Published on

DevOps Interview

Authors
  • avatar
    Name
    Loc Truong
    Twitter

Beginner

What is DevOps, and why is it important?

DevOps is a set of practices that combines software development (Dev) and IT operations (Ops). Its main goal is to shorten (and simplify) the software development lifecycle and provide continuous delivery with high software quality.

It is important because it helps to improve collaboration between development and operations team which in turn, translates into increasing deployment frequency, reducing failure ratess of new releases, and speeding up recovery time.

Explain the difference between continuous integration and continuous deployment.

Continuous integration (CI) involves automatically building and testing code changes as they are committed to version control systems (usually GIT). This helps catch issues early and improves code quality.

On the other hand, Continuous Deployment (CD) goes a step further by automatically deploying every change that passes the CI process, ensuring that software updates are delivered to user quickly and efficiently without manual intervention.

Combined, they add a greate deal of stability and agility to the development lifecycle.

What is container, and how is it diffrent from a virtual machine?

A container is a runtime instance of container image (which is a lightweight, executable package that includes everything needed to run your code). It is the execution environment that runs the application or service defined by the container image.

When a container is started, it becomes an isolated process on the host machine with its own filesystem, network interfaces and other resources. Containers share the host operating system's kernel, making them more efficient and quicker to start than virtual machines.

A virtual machine (VM) on the other hand, is an emulation of a physical computer. Each VM runs a full operating system and has virtualized hardware, which makes them more resource-intensive and slower to start compared to containers.

There are too many out there to name them all, but we can group them into two main categories: on-prem and cloud based.

On-prem CI/CD tools

These tools allows you to install them on your own infrastructure and don't require any extra external internet access. Some examples are:

  • Jenkins
  • GitLab CI/CD (can be self-hosted)
  • Bamboo
  • TeamCity

Cloud-based CI/CD tools

On the other hand, these tools either require you to use them from the cloud or are only accessible in SaaS format, which means they provide the infrastructure and you just use their services.

Some Examples of these tools are:

  • CircleCI
  • TravisCI
  • Gitlab CI/CD (cloud version)
  • Azure DevOps
  • Bitbucket Pipelines

What is Docker and why is it used?

Docker is an open-source platform that enables developers to create, deploy and run napplication within lightweight, portable containers. These containers package an application along with all of its dependencies, libraries and configuration files.

That, in turn, ensures that the application can run consistently across various computing envinronments.

Docker has become one of the most popular DevOps tools because it provides a consistent and isolated environment for development, continuous testing and deployment. This consistency helps to eliminate the common "it works on my machine" problem by ensuring that the application behaves the same way, regardless of wher it is run -- where on a developer's local machine, a testing server, or in production.

Addtionally, Docker simplifies the management of complex applications by allowing developers to break them down into smaller, manageable microservices, each running in its own container.

This approach not only supports but also enhances scalability and flexbility and it makes it seaiser to manage dependencies, version control, and updates.

Can you explain what infrastructure as code (IaC) is?

IaC IaC is the practice of managing and provisioning infrastructure through machine-readable configuration files (in other words, "code"), rather than through physical hardware configuration or interactive configuration tools.

By Keeping this configuration in code format, we now gain the ability to keep it stored in version control platforms, and automate their deployment consistently across environment, reducing the risk of human error and increasing efficiency infrastructure management.

What are some common IaC tools?

If you're in search of effective configuration management tools to streamline and automate your IT infrastructure, you might consider exploring the following popular options:

  • Ansible
  • Chef
  • Puppet

Configuiration management tools are designed to help DevOps engineers manage and maintain consistent configuration across multiple series and environments. These tools automate the process of configuring deploying and managing systems, ensuring that your infrastructure remains reliable, scalable and compliant with your organization's standards.

Provisioning and orchestration tools

If, on the other hand, you're looking for tools to handle provisoining and orchestration of your infrastructure, you might want to explore the following popular options:

  • Terraform
  • CloudFormation (AWS)
  • Pulumi

Provisioning and orchestration tools are essential for automating the process of setting up and managing your infrastructure resources. These tools allow you to define your IaC, making it easier to deploy, manage and scale resources across cloud environments.

