diff --git a/automation-scripting/README.md b/automation-scripting/README.md index fabc36b..927cdb0 100644 --- a/automation-scripting/README.md +++ b/automation-scripting/README.md @@ -450,6 +450,153 @@ ssh user@server 'bash -s' < local_script.sh Ansible modules ensure **idempotency** by only making changes when needed