 414 | ### **54. How do you manage Kubernetes upgrades with zero downtime?** 415 | 416 | #### **Answer:** 417 | 418 | 1. **Rolling Updates** 419 | 2. **Node Drain & Replace** 420 | 3. **Backup & Disaster Recovery Plan** 421 | 422 | ### **55. What is Policy as Code (PaC)?** 423 | 424 | #### **Answer:** 425 | 426 | PaC enforces policies using **code-driven automation** (e.g., Open Policy Agent). 427 | 428 | ### **56. How do you debug failed Kubernetes deployments?** 429 | 430 | #### **Answer:** 431 | 432 | 1. **kubectl describe pod ** 433 | 2. **kubectl logs ** 434 | 3. **kubectl get events** 435 | 436 | ### **57. How does eBPF enhance observability in Kubernetes?** 437 | 438 | #### **Answer:** 439 | 440 | **eBPF (Extended Berkeley Packet Filter)** runs sandboxed programs inside the Linux kernel for deep observability. 441 | 442 | ### **58. How do you handle disaster recovery in Kubernetes?** 443 | 444 | #### **Answer:** 445 | 446 | 1. **Backup etcd** 447 | 2. **Cluster snapshots** 448 | 3. **Multi-region deployments** 449 | 450 | ### **59. What is progressive delivery, and how does it differ from traditional deployments?** 451 | 452 | #### **Answer:** 453 | 454 | Progressive delivery deploys updates gradually using techniques like **feature flags and A/B testing**. 455 | 456 | ### **60. What are Kubernetes operators, and why are they useful?** 457 | 458 | #### **Answer:** 459 | 460 | Kubernetes **Operators** automate complex application deployment and lifecycle management. 461 | 462 | --- 463 | 464 | ## **📢 Contribute & Stay Updated** 465 | 466 | 💡 **Want to contribute?** 467 | We **welcome contributions!** If you have insights, new tools, or improvements, feel free to submit a **pull request**. 468 | 469 | 📌 **How to Contribute?** 470 | 471 | - Read the **[CONTRIBUTING.md](https://github.com/NotHarshhaa/DevOps-Interview-Questions/blob/master/CONTRIBUTING.md)** guide. 472 | - Fix errors, add missing topics, or suggest improvements. 473 | - Submit a **pull request** with your updates. 474 | 475 | 📢 **Stay Updated:** 476 | ⭐ **Star the repository** to get notified about new updates and additions. 477 | 💬 **Join discussions** in **[GitHub Issues](https://github.com/NotHarshhaa/DevOps-Interview-Questions/issues)** to suggest improvements. 478 | 479 | --- 480 | 481 | ## **🌍 Community & Support** 482 | 483 | 🔗 **GitHub:** [@NotHarshhaa](https://github.com/NotHarshhaa) 484 | 📝 **Blog:** [ProDevOpsGuy](https://blog.prodevopsguy.xyz) 485 | 💬 **Telegram Community:** [Join Here](https://t.me/prodevopsguy) 486 | 487 | ![Follow Me](https://imgur.com/2j7GSPs.png) 488 | -------------------------------------------------------------------------------- /monitoring-logging/README.md: -------------------------------------------------------------------------------- 1 | ## **🚀 Beginner-Level Monitoring & Logging Questions (1-20)** 2 | 3 | #### *(Prometheus, Grafana, ELK Stack)* 4 | 5 | ### **Prometheus Questions** 6 | 7 | ### **1. What is Prometheus, and why is it used?** 8 | 9 | **Answer:** 10 | Prometheus is an **open-source monitoring and alerting** system used to collect **metrics** from applications and infrastructure. It is widely used because of its **pull-based model**, **powerful query language (PromQL)**, and **time-series database** capabilities. 11 | 12 | Example Use Case: 13 | 14 | - Monitoring **CPU, memory, and network** usage 15 | - Collecting **application performance metrics** 16 | - Alerting on high error rates or latency 17 | 18 | --- 19 | 20 | ### **2. How does Prometheus collect data?** 21 | 22 | **Answer:** 23 | Prometheus **pulls metrics** from target endpoints exposed via HTTP at `/metrics`. The targets can be defined in a static configuration or discovered dynamically (e.g., Kubernetes service discovery). 24 | 25 | Example scrape configuration (`prometheus.yml`): 26 | 27 | ```yaml 28 | scrape_configs: 29 | - job_name: 'node_exporter' 30 | static_configs: 31 | - targets: ['localhost:9100'] 32 | ``` 33 | 34 | --- 35 | 36 | ### **3. What is PromQL?** 37 | 38 | **Answer:** 39 | PromQL (Prometheus Query Language) is used to **query and analyze** metrics stored in Prometheus. It enables users to create alerts, dashboards, and graphs. 40 | 41 | Example Queries: 42 | 43 | - **CPU usage:** 44 | 45 | ```promql 46 | node_cpu_seconds_total{mode="user"} / sum(node_cpu_seconds_total) * 100 47 | ``` 48 | 49 | - **Request rate:** 50 | 51 | ```promql 52 | rate(http_requests_total[5m]) 53 | ``` 54 | 55 | --- 56 | 57 | ### **4. What are Prometheus exporters?** 58 | 59 | **Answer:** 60 | Exporters are **agents** that collect and expose metrics from various applications and systems. 61 | 62 | Common Exporters: 63 | 64 | - **Node Exporter** (system metrics) 65 | - **Blackbox Exporter** (network probes) 66 | - **MySQL Exporter** (database metrics) 67 | 68 | --- 69 | 70 | ### **5. How do you set up an alert in Prometheus?** 71 | 72 | **Answer:** 73 | Alerts are configured in `alerting_rules.yml` and evaluated by the **Alertmanager**. 74 | 75 | Example Rule: 76 | 77 | ```yaml 78 | groups: 79 | - name: instance_down 80 | rules: 81 | - alert: InstanceDown 82 | expr: up == 0 83 | for: 5m 84 | labels: 85 | severity: critical 86 | annotations: 87 | description: "Instance {{ $labels.instance }} is down." 88 | ``` 89 | 90 | --- 91 | 92 | ### **Grafana Questions** 93 | 94 | ### **6. What is Grafana?