Finally, if you're looking for multi-purpose tools, you can try something like:

  • Ansible (can also be used for provisioning)
  • Pulumi (supports both IaC and configuration management)

What is version control and why is it important in DevOps?

Version control is a system that records changes to files over time so that specific versions can be recalled later or multiple developers can work on the same codebase and eventually merge their work streams together with minimum effort.

It is important in DevOps because it allows multiple team members to collaborate on code, tracks and manages changes efficiently, enables rollback to prrevious versions of issue arise, and supports automation in CI/CD pipelines, ensuring consistent and reliable software delivery (which is one of the key principles of DevOps).

In terms of tooling, one of the best and most popular version control systems ins Git. It Provides what is known as a distributed version control system, giving every team member a pice of the code so they can branch it, work on it however they feel like it, and push it back to the rest of the team once they're done.

That said, there are other legacy teams using alternatives like CVS or SVN.

Explain the concept of 'shift left' in DevOps

The concept of 'shift left' in DevOps refers to the practice of performing tasks ealier in the software development lifecycle.

This includes integrating testing, security and other quality checks early in the development process rather than at the end. The goal is to identify and fix issues sooner, thus reducing defects, improving quality, and speeding up software delivery times.

What is a microservice, and how does it differ from a monolithic application?

monolithic application

A microservicde is an architectural style that structures an application as a collection of small, loosely coupled and independently deployable services (hence the term "micro").

Each service focuses on a specific business domain and can communicate with others through well-defined APIs.

In the end, your application is not (usually) composed of a single microservice (that would make it monolith), instead, its architecture consists of multiple microservices working together to serve the incoming requests.

On the other hand, a monolithic application is a single (often massive) unit where all functions and services are interconnected and run as a single process.

THe biggest difference between monoliths and microservices is that changes to a monolithic application require the entire system to be rebuilt and redeployed, while microservices can be developed, deployed and scaled independently, allowing for greater flexbility and resilience.

What is a build pipeline?

A build pipeline is an automated process that compiles, tests and prepares code for deployment. It typically involves multiple stages, such as source code retrieval code compilation running unit tests, performing static code analysis, creating build artifacts and deploying to one of the available envinronments.

The build pipeline effectively removes humans from the deployment process as much as possible, clearly reducing the chance of human error. This, in turn, ensures consistency and reliability in software build and speeds up the development and deployment process.

What is the role of a DevOps Engineer?

This is probably one of the most common DevOps interview questions out there because by answering it correctly, you show that you actually know what DevOps engineers (A.K.A "you") are supposed to work on.

That said, this is not a trivial question to answer because different companies will likely implement DevOps with their own "Flavor" and in their own way.

At a high level, the role of a DevOps engineer is to bridge the gap between development and operations teams with the aim of improving the development lifecycle and reducing deployment errors.

With that said other key responsibilities may include:

  • Implkementing and managing CI/CD pipelines.
  • Automating infrastructure provisioning and configuration using IaC tools.
  • Monitoring and maintaining system performance, security and availability.
  • Collaborating with developers to streamline code deployments and ensures smooth operations.
  • Managing and optimizing cloud infrastructure.
  • Ensuring system scalability and reliability.
  • Troubleshooting and resolving issues across the development and production envinronments.

What is Kubernetes, and why is it used?

If we're talking about DevOps tools, then Kubernetes is a must-have.

Specifically, Kubernetes is an open-source container orchestration platform. That means it can automate the deployment, scaling and management of containerized applications.

It is widely used because it simplifies the complex tasks of managing containers for large-scale applications, such as ensuring high availability, load balancing, rolling updates and self-healing.

Kubernetes helps organizations run and manage applications more efficiently and reliably invarious environment including on-premises, cloud or hybrid setups.

Explain the concept of orchestration in DevOps.

Orchestration in DevOps refers to the automated coordination and management of complex IT systems. it involves combining multiple automated tasks and processes into a single workflow to achieve a specific goal.

Nowadays, automation (or orchestration) is one of the key components of any software development process and it should never be avoided nor preferred over manual configuration.

As an automation practice, orchestration helps to remove the chance of human error from the different steps of the software development lifecycle. This is all to ensure efficient resource utilization and consistency.

