DevOps Interview Prep: Docker, Kubernetes, and CI/CD Questions

DevOps Interviews Are Part Theory, Part War Stories

DevOps and SRE interviews are unlike most software engineering interviews. Sure, there are technical questions about containers and orchestration. But a huge chunk of the interview is scenario-based: "Tell me about a time a production system went down. What did you do?" or "How would you design a deployment pipeline for a team of 50 engineers?"

When I was interviewing for an SRE position at a large e-commerce company, the interviewer spent 20 minutes grilling me on a real outage I'd handled. He wanted to know my thought process, how I communicated with the team, what I'd do differently. The technical knowledge got me in the door; the incident response stories sealed the deal.

Docker Questions You'll Get

Fundamentals

These come up in almost every DevOps interview:

• What's a container vs a VM? Containers share the host OS kernel and are lightweight. VMs include a full guest OS. Containers start in seconds; VMs take minutes.
• What's a Docker image vs a container? Image is the blueprint (read-only). Container is a running instance of that image.
• What happens when you run docker run? Docker checks for the image locally, pulls it if needed, creates a container from it, allocates a filesystem, sets up networking, and starts the process defined in CMD/ENTRYPOINT.

Dockerfile Best Practices

Interviewers love to show you a Dockerfile and ask you to optimize it. Common improvements:

# Bad: Large image, no layer caching
FROM ubuntu:latest
RUN apt-get update && apt-get install -y nodejs npm
COPY . /app
RUN npm install
CMD ["node", "server.js"]

# Better: Multi-stage build, small base image
FROM node:20-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
COPY . .

FROM node:20-alpine
WORKDIR /app
COPY --from=builder /app .
EXPOSE 3000
USER node
CMD ["node", "server.js"]

Key improvements to mention: multi-stage builds (smaller final image), copying package.json first (better layer caching), using alpine base images, running as non-root user, using npm ci instead of npm install for reproducible builds.

Networking and Volumes

Docker networking — know the difference between bridge (default, isolated), host (shares host network), and overlay (multi-host, used in Swarm/Kubernetes). In practice, you'll mostly use bridge networks with defined ports.

Volumes vs bind mounts. Volumes are managed by Docker and persist data beyond container lifecycle. Bind mounts map a host path directly. For production databases, you want volumes. For development hot-reloading, bind mounts work great.

Kubernetes Questions

K8s is a massive topic, but interviews tend to focus on a core set of concepts.

Architecture Basics

• Pod — smallest deployable unit. One or more containers sharing network and storage. Not meant to be created directly in production — use Deployments.
• Service — stable network endpoint for a set of pods. ClusterIP (internal), NodePort (external via node port), LoadBalancer (cloud provider LB).
• Deployment — manages pod replicas, handles rolling updates and rollbacks. You define desired state, K8s makes it happen.
• ConfigMap and Secret — externalize configuration. ConfigMaps for non-sensitive data, Secrets for credentials (base64-encoded, not encrypted by default — know this caveat).
• Namespace — logical isolation within a cluster. Teams, environments (dev/staging/prod), or projects.

Common K8s Interview Questions

"How does a rolling update work?" A Deployment gradually replaces old pods with new ones. You can configure maxSurge (how many extra pods during update) and maxUnavailable (how many can be down). If the new version fails health checks, the rollout pauses. You can roll back with kubectl rollout undo.

"What happens when a pod crashes?" The kubelet restarts it based on the restartPolicy. If it keeps crashing (CrashLoopBackOff), K8s applies exponential backoff. The Deployment controller ensures the desired number of healthy replicas is maintained.

"How do you scale?" Horizontal Pod Autoscaler (HPA) scales based on CPU/memory or custom metrics. Vertical Pod Autoscaler adjusts resource requests. Cluster Autoscaler adds/removes nodes when pods can't be scheduled due to resource constraints.

"Explain the difference between a StatefulSet and a Deployment." StatefulSets provide stable network identities and persistent storage for each pod — essential for databases, message brokers, and anything that needs consistent pod identity. Deployments treat pods as interchangeable.