** 95 | 96 | **Answer:** 97 | Grafana is an **open-source analytics and visualization** tool used to create **interactive dashboards** for monitoring data from **Prometheus, ELK, and other sources**. 98 | 99 | --- 100 | 101 | ### **7. How do you connect Grafana to Prometheus?** 102 | 103 | **Answer:** 104 | 105 | 1. **Login to Grafana** (`http://localhost:3000`). 106 | 2. Navigate to **"Configuration" → "Data Sources"**. 107 | 3. Select **Prometheus** as the data source. 108 | 4. Enter **Prometheus URL (`http://localhost:9090`)**. 109 | 5. Click **Save & Test**. 110 | 111 | --- 112 | 113 | ### **8. What are Grafana Panels?** 114 | 115 | **Answer:** 116 | Panels are **visual components** in Grafana used to display data in various formats: 117 | 118 | - **Graph Panel:** Time-series data visualization 119 | - **Single Stat Panel:** Displays a single numeric value 120 | - **Table Panel:** Tabular data display 121 | 122 | --- 123 | 124 | ### **9. How do you create alerts in Grafana?** 125 | 126 | **Answer:** 127 | 128 | 1. Select a **panel**. 129 | 2. Click **"Edit" → "Alert"**. 130 | 3. Define a condition using **PromQL queries**. 131 | 4. Set the evaluation interval (e.g., every **1m**). 132 | 5. Configure the alert notification (Slack, Email, etc.). 133 | 134 | --- 135 | 136 | ### **10. How do you configure a Grafana dashboard using JSON?** 137 | 138 | **Answer:** 139 | Export and import dashboards using JSON files. 140 | 141 | Example JSON snippet: 142 | 143 | ```json 144 | { 145 | "panels": [ 146 | { 147 | "type": "graph", 148 | "title": "CPU Usage", 149 | "targets": [ 150 | { "expr": "node_cpu_seconds_total", "format": "time_series" } 151 | ] 152 | } 153 | ] 154 | } 155 | ``` 156 | 157 | --- 158 | 159 | ### **ELK Stack Questions (Elasticsearch, Logstash, Kibana)** 160 | 161 | ### **11. What is the ELK Stack?** 162 | 163 | **Answer:** 164 | The ELK Stack consists of: 165 | 166 | - **Elasticsearch** (search and analytics engine) 167 | - **Logstash** (log processing pipeline) 168 | - **Kibana** (visualization tool) 169 | 170 | --- 171 | 172 | ### **12. What is the role of Elasticsearch in ELK?** 173 | 174 | **Answer:** 175 | Elasticsearch is a **NoSQL, distributed search engine** used to store, search, and analyze log data. 176 | 177 | --- 178 | 179 | ### **13. How does Logstash work?** 180 | 181 | **Answer:** 182 | Logstash processes logs using a **pipeline**: 183 | 184 | - **Input:** Reads logs (from files, databases, Kafka, etc.) 185 | - **Filter:** Transforms logs (parse JSON, remove sensitive data) 186 | - **Output:** Sends logs to Elasticsearch or other storage 187 | 188 | Example Logstash Configuration: 189 | 190 | ```yaml 191 | input { file { path => "/var/log/syslog" } } 192 | filter { grok { match => { "message" => "%{SYSLOGTIMESTAMP:timestamp}" } } } 193 | output { elasticsearch { hosts => ["localhost:9200"] } } 194 | ``` 195 | 196 | --- 197 | 198 | ### **14. What is Kibana used for?** 199 | 200 | **Answer:** 201 | Kibana is used to **visualize and explore log data** stored in Elasticsearch. It provides features like: 202 | 203 | - **Dashboards:** Custom data visualizations 204 | - **Discover:** Search raw logs 205 | - **Alerts:** Set up log-based alerts 206 | 207 | --- 208 | 209 | ### **15. How do you install the ELK stack?** 210 | 211 | **Answer:** 212 | Install Elasticsearch, Logstash, and Kibana: 213 | 214 | ```sh 215 | # Install Elasticsearch 216 | sudo apt install elasticsearch 217 | 218 | # Install Logstash 219 | sudo apt install logstash 220 | 221 | # Install Kibana 222 | sudo apt install kibana 223 | ``` 224 | 225 | Start services: 226 | 227 | ```sh 228 | sudo systemctl start elasticsearch logstash kibana 229 | ``` 230 | 231 | --- 232 | 233 | ### **16. What is an Index in Elasticsearch?** 234 | 235 | **Answer:** 236 | An index in Elasticsearch is like a **database table** that stores documents. 237 | 238 | Example: 239 | 240 | ```sh 241 | curl -X PUT "localhost:9200/logs" 242 | ``` 243 | 244 | --- 245 | 246 | ### **17. How do you send logs from Logstash to Elasticsearch?** 247 | 248 | **Answer:** 249 | Define an **output plugin** in Logstash configuration: 250 | 251 | ```yaml 252 | output { 253 | elasticsearch { 254 | hosts => ["http://localhost:9200"] 255 | index => "logs-%{+YYYY.MM.dd}" 256 | } 257 | } 258 | ``` 259 | 260 | --- 261 | 262 | ### **18. What is a Kibana Visualization?** 263 | 264 | **Answer:** 265 | A Kibana Visualization is a **graph, chart, or table** displaying log data. 266 | 267 | Example Visualizations: 268 | 269 | - **Bar Chart** (Logs per hour) 270 | - **Pie Chart** (Error types distribution) 271 | - **Line Chart** (CPU usage over time) 272 | 273 | --- 274 | 275 | ### **19. What is Filebeat?** 276 | 277 | **Answer:** 278 | Filebeat is a lightweight log shipper that **forwards logs to Logstash or Elasticsearch**. 279 | 280 | Example Filebeat Configuration: 281 | 282 | ```yaml 283 | filebeat.inputs: 284 | - type: log 285 | paths: 286 | - "/var/log/syslog" 287 | output.elasticsearch: 288 | hosts: ["localhost:9200"] 289 | ``` 290 | 291 | --- 292 | 293 | ### **20. What is the difference between Logstash and Filebeat?** 294 | 295 | **Answer:** 296 | 297 | - **Logstash:** Heavyweight, processes logs with complex transformations 298 | - **Filebeat:** Lightweight, only forwards logs with minimal processing 299 | 300 | --- 301 | 302 | ## **🚀 Intermediate-Level Monitoring & Logging Questions (21-40)** 303 | 304 | #### *(Prometheus, Grafana, ELK Stack)* 305 | 306 | ### **Prometheus Questions** 307 | 308 | ### **21. What is the difference between Pull and Push monitoring models?