Some examples of orchestration can inlcude orchestrating container deployments with kubernetes and automating infrastructure provisioning with tools like Terraform.

What is a load balancer, and why is it important?

load balacner

A load balancer is a device or software that distributes incoming network traffic across multiple servers to ensure no single server becomes overwhelmed.

It is important because it improves the avalability, reliability and performance of applications by evenly distributing the load, preventing server overload, and providing failover capabilities in case of server failures.

Load balancers are usually used when scalling up RESTful microservices, as their stateless nature, you cna set up multiple copies of the same on behind a load balancer and let it distribute the load amongst all copies evenly.

What is the purpose of a configuration management tool?

When organizations and platforms grow large enough, keeping track of how different areas of the IT ecosystem (infrastructure, deployment pipelines, hardware, etc) are meant to be configured becomes a problem, and finding a way to manage that chaos suddenly becomes a necessity.

That is where configuration management comes into play.

The purpose of a configuration management tool is to automate the process of managing and maintaining the consistency of software and hardware configurations across and organization's infrastructure.

It makes sure that systems are configured correctly, updates are applied uniformly, and configurations are maintained according to predefined standards.

This helps reduce configurations errors, increase efficiency, and ensure that environments are consistent and compliant.

What is continuous monitoring?

As a DevOps engineer, the concept of continuous monitoring should be ingrained in your bain as a must-perform activity.

You see, continuous monitoring is the practice of constantly overseeing and analyzing an IT system's performance, security and compliance in real-time.

It involves collecting and sessing data from various parts of the infrastructure to detect issues, security threats, and performance bottlenecks as soon as they occur.

The goal is to ensure the system's health, security and compliance, enabling quick responses to potential problems and maintaining the overall stability and reliability of the environment. Toosl like Prometheus, Grafana, Nagios and Splunk are commonly used for continuous monitoring.

What's the difference between horizontal and vertical scaling?

horizontal-vertical scaling

They're both valid scaling techniques, but they both have different limitations on the affected system.

Horizontal scaling

  • Involves adding more machines or instances to your infrastructure.
  • Increases capacity by connecting multiple hardware or software entities sothey work as a single logical unit.
  • Often used in distributed systems and cloud environments.

Vertical scaling

  • Involves adding more resources (CPU, RAM, storage) to an existing machine.
  • Increases capacity by enhancing the power of a single server or instance.
  • Limited by the maximum capacity of the hardware.

In summary, horizontal scaling adds more machines to handle increased load, while vertical scaling enhances the power of existing machines.

What is a rollback and when would you perform one?

A rollback is the process of reverting a system to a previous stable state, typically after a failed or problematic deployment to production.

You would perform a rollback when a new deployment causes one or several of the following problems: application crashes, significant bugs, security vulnerabilities or performance problems.

The goal is to restore the system to a known "good" state while minimizing downtime and the impact on users while investigating and resolving the issues with the new deployment.

Explain what a service mesh is

service mesh

A service mesh is a dedicated layer in a sytem's architecture for handling service-to-service communication.

This is a very common problem to solve when your microservice-based architecture grows out of control. Suddenly having to understand how to orchestrate them all in a way that is reliable and scalable becomes more of a chore.

While teams can definitely come up with solutions to this problem, using a ready-made solution is also a great alternative.

A service mesh manages tasks like load balancing, service discovery, encryption, authentication, authorization and observability, without requiring changes to the application code (so it can easily be added once the problem presents, instead of planning for it from the start).

There are many products out there that provide this functionality, but some examples are Istio, Linkerd and Consul.

Intermediate

Describe how you would set up a CI/CD pipeline from scratch

Setting up a CI/CD pipeline from scratch involves several steps. Assuming you've already set up your project on a version control system and everyone in your team has proper access to it, then the next steps would help:

  1. Set up the continuous integration (CI):
  • Select a continuous integration tool (there are many, like Jenkins, Gitlab CI, CircleCI, pick one).
  • Connect the CI tool to your version control system.
  • Write a build script that defines the build process, including steps like code checkout, dependency installation, compiling the code and running tests.
  • Set up automated testing to run on every code commit or pull request.
  1. Artifact storage:
  • Decide where to store build artifacts (it could be Docker Hub, AWS S3 or anywhere you can then reference from the CD pipeline).
  • Configure the pipeline to package and upload artifacts to the storage after a successful build.
  1. Set up your Continuous Deployment (CD):
  • Choose a CD tool or extend your CI tool (same deal as before, there are many options, pick one). Define deployment scripts that specify how to deploy your application to different environments (e.g., development, staging, production).
  • Configure the CD tool to trigger deployments after successful builds and tests.
  • Set up environment specific configurations and secrets management. Remember that this system should be able to pull the artifacts from the continuous integration pipeline, so set up that access as well.
  1. Infrastructure setup:
  • Provision infrastructure using IaC tools (e.g., Terraform, CloudFormation).
  • Ensure environments are consistent and reproducible to reduce timesif there is a need to creat a new ones or destroy and recreate existing ones. This should be as easy as executing a command without any human intervention.
  1. Set up your monitoring and logging solutions:
  • Implement monitoring and logging for your applications and infrastructure (e.g., Prometheus, Grafana, ELK stack).
  • Remember to configure alerts for critical issues. Otherwise, you're missing a key aspect of monitoring (reacting to problems).
  1. Security and Compliance:
  • By now, it's a good idea to think about integrating security scanning tools into your pipeline (e.g., Synk, OWASP Dependency-Check).
  • Ensure compliance with relevant standards and practices depending on your specific project's needs.

Additionally, as a good practice, you might also want to document the CI/CD process, pipeline configuration, and deployment steps. This is to train new team members on using and maintaining the pipelines you just created.

How do containers help with consistency in development and production environments?

Containers help to add consistency in several ways, here are some examples:

  • Isolation: containers encapsulate all the dependencies, libraries, and configurations needed to run an application, isolating it from the host system and other containers. This ensures that the application runs the same way regardless of where the container is deployed.
  • Portability: container can be run on any environment that supports the container runtime. This means that the same container image can be used on a developer's local machine, atesting environment, or aproduction server without any kind of modification.
  • Consistency: By using the same container image across different environments, you eliminate inconsistencies from differences in configuration, dependencies and runtime environments. This ensures that if the application works in one environment, it will work in all others.
  • Version control: container images can be versioned and stored in registries (e.g., Docker Hub, AWS ECR). This allows teams to track and roll back to specific versions of an application if there are problems.
  • Reproducibility: containers make it easier to reproduce the exact environment required for the application. This is especially useful for debugging issues that occur in production but not in development, as developers can recreate the production environment locally.
  • Automation: containers facilitate the use of automated build and deployment pipelines. AUtomated processes can consistently create, test and dpeloy container images.

explain the concept of 'infrastructure as code' using Terraform.

IaC (Infrastructure as Code) is all about managing infrastructure through code, instead of using other more conventional configuration methods. Specifically in the context of Terraform, here is how you'd want to approach IaC:

  • Configuration Files: define your infrastructure using HCL or JSON files.
  • Execution Plan: Generate a plan showing the changes needed to reach the desired state.
  • Resource Provisioning: Terraform will then apply the plan to provision and configure desired resources.
  • State Management: Terraform then tracks the current state of your infrastructure with a state file.
  • Version control: finally, store the configuration files in a version control system to easily version them and share them with other team members.

What are the benefits of using Ansible for configuration management?

As an open-source tool for configuration management. Ansible provides several benefits when added to your project:

  • Simplicity: Easy to learn and use with simple YAML syntax.
  • Agentless: No need to install agents on managed nodes; instead it uses SSH to communicate with them.
  • Scalability: can manage a large number of servers simultaneously with minimum effort.
  • Integration: Ansible integrates well with various cloud providers, CI/CD tools, and infrastructure.
  • Modularity: Extensive library of modules for different tasks.
  • Reusability: Ansible playbooks and roles can be reused and shared across projects.

How do you handle secrets management in a DevOps pipeline?

