Top 50 DevOps Interview Questions and Expert Answers

📙 Chapter 3: Infrastructure & Orchestration – Hard Level Questions

As organizations scale, their DevOps demands evolve from simple automation to complex infrastructure management, orchestration, and resilience engineering. Mastering infrastructure as code (IaC) and orchestration is a must for senior-level DevOps professionals. This chapter focuses on hard-level interview questions related to tools like Terraform, Kubernetes, Helm, AWS CloudFormation, and advanced orchestration patterns that are critical in building robust, fault-tolerant systems.

🧱 1. What is Infrastructure as Code (IaC), and how does Terraform differ from CloudFormation?

Interview Question: Explain the concept of IaC. Compare Terraform and AWS CloudFormation.

Answer:
IaC allows you to provision and manage infrastructure using machine-readable definition files. It helps automate cloud provisioning and ensures consistent environments across development, testing, and production.

⚙️ 2. What is the difference between declarative and imperative infrastructure configuration?

Interview Question: Explain declarative vs imperative approaches in infrastructure.

Declarative methods are preferred in modern DevOps for scalability, idempotence, and clearer version control.

☸️ 3. What are the core components of Kubernetes architecture?

Interview Question: Describe the key components of Kubernetes.

🚢 4. How do you handle secrets in Kubernetes securely?

Interview Question: How do you store and manage secrets in Kubernetes?

Answer:
Kubernetes provides a Secret object to store sensitive data like passwords, tokens, and keys. However, base64-encoded secrets are not encrypted by default. For better security:

• Enable encryption at rest in Kubernetes
• Integrate HashiCorp Vault, AWS Secrets Manager, or Sealed Secrets
• Use RBAC (Role-Based Access Control) to restrict secret access

🔁 5. What is a Helm chart and how do you use it for deployment?

Interview Question: Explain Helm and how it simplifies Kubernetes deployments.

Answer:
Helm is a package manager for Kubernetes. A Helm chart is a collection of YAML templates that define a Kubernetes resource set. It allows developers to deploy apps with a single command using version-controlled and parameterized configurations.

Helm Directory Structure:

markdown

mychart/

  Chart.yaml

  values.yaml

  templates/

    deployment.yaml

    service.yaml

Helm Benefits:

• Easy upgrades/rollbacks
• Parameterized deployments
• Reusable templated resources
• Versioning of releases

🌐 6. How do you ensure high availability (HA) in a Kubernetes cluster?

Interview Question: What steps do you take to design an HA Kubernetes cluster?

Answer:
To ensure high availability in Kubernetes:

• Use multi-master setup for control plane redundancy
• Distribute nodes across multiple availability zones
• Use Pod Disruption Budgets and affinity rules
• Deploy load balancers in front of API servers
• Ensure etcd is replicated and backed up
• Implement auto-scaling with HPA and Cluster Autoscaler

🧪 7. How do you test and validate Terraform configurations?

Interview Question: What are best practices for testing Terraform code?

Answer:
To test Terraform code effectively:

• Use terraform validate to check syntax
• Use terraform plan to review changes
• Implement unit tests using Terratest
• Employ tflint or checkov for static analysis
• Use backend state locking to prevent concurrent runs
• Version modules using git or Terraform Registry

🔄 8. How do you manage Kubernetes deployment rollbacks and updates?

Interview Question: Explain your approach to handling rollbacks in Kubernetes.

Answer:
Kubernetes uses the Deployment controller to manage rolling updates and rollback. You can use:

• kubectl rollout status deployment/<name>
• kubectl rollout undo deployment/<name> to revert to a previous state
• Readiness probes to avoid serving traffic before apps are ready
• MaxUnavailable and MaxSurge parameters for fine-tuned rollout control
• Integrate deployment strategies like blue-green or canary

🧰 9. What is the role of state management in Terraform?

Interview Question: Why is Terraform state important and how do you manage it?

Answer:
Terraform uses a state file (terraform.tfstate) to keep track of the infrastructure's current condition. Managing state is critical for planning changes and avoiding drift.

State Management Best Practices:

• Store remotely (e.g., AWS S3, Terraform Cloud) with state locking
• Enable versioning and backups
• Limit access using IAM
• Use terraform import to bring existing resources into the state

🔐 10. What is a service mesh and how does it relate to Kubernetes?

Interview Question: What is a service mesh and where does Istio fit in?

Answer:
A service mesh is a dedicated infrastructure layer for managing service-to-service communication in microservices architecture. It handles traffic management, observability, retries, and security without modifying application code.

Popular service meshes:

• Istio
• Linkerd
• Consul Connect

Istio runs as a sidecar proxy (Envoy) and provides:

• mTLS (secure communication)
• Traffic splitting and routing
• Service-level observability
• Circuit breaking and retries

📊 Summary Table: Tools in Infrastructure & Orchestration