** 309 | 310 | **Answer:** 311 | 312 | - **Pull Model (Prometheus)** → The monitoring system **requests data** from targets at regular intervals. 313 | - **Push Model (StatsD, InfluxDB)** → The target system **sends data** to a central monitoring system. 314 | 315 | **Prometheus uses a pull model** because it provides better control over scraping intervals, avoids data duplication, and reduces unnecessary load on monitored systems. However, in some cases (e.g., short-lived jobs), Prometheus **Pushgateway** can be used to support push-based metrics. 316 | 317 | --- 318 | 319 | ### **22. How does Prometheus handle high-cardinality data?** 320 | 321 | **Answer:** 322 | Prometheus stores time-series data efficiently, but **high-cardinality metrics (many unique label combinations)** can cause excessive memory and storage usage. Best practices include: 323 | 324 | - **Avoid unnecessary labels** (e.g., `user_id` or `request_id`). 325 | - **Use histograms and summaries** instead of tracking individual events. 326 | - **Enable retention policies and downsampling** for old data. 327 | 328 | --- 329 | 330 | ### **23. What are Recording Rules in Prometheus?** 331 | 332 | **Answer:** 333 | Recording Rules allow precomputing and storing frequently used queries as new time-series metrics. This improves query performance. 334 | 335 | Example: 336 | 337 | ```yaml 338 | groups: 339 | - name: response_time_rules 340 | rules: 341 | - record: instance:response_time:avg 342 | expr: avg(rate(http_request_duration_seconds[5m])) 343 | ``` 344 | 345 | This stores the average request duration as `instance:response_time:avg`, making future queries faster. 346 | 347 | --- 348 | 349 | ### **24. What is Thanos, and how does it complement Prometheus?** 350 | 351 | **Answer:** 352 | Thanos extends Prometheus for **scalability, long-term storage, and high availability**. It: 353 | 354 | - **Provides deduplication** across multiple Prometheus instances. 355 | - **Enables object storage support** (e.g., S3, GCS). 356 | - **Allows querying across multiple Prometheus servers** via a single query layer. 357 | 358 | Thanos is useful in **multi-cluster environments** where Prometheus instances are spread across multiple regions or clouds. 359 | 360 | --- 361 | 362 | ### **25. How do you handle Prometheus high availability (HA)?** 363 | 364 | **Answer:** 365 | Prometheus is a single-node system by design, but HA can be achieved by: 366 | 367 | - **Running multiple Prometheus replicas** (scraping the same targets). 368 | - Using **Thanos or Cortex** for deduplication and query federation. 369 | - **Storing time-series data externally** (e.g., in S3, Bigtable). 370 | 371 | --- 372 | 373 | ### **Grafana Questions** 374 | 375 | ### **26. How do you enable authentication in Grafana?** 376 | 377 | **Answer:** 378 | Grafana supports **multiple authentication methods**: 379 | 380 | - **Basic authentication** (default). 381 | - **OAuth providers** (Google, GitHub, Azure AD, etc.). 382 | - **LDAP authentication** for enterprise use. 383 | 384 | To enable OAuth authentication, modify `grafana.ini`: 385 | 386 | ```ini 387 | [auth.github] 388 | enabled = true 389 | client_id = YOUR_CLIENT_ID 390 | client_secret = YOUR_CLIENT_SECRET 391 | ``` 392 | 393 | --- 394 | 395 | ### **27. What are Templating Variables in Grafana?** 396 | 397 | **Answer:** 398 | Templating allows users to create **dynamic dashboards** by using variables. Instead of hardcoding values, users can select values from dropdown menus. 399 | 400 | Example: 401 | 402 | ```promql 403 | rate(http_requests_total{job="$service"}[5m]) 404 | ``` 405 | 406 | Here, `$service` is a variable that can be selected from a dropdown list in Grafana. 407 | 408 | --- 409 | 410 | ### **28. How do you set up Grafana provisioning?** 411 | 412 | **Answer:** 413 | Grafana supports **automated provisioning** of dashboards and data sources using YAML configuration files. 414 | 415 | Example `datasource.yaml`: 416 | 417 | ```yaml 418 | apiVersion: 1 419 | datasources: 420 | - name: Prometheus 421 | type: prometheus 422 | url: http://prometheus:9090 423 | access: proxy 424 | ``` 425 | 426 | --- 427 | 428 | ### **29. What are Grafana Loki and Promtail?** 429 | 430 | **Answer:** 431 | 432 | - **Loki** is Grafana's log aggregation system, similar to Elasticsearch but optimized for Kubernetes and microservices. 433 | - **Promtail** is the log collection agent for **pushing logs to Loki**. 434 | 435 | Promtail collects logs from `/var/log` and forwards them to Loki. 436 | 437 | --- 438 | 439 | ### **30. How can you monitor Kubernetes with Grafana?** 440 | 441 | **Answer:** 442 | Use **kube-prometheus-stack**, which includes: 443 | 444 | - **Prometheus Operator** (for Kubernetes metrics). 445 | - **Grafana dashboards** for cluster monitoring. 446 | - **Node Exporter and Kube-State-Metrics** for detailed node/pod-level metrics. 447 | 448 | --- 449 | 450 | ### **ELK Stack Questions (Elasticsearch, Logstash, Kibana)** 451 | 452 | ### **31. What is an Elasticsearch Shard, and why is it important?** 453 | 454 | **Answer:** 455 | An Elasticsearch **shard** is a **subdivision of an index**. Each index is split into shards to allow parallel processing and redundancy. 456 | 457 | - **Primary Shards:** Store original data. 458 | - **Replica Shards:** Duplicates of primary shards for fault tolerance. 