There are many wayus to handle secrets management in a DevOps pipeline, some of them involve:

  • Storing secrets in environment variables managed by the CI/CD Tool.
  • Using secret management tools like HashiCrop Vault, AWS Secrets Manager, or Azure Key Vault to securely store and retrieve secrets.
  • Encrypted ocnfiguration files are also an option, with decryption keys stored securely somewhere else.
  • Whatever strategy you decide to go with, it's crucial to implement strict access controls and permissions, integrate secret management tools with CI/CD pipelines to fetch secrets securely at runtime, and above all, avoid hardcoding secrets in code repositories or configuration files.

What is GitOps and how does it differ from traditional CI/CD?

GitOps is a practice that uses Git as the single source of truth for infrastructure and application maangement. Itt takess advantage of Git repositories to sttore all configuration filles and through automated processses, it ensures that both infrastructure and application configuration match the described state in thte repo.

The main differences between GitOps and traditional CI/CD are:

  • Source of Truth: GitOps uses Git as the single source of truth for both infrastructure and application configurations. In traditional CI/CD, configurations may be scattered across various tools and scripts.
  • Deployment Automation: In GitOps, changes are automatically applied by reconciling the desired state in Git with the acutal state in the environment. Traditional CI/CD often involves manual steps for deployment.
  • Declarative Approach: GitOps emphasizes a declarative approach where the desired state is defined in Git and the system automatically converges towards it. Traditional CI/CD often uses imperative scripts to define steps and procedures to get the system to the state it should be in.
  • Operational Model: GitOps operates continuously, monitoring for changes in Git and applying them in near real-time. Traditional CI/CD typically follows a linear pipeline model with distinct build, test and deploy stages.
  • ROllback and Recovery: GitOps simplifies rollbacks and recovery by reverting changes in the Git repository, which is a native mechanism and automatically triggers the system to revert to the previous state. Traditional CI/CD may require extra work and configuration to roll back changes.

Describe the provess of blue-green deployment.

blue-green deployment

Blue-green deployment is a release strategy that reduces downtime and the risk of production issues by running two identical production environments, referred to as "blue" and "green".

At a high level, the way this process works is as follows:

  • Setup Two Environments: Prepare two identical environments: blue (current live environment) and green (new version environemnt).
  • Deploy to Green: Deploy the new version of the application to the green environment through your normal CI/CD pipelines.
  • Test green: Perform testing and validation in tthe green environment to ensure the new version works as expected.
  • Switch Traffic: Once the green environment is verified, switch the production traffic from blue to green. Optionally, the traffic switch can be done gradually to avoid potential problems from affecting all users immediately.
  • Monitor: Monitor the green environment to ensure it operates correctly with live traffic. Take your time and make sure you've monitored every single major event before issuing the "green light".
  • Fallback Plan: Keep the blue environment intawct as a fallback. If any issues arise in the green environment, you can quickly switch traffic back to the blue environment. This is one of the fastest rolllbacks you'll experience indeployment and release management.
  • Clean up: Once the green environment is stable and no issues are detected, you can update the blue environment to be the new staging area for the next deployment.

This way, you ensure minimal downtime (either for new deployments or for rollbacks) and allow for a quick rollback in case of issues with the new deployment.

What are the main components of Kubernetes?

There are many components involved, some of them are part of the master node, and others belong to to the worker nodes.

Here's a quick summary:

  1. Master Node Components:
  • Api Server: The front-end for the Kubernetes control plane, handling all RESTful requests for the cluster.
  • etcd: A distributed key-value store that holds the cluster's configuration and state.
  • Controller Manager: Manages various controlelrs that regulate the state of the cluster.
  • Scheduler: Assigns workloads to different nodes based on resource availability and other constraints.
  1. Worker Node Components:
  • Kubelet: This is an agent that runs on each node, and it ensures that each container is running in a Pod.
  • Kube-proxy: A network proxy that maintains network rules and handles routing for services.
  • Container Runtime: THis software runs containers, such as Docker, containerd, or CRI-O.
  1. Additional Components:
  • Pods: These are the smallest deployable units in Kubernetes; they consist of one or more containers.
  • Services: Services define a logical set of Pods and a policy for accessing them, they're often used for load balancing.
  • ConfigMaps and Secrets: They manage configuration data and sensitive information, respectively.
  • Ingress: It manages external access to services, typically through HTTP/HTTPS.
  • NameSspaces: THey provide a mechanism for isolating groups of resources within a single cluster.