CI/CD Pipeline Questions

Pipeline Design

A typical pipeline you should be able to whiteboard:

1. Source — triggered by git push, PR merge, or tag
2. Build — compile, run linter, build Docker image
3. Test — unit tests, integration tests, possibly E2E tests
4. Security scan — SAST, dependency vulnerability scanning
5. Artifact — push Docker image to registry (ECR, GCR, Docker Hub)
6. Deploy to staging — automatic deployment for testing
7. Manual approval gate — human sign-off for production
8. Deploy to production — blue-green, canary, or rolling update
9. Post-deploy verification — smoke tests, monitoring checks

Deployment Strategies

Know the trade-offs between these three:

Blue-green. Two identical environments. You deploy to the inactive one (green), test it, then switch traffic. Instant rollback — just switch back to blue. Downside: you need double the infrastructure.

Canary. Roll out to a small percentage of traffic first (say 5%), monitor for errors, then gradually increase. Catches problems before they affect everyone. More complex to set up but less wasteful than blue-green.

Rolling update. Gradually replace old instances with new ones. Kubernetes does this by default with Deployments. Simple and resource-efficient but rollback is slower — you need to deploy the old version again.

Cloud and Infrastructure Questions

You won't be expected to know every AWS service, but you should be comfortable with the fundamentals across at least one major cloud:

Compute: EC2 (VMs), ECS/EKS (containers), Lambda (serverless). When would you use each?

Storage: S3 (object storage), EBS (block storage for EC2), RDS (managed databases). A colleague got asked "when would you use S3 vs EBS?" — S3 for static files, backups, data lakes. EBS for database volumes attached to EC2 instances.

Networking: VPCs, subnets, security groups, route tables. Understand public vs. private subnets and why you'd put your database in a private subnet with no internet access.

Infrastructure as Code: Terraform is the industry standard. Know HCL basics — resources, variables, state management. "What is Terraform state and why does it matter?" comes up often. State tracks what infrastructure Terraform manages so it knows what to create, update, or destroy.

Scenario-Based Questions

These are where interviews get interesting. There's no single right answer — they want to see your problem-solving process.

"How would you handle a production outage?"

1. Assess severity and impact. How many users affected? Is it a total outage or degraded performance?
2. Communicate. Page the on-call team, post in the incident channel, update status page.
3. Triage. Check monitoring dashboards, look at recent deployments, review error logs.
4. Mitigate. If a recent deploy caused it, roll back immediately. Don't try to fix forward during an outage.
5. Root cause. After mitigation, conduct a blameless postmortem. What happened, why, and how to prevent it.

"Your build pipeline is taking 45 minutes. How do you speed it up?"

• Parallelize test suites
• Use Docker layer caching for builds
• Split into fast feedback (lint + unit tests) and slower stages (integration + E2E)
• Only run tests for changed modules (test impact analysis)
• Consider faster runners or self-hosted build agents

"How do you handle secrets in your pipeline?"

Never hardcode secrets. Use a secrets manager (HashiCorp Vault, AWS Secrets Manager) or your CI/CD platform's built-in secrets (GitHub Actions secrets, GitLab CI variables). Inject them at runtime as environment variables. Rotate them regularly. Audit access.

How to Prepare

DevOps interviews reward hands-on experience more than any other type. If you've only read about Kubernetes but never deployed anything to a cluster, it'll show.

Here's what I'd do with two weeks of prep time:

• Set up a local K8s cluster (minikube or kind) and deploy a simple app with a Deployment, Service, and ConfigMap. Scale it, update it, roll it back.
• Write a Dockerfile for a real project and optimize it. Measure image size before and after multi-stage builds.
• Build a CI/CD pipeline with GitHub Actions or GitLab CI. Even for a toy project, the experience is invaluable.
• Practice incident scenarios out loud. Think of 2-3 real outages or issues you've dealt with. Structure your stories: situation, actions, result.

If you want to practice talking through DevOps scenarios and technical questions with instant feedback, Craqly's AI interview copilot can simulate the back-and-forth of a real DevOps interview round. It's especially useful for the scenario-based questions where you need to think on your feet and articulate your decision-making process clearly.