459 | 460 | Example: 461 | 462 | ```sh 463 | curl -X PUT "localhost:9200/logs?pretty" -H 'Content-Type: application/json' -d' 464 | { 465 | "settings": { "number_of_shards": 3, "number_of_replicas": 2 } 466 | }' 467 | ``` 468 | 469 | This creates an index with **3 primary and 2 replica shards**. 470 | 471 | --- 472 | 473 | ### **32. What is Index Lifecycle Management (ILM) in Elasticsearch?** 474 | 475 | **Answer:** 476 | ILM automates **index retention policies**, ensuring efficient storage use. Stages include: 477 | 478 | 1. **Hot Phase:** Frequent reads/writes. 479 | 2. **Warm Phase:** Less frequent queries. 480 | 3. **Cold Phase:** Rarely accessed data. 481 | 4. **Delete Phase:** Data deletion. 482 | 483 | ILM is useful for managing **log retention** in ELK stacks. 484 | 485 | --- 486 | 487 | ### **33. How do you configure Logstash pipelines?** 488 | 489 | **Answer:** 490 | Logstash uses a pipeline of **input → filter → output**. 491 | 492 | Example `logstash.conf`: 493 | 494 | ```yaml 495 | input { 496 | beats { 497 | port => 5044 498 | } 499 | } 500 | filter { 501 | grok { match => { "message" => "%{TIMESTAMP_ISO8601:timestamp}" } } 502 | } 503 | output { 504 | elasticsearch { hosts => ["localhost:9200"] } 505 | } 506 | ``` 507 | 508 | This pipeline processes logs from **Filebeat → Logstash → Elasticsearch**. 509 | 510 | --- 511 | 512 | ### **34. What are Kibana Canvas and Lens?** 513 | 514 | **Answer:** 515 | 516 | - **Canvas** → Used for creating custom, highly stylized reports and presentations. 517 | - **Lens** → Drag-and-drop interface for creating advanced visualizations easily. 518 | 519 | --- 520 | 521 | ### **35. How do you configure Kibana security?** 522 | 523 | **Answer:** 524 | Enable authentication in `kibana.yml`: 525 | 526 | ```yaml 527 | xpack.security.enabled: true 528 | elasticsearch.username: "kibana" 529 | elasticsearch.password: "changeme" 530 | ``` 531 | 532 | Use **role-based access control (RBAC)** to restrict access. 533 | 534 | --- 535 | 536 | ### **36. What is Beats in the ELK stack?** 537 | 538 | **Answer:** 539 | Beats are **lightweight data shippers** for sending logs, metrics, and security data to ELK. 540 | 541 | - **Filebeat:** Log shipping. 542 | - **Metricbeat:** System metrics. 543 | - **Packetbeat:** Network monitoring. 544 | 545 | --- 546 | 547 | ### **37. What is Curator in Elasticsearch?** 548 | 549 | **Answer:** 550 | Curator is a tool for **managing Elasticsearch indices**, used for deleting old indices, snapshot backups, and optimizing performance. 551 | 552 | --- 553 | 554 | ### **38. How do you integrate Prometheus and ELK Stack?** 555 | 556 | **Answer:** 557 | Use **Metricbeat** to collect system metrics and send them to **Elasticsearch**, while **Prometheus Node Exporter** collects Prometheus-compatible metrics. 558 | 559 | --- 560 | 561 | ### **39. What is a Slow Query in Elasticsearch?** 562 | 563 | **Answer:** 564 | A **slow query** is a query that takes too long to execute, often due to large data scans or missing indexes. Enable slow query logs to debug: 565 | 566 | ```sh 567 | PUT _settings 568 | { 569 | "index.search.slowlog.threshold.query.warn": "2s" 570 | } 571 | ``` 572 | 573 | --- 574 | 575 | ### **40. What is the ELK alternative to Prometheus and Grafana?** 576 | 577 | **Answer:** 578 | 579 | - **Prometheus + Grafana** → Metrics-based monitoring. 580 | - **ELK Stack (Elasticsearch, Logstash, Kibana)** → Log-based monitoring. 581 | - Alternative: **OpenTelemetry**, **Loki**, and **InfluxDB**. 582 | 583 | --- 584 | 585 | ## **🚀 Advanced-Level Monitoring & Logging Questions (41-60)** 586 | 587 | #### *(Prometheus, Grafana, ELK Stack)* 588 | 589 | --- 590 | 591 | ### **Prometheus Questions** 592 | 593 | ### **41. How do you scale Prometheus for a large environment?** 594 | 595 | **Answer:** 596 | Prometheus is a **single-node** system, so for large environments: 597 | 598 | - **Use multiple Prometheus instances** scraping different targets. 599 | - **Federation:** Create a parent Prometheus that scrapes **aggregated** metrics from child Prometheus instances. 600 | - **Remote storage:** Use **Thanos, Cortex, or Mimir** to store metrics in scalable object storage (S3, GCS). 601 | - **Sharding:** Distribute scraping targets across Prometheus instances using load balancing tools like **Kube StatefulSets**. 602 | 603 | --- 604 | 605 | ### **42. How does Prometheus handle stale or missing metrics?** 606 | 607 | **Answer:** 608 | 609 | - **Stale markers:** Prometheus marks time-series data as **stale** if a target stops reporting metrics. 610 | - **Absent function (`absent()`)**: Used in PromQL to detect missing metrics. 611 | - **Dead Man’s Switch**: A constant alert (e.g., `ALWAYS_ON`) ensures the alerting system is functional. 612 | 613 | Example: 614 | 615 | ```promql 616 | absent(up{job="my_service"}) 617 | ``` 618 | 619 | Triggers an alert if `up{job="my_service"}` is missing. 620 | 621 | --- 622 | 623 | ### **43. What is Prometheus WAL (Write-Ahead Log) and its purpose?** 624 | 625 | **Answer:** 626 | The **Write-Ahead Log (WAL)** in Prometheus: 627 | 628 | - **Stores data on disk before committing it to TSDB (Time-Series Database).** 629 | - Reduces data loss during crashes. 630 | - WAL files are stored in **/data/wal/** and help recover metrics quickly after a restart. 631 | 632 | --- 633 | 634 | ### **44. What are Histogram and Summary metrics in Prometheus?** 635 | 636 | **Answer:** 637 | Both are used for measuring **latency and response time**: 638 | 639 | - **Histogram:** Buckets data into **predefined ranges**, allowing percentiles to be calculated later. 640 | - **Summary:** Precomputes percentiles but cannot be aggregated across instances. 641 | 642 | Example (Histogram metric): 643 | 644 | ```promql 645 | histogram_quantile(0.95, rate(http_request_duration_seconds_bucket[5m])) 646 | ``` 647 | 648 | This calculates the **95th percentile response time**. 649 | 650 | --- 651 | 652 | ### **45. How do you secure Prometheus endpoints?** 653 | 654 | **Answer:** 655 | 656 | - **Enable authentication & TLS** via a reverse proxy (Nginx, Traefik). 657 | - **Use RBAC (Role-Based Access Control)** in Kubernetes for limiting access. 658 | - **Set up network policies** to restrict Prometheus access. 659 | 660 | Example: Using basic auth with Nginx: 661 | 662 | ```nginx 663 | server { 664 | listen 9090; 665 | location / { 666 | auth_basic "Restricted"; 667 | auth_basic_user_file /etc/nginx/.htpasswd; 668 | } 669 | } 670 | ``` 671 | 672 | --- 673 | 674 | ### **Grafana Questions** 675 | 676 | ### **46. How do you monitor Prometheus itself using Grafana?** 677 | 678 | **Answer:** 679 | 680 | - Enable the built-in Prometheus **self-metrics endpoint (`/metrics`)**. 681 | - Use dashboards to monitor **scrape latency, TSDB memory usage, query duration**. 682 | - Use the **Prometheus Federation API** to get meta-metrics. 683 | 684 | --- 685 | 686 | ### **47. What are Grafana Annotations and how are they useful?** 687 | 688 | **Answer:** 689 | Annotations mark **events (deployments, incidents, downtimes)** on Grafana graphs for better visualization. 690 | Example: Mark a **Kubernetes deployment** event in Grafana. 691 | 692 | --- 693 | 694 | ### **48. How do you configure Grafana for multi-tenancy?** 695 | 696 | **Answer:** 697 | 698 | - **Organizations:** Create multiple teams with separate dashboards. 699 | - **Data source permissions:** Restrict access at the **data-source level**. 700 | - **Multi-instance deployment:** Run **separate Grafana instances** for different teams. 701 | 702 | --- 703 | 704 | ### **49. What is Alerting in Grafana and how does it work?** 705 | 706 | **Answer:** 707 | 708 | - **Grafana alerts** monitor query conditions. 709 | - Alert states: **OK, Pending, Alerting, No Data**. 710 | - **Notification channels:** Slack, PagerDuty, Email, Webhooks. 711 | 712 | Example Grafana alert condition: 713 | 714 | - `avg(http_requests_total) > 1000` → Sends an alert if requests exceed 1000. 715 | 716 | --- 717 | 718 | ### **50. How does Loki compare with Elasticsearch for logging?** 719 | 720 | **Answer:** 721 | 722 | | Feature | Loki | Elasticsearch | 723 | |----------|------|--------------| 724 | | Storage | Compressed logs | Full-text index | 725 | | Querying | Label-based | Query DSL | 726 | | Performance | Faster (optimized for Kubernetes) | Heavy resource usage | 727 | 728 | **Loki is recommended for lightweight, Kubernetes-native logging**, while **Elasticsearch is better for complex log analysis**. 729 | 730 | --- 731 | 732 | ### **ELK Stack Questions** 733 | 734 | ### **51. What is the Hot-Warm-Cold architecture in Elasticsearch?** 735 | 736 | **Answer:** 737 | This strategy optimizes storage cost: 738 | 739 | - **Hot Nodes** → Store recent, frequently queried data. 740 | - **Warm Nodes** → Store older logs with infrequent access. 741 | - **Cold Nodes** → Store archived logs for long-term retention. 742 | 743 | --- 744 | 745 | ### **52. How do you reduce indexing pressure in Elasticsearch?** 746 | 747 | **Answer:** 748 | 749 | - **Use ILM (Index Lifecycle Management).** 750 | - **Optimize shard count** (Avoid too many small shards). 751 | - **Increase refresh intervals (`index.refresh_interval: 30s`).** 752 | 753 | --- 754 | 755 | ### **53. How does Logstash manage backpressure?** 756 | 757 | **Answer:** 758 | 759 | - **Persistent Queues** → Buffer data before sending to Elasticsearch. 760 | - **Dead Letter Queue (DLQ)** → Stores failed events for reprocessing. 761 | 762 | Example: 763 | 764 | ```yaml 765 | queue.type: persisted 766 | queue.max_bytes: 1gb 767 | ``` 768 | 769 | --- 770 | 771 | ### **54. What are Query Caching strategies in Elasticsearch?** 772 | 773 | **Answer:** 774 | 775 | - **Request cache:** Stores query results. 776 | - **Shard request cache:** Caches **aggregations and filters**. 777 | - **Doc value cache:** Optimizes **sorting and aggregations**. 778 | 779 | --- 780 | 781 | ### **55. How do you use Kibana for anomaly detection?** 782 | 783 | **Answer:** 784 | 785 | - **Machine Learning Jobs** → Identify unusual trends in logs. 786 | - **SIEM (Security Information and Event Management)** → Detect security threats. 787 | 788 | Example anomaly detection job: 789 | 790 | ```json 791 | { 792 | "analysis_config": { 793 | "bucket_span": "15m", 794 | "detectors": [{ "function": "mean", "field_name": "cpu_usage" }] 795 | } 796 | } 797 | ``` 798 | 799 | --- 800 | 801 | ### **56. How do you secure Elasticsearch clusters?** 802 | 803 | **Answer:** 804 | 805 | - **Enable TLS (`xpack.security.enabled: true`).** 806 | - **Use API Key authentication.** 807 | - **Implement firewall rules to restrict access.** 808 | 809 | --- 810 | 811 | ### **57. How do you integrate Prometheus with Elasticsearch?** 812 | 813 | **Answer:** 814 | 815 | - Use **Metricbeat** to push Prometheus data into **Elasticsearch**. 816 | - Use **Grafana to visualize both Prometheus & ELK logs.** 817 | 818 | Example Metricbeat configuration: 819 | 820 | ```yaml 821 | metricbeat.modules: 822 | - module: prometheus 823 | metricsets: ["collector"] 824 | host: "localhost:9090" 825 | ``` 826 | 827 | --- 828 | 829 | ### **58. How do you optimize Elasticsearch queries for performance?** 830 | 831 | **Answer:** 832 | 833 | - **Use filters (`term`, `match_phrase`) instead of full-text search.** 834 | - **Avoid wildcard (`*`) searches.** 835 | - **Use `doc_values` for sorting and aggregations.** 836 | 837 | --- 838 | 839 | ### **59. How do you implement centralized logging in Kubernetes?** 840 | 841 | **Answer:** 842 | 843 | - **Use Fluentd/Filebeat** to collect logs. 844 | - **Send logs to Elasticsearch or Loki.** 845 | - **Monitor logs via Kibana or Grafana dashboards.** 846 | 847 | Example Fluentd configuration: 848 | 849 | ```yaml 850 | 851 | @type elasticsearch 852 | host elasticsearch 853 | logstash_format true 854 | 855 | ``` 856 | 857 | --- 858 | 859 | ### **60. What are the best practices for log retention and compliance?** 860 | 861 | **Answer:** 862 | 863 | - **Use ILM to delete old logs automatically.** 864 | - **Encrypt sensitive logs (`xpack.security`).** 865 | - **Mask PII data before indexing logs.** 866 | - **Set audit logs for security compliance.** 867 | 868 | --- 869 | 870 | ## **📢 Contribute & Stay Updated** 871 | 872 | 💡 **Want to contribute?** 873 | We **welcome contributions!** If you have insights, new tools, or improvements, feel free to submit a **pull request**. 874 | 875 | 📌 **How to Contribute?** 876 | 877 | - Read the **[CONTRIBUTING.md](https://github.com/NotHarshhaa/DevOps-Interview-Questions/blob/master/CONTRIBUTING.md)** guide. 878 | - Fix errors, add missing topics, or suggest improvements. 879 | - Submit a **pull request** with your updates. 880 | 881 | 📢 **Stay Updated:** 882 | ⭐ **Star the repository** to get notified about new updates and additions. 883 | 💬 **Join discussions** in **[GitHub Issues](https://github.com/NotHarshhaa/DevOps-Interview-Questions/issues)** to suggest improvements. 884 | 885 | --- 886 | 887 | ## **🌍 Community & Support** 888 | 889 | 🔗 **GitHub:** [@NotHarshhaa](https://github.com/NotHarshhaa) 890 | 📝 **Blog:** [ProDevOpsGuy](https://blog.prodevopsguy.xyz) 891 | 💬 **Telegram Community:** [Join Here](https://t.me/prodevopsguy) 892 | 893 | ![Follow Me](https://imgur.com/2j7GSPs.png) 894 | -------------------------------------------------------------------------------- /networking-security/README.md: -------------------------------------------------------------------------------- 1 | # Networking & Security Interview Questions 2 | 3 | ## **Beginner-Level (1-20) Questions** 4 | 5 | ### **1. What is a network?** 6 | 7 | A network is a group of interconnected devices that communicate to share resources and information. It can be wired or wireless. 8 | 9 | ### **2. What is an IP address?** 10 | 11 | An IP (Internet Protocol) address is a unique numerical identifier assigned to each device on a network to facilitate communication. 12 | 13 | ### **3. What is the difference between IPv4 and IPv6?** 14 | 15 | - **IPv4**: 32-bit addressing, supports 4.3 billion addresses. 16 | - **IPv6**: 128-bit addressing, supports an enormous number of addresses, improving scalability and security. 17 | 18 | ### **4. What are private and public IP addresses?** 19 | 20 | - **Private IPs**: Used within local networks (e.g., 192.168.x.x). 21 | - **Public IPs**: Used on the internet and assigned by ISPs. 22 | 23 | ### **5. What is a subnet mask?** 24 | 25 | A subnet mask divides an IP address into network and host portions, determining which part identifies the network and which part identifies the device. 26 | 27 | ### **6. What is DHCP, and how does it work?** 28 | 29 | The **Dynamic Host Configuration Protocol (DHCP)** automatically assigns IP addresses to devices in a network, reducing manual configuration. 30 | 31 | ### **7. What is DNS, and why is it important?** 32 | 33 | The **Domain Name System (DNS)** translates domain names (e.g., google.com) into IP addresses, making it easier to access websites. 34 | 35 | ### **8. What is NAT (Network Address Translation)?** 36 | 37 | NAT allows multiple devices on a local network to share a single public IP address for internet access. 38 | 39 | ### **9. What is a firewall?** 40 | 41 | A firewall is a security system that monitors and controls incoming and outgoing network traffic based on security rules. 42 | 43 | ### **10. What are the types of firewalls?** 44 | 45 | - **Packet Filtering Firewall** 46 | - **Stateful Inspection Firewall** 47 | - **Proxy Firewall** 48 | - **Next-Generation Firewall (NGFW)** 49 | 50 | ### **11. What is a VPN?** 51 | 52 | A **Virtual Private Network (VPN)** encrypts internet connections, providing secure remote access and anonymity. 53 | 54 | ### **12. What is SSH, and why is it used?** 55 | 56 | SSH (**Secure Shell**) is a protocol used for secure remote access to servers using encrypted communication. 57 | 58 | ### **13. What is HTTP and HTTPS?** 59 | 60 | - **HTTP (Hypertext Transfer Protocol)**: Unencrypted web communication. 61 | - **HTTPS (HTTP Secure)**: Secure, encrypted communication using SSL/TLS. 62 | 63 | ### **14. What is an SSL/TLS certificate?** 64 | 65 | An SSL/TLS certificate encrypts website traffic, ensuring secure communication and trustworthiness. 66 | 67 | ### **15. What is a load balancer?** 68 | 69 | A load balancer distributes incoming network traffic across multiple servers to optimize performance and availability. 70 | 71 | ### **16. What are different types of load balancers?** 72 | 73 | - **Layer 4 Load Balancer** (Transport Layer) 74 | - **Layer 7 Load Balancer** (Application Layer) 75 | 76 | ### **17. What is a DMZ in networking?** 77 | 78 | A **Demilitarized Zone (DMZ)** is a security buffer between an internal network and the internet, hosting public-facing services securely. 79 | 80 | ### **18. What is port forwarding?** 81 | 82 | Port forwarding redirects network traffic from one port to another, often used to expose internal services externally. 83 | 84 | ### **19. What is ARP (Address Resolution Protocol)?** 85 | 86 | ARP translates IP addresses into MAC addresses to enable communication within a local network. 87 | 88 | ### **20. What is an IDS and IPS?** 89 | 90 | - **IDS (Intrusion Detection System)**: Monitors network traffic for threats. 91 | - **IPS (Intrusion Prevention System)**: Blocks malicious traffic automatically. 92 | 93 | --- 94 | 95 | ## **Intermediate-Level (21-40) Questions** 96 | 97 | ### **21. What is Zero Trust Security?** 98 | 99 | Zero Trust is a security model that assumes no entity (inside or outside the network) is trusted by default. 100 | 101 | ### **22. What is the difference between symmetric and asymmetric encryption?** 102 | 103 | - **Symmetric Encryption**: Uses one key for encryption and decryption. 104 | - **Asymmetric Encryption**: Uses a public-private key pair (e.g., RSA). 105 | 106 | ### **23. What is a CDN (Content Delivery Network)?** 107 | 108 | A **CDN** improves website speed and security by distributing content across multiple servers worldwide. 109 | 110 | ### **24. What is the difference between TCP and UDP?** 111 | 112 | - **TCP**: Reliable, connection-oriented, ensures data delivery. 113 | - **UDP**: Faster, connectionless, best for real-time applications. 114 | 115 | ### **25. How does a reverse proxy improve security?** 116 | 117 | A reverse proxy sits between users and backend servers, protecting them from direct exposure and filtering malicious traffic. 118 | 119 | ### **26. What are the benefits of HTTPS over HTTP?** 120 | 121 | - Encryption 122 | - Data integrity 123 | - Authentication 124 | 125 | ### **27. How does multi-factor authentication (MFA) enhance security?** 126 | 127 | MFA adds an extra security layer by requiring multiple verification methods (e.g., password + OTP). 128 | 129 | ### **28. What is a bastion host?** 130 | 131 | A **bastion host** is a highly secured jump server used to access internal networks securely. 132 | 133 | ### **29. What is OSI Model and its layers?** 134 | 135 | The OSI model has **7 layers**: Physical, Data Link, Network, Transport, Session, Presentation, Application. 136 | 137 | ### **30. What is a WAF (Web Application Firewall)?** 138 | 139 | A **WAF** protects web applications by filtering and blocking malicious HTTP traffic. 140 | 141 | ### **31. What is a honeypot in cybersecurity?** 142 | 143 | A honeypot is a security system designed to detect and study cyberattacks by mimicking real systems. 144 | 145 | ### **32. What is BGP (Border Gateway Protocol)?** 146 | 147 | BGP is a routing protocol used for exchanging routing information between networks on the internet. 148 | 149 | ### **33. What is DDoS, and how can it be mitigated?** 150 | 151 | A **Distributed Denial-of-Service (DDoS)** attack overwhelms a system. It can be mitigated using rate limiting, firewalls, and cloud-based protection. 152 | 153 | ### **34. What is the CIA Triad in security?** 154 | 155 | The **CIA Triad** stands for **Confidentiality, Integrity, and Availability**, which are fundamental security principles. 156 | 157 | ### **35. What is SSO (Single Sign-On)?** 158 | 159 | SSO allows users to log in to multiple applications using a single authentication process. 160 | 161 | ### **36. What is a security token?** 162 | 163 | A **security token** is a physical or digital device used for authentication. 164 | 165 | ### **37. What is an access control list (ACL)?** 166 | 167 | An ACL defines rules that allow or deny traffic based on IP, ports, or protocols. 168 | 169 | ### **38. What is a container network security concern?** 170 | 171 | Containers share OS kernels, so misconfigurations can expose services to security threats. 172 | 173 | ### **39. What is network segmentation?** 174 | 175 | It is dividing a network into smaller parts to improve security and performance. 176 | 177 | ### **40. What is the difference between active and passive reconnaissance?** 178 | 179 | - **Active reconnaissance**: Direct interaction with the target. 180 | - **Passive reconnaissance**: Collecting data without direct interaction. 181 | 182 | --- 183 | 184 | ## **Advanced-Level (41-60) Questions** 185 | 186 | ### **41. What is mutual TLS (mTLS), and why is it used?** 187 | 188 | Mutual TLS (mTLS) ensures **both client and server** authenticate each other before communication, enhancing security in microservices and API interactions. 189 | 190 | ### **42. What is the difference between L3, L4, and L7 firewalls?** 191 | 192 | - **L3 Firewall (Network Layer)**: Filters traffic based on IP addresses. 193 | - **L4 Firewall (Transport Layer)**: Filters based on ports and TCP/UDP protocols. 194 | - **L7 Firewall (Application Layer)**: Filters based on application-specific data (e.g., HTTP, FTP). 195 | 196 | ### **43. How does AWS Security Groups differ from Network ACLs?** 197 | 198 | - **Security Groups**: Act as virtual firewalls at the instance level, stateful. 199 | - **Network ACLs**: Act at the subnet level, stateless. 200 | 201 | ### **44. What is a SIEM (Security Information and Event Management) system?** 202 | 203 | SIEM aggregates security data from multiple sources to detect, analyze, and respond to threats. 204 | 205 | ### **45. What is a threat model in security?** 206 | 207 | Threat modeling identifies potential threats and vulnerabilities in a system to proactively mitigate risks. 208 | 209 | ### **46. What is an ephemeral port, and how is it used?** 210 | 211 | Ephemeral ports (e.g., **49152-65535**) are temporary ports used by client applications for outbound connections. 212 | 213 | ### **47. How does DNSSEC enhance DNS security?** 214 | 215 | DNSSEC (DNS Security Extensions) prevents DNS spoofing by adding cryptographic signatures to DNS records. 216 | 217 | ### **48. What are the different types of VPNs?** 218 | 219 | - **Remote Access VPN** (for individuals connecting to a network remotely). 220 | - **Site-to-Site VPN** (connects entire networks). 221 | 222 | ### **49. How does a service mesh improve security in Kubernetes?** 223 | 224 | A **service mesh** (e.g., Istio, Linkerd) provides **mTLS, authentication, and observability** for secure communication between microservices. 225 | 226 | ### **50. What are some common OWASP Top 10 security risks?** 227 | 228 | 1. Injection (e.g., SQL injection) 229 | 2. Broken Authentication 230 | 3. Sensitive Data Exposure 231 | 4. XML External Entities (XXE) 232 | 5. Broken Access Control 233 | 6. Security Misconfiguration 234 | 7. Cross-Site Scripting (XSS) 235 | 8. Insecure Deserialization 236 | 9. Using Components with Known Vulnerabilities 237 | 10. Insufficient Logging & Monitoring 238 | 239 | ### **51. How do WebSockets handle security concerns?** 240 | 241 | WebSockets require **authentication, encryption (WSS), and proper origin checks** to prevent attacks. 242 | 243 | ### **52. What is an SSRF (Server-Side Request Forgery) attack?** 244 | 245 | An SSRF attack tricks a server into making requests to internal services, leading to data leaks or system compromise. 246 | 247 | ### **53. How does an AWS WAF protect applications?** 248 | 249 | AWS WAF filters web traffic based on **rules, rate limiting, and bot mitigation** to prevent common attacks like SQL injection and XSS. 250 | 251 | ### **54. How does Kubernetes RBAC (Role-Based Access Control) work?** 252 | 253 | Kubernetes RBAC grants permissions based on **Roles, RoleBindings, ClusterRoles, and ClusterRoleBindings**, restricting access to resources. 254 | 255 | ### **55. What is a MAC address, and how does MAC filtering enhance security?** 256 | 257 | A MAC address is a **unique identifier** for network interfaces. MAC filtering allows or denies network access based on these addresses. 258 | 259 | ### **56. How does DNS poisoning work, and how can it be prevented?** 260 | 261 | DNS poisoning tricks users into visiting **malicious sites** by altering DNS records. Prevention includes **DNSSEC, monitoring, and secure DNS resolvers**. 262 | 263 | ### **57. What is a federated identity in security?** 264 | 265 | Federated identity allows users to authenticate across multiple applications using a **single set of credentials** (e.g., Google or Microsoft sign-in). 266 | 267 | ### **58. How does Kubernetes Network Policy improve security?** 268 | 269 | Kubernetes Network Policies define **rules for pod communication**, restricting traffic based on namespaces, labels, and IP ranges. 270 | 271 | ### **59. What is the principle of least privilege (PoLP)?** 272 | 273 | PoLP ensures **users and applications only have the minimum access** needed to perform their tasks, reducing security risks. 274 | 275 | ### **60. How do HSTS (HTTP Strict Transport Security) and CSP (Content Security Policy) improve web security?** 276 | 277 | - **HSTS**: Forces HTTPS connections to prevent downgrade attacks. 278 | - **CSP**: Restricts allowed content sources to prevent XSS attacks. 279 | 280 | --- 281 | 282 | ## **📢 Contribute & Stay Updated** 283 | 284 | 💡 **Want to contribute?** 285 | We **welcome contributions!** If you have insights, new tools, or improvements, feel free to submit a **pull request**. 286 | 287 | 📌 **How to Contribute?** 288 | 289 | - Read the **[CONTRIBUTING.md](https://github.com/NotHarshhaa/DevOps-Interview-Questions/blob/master/CONTRIBUTING.md)** guide. 290 | - Fix errors, add missing topics, or suggest improvements. 291 | - Submit a **pull request** with your updates. 292 | 293 | 📢 **Stay Updated:** 294 | ⭐ **Star the repository** to get notified about new updates and additions. 295 | 💬 **Join discussions** in **[GitHub Issues](https://github.com/NotHarshhaa/DevOps-Interview-Questions/issues)** to suggest improvements. 296 | 297 | --- 298 | 299 | ## **🌍 Community & Support** 300 | 301 | 🔗 **GitHub:** [@NotHarshhaa](https://github.com/NotHarshhaa) 302 | 📝 **Blog:** [ProDevOpsGuy](https://blog.prodevopsguy.xyz) 303 | 💬 **Telegram Community:** [Join Here](https://t.me/prodevopsguy) 304 | 305 | ![Follow Me](https://imgur.com/2j7GSPs.png) 306 | --------------------------------------------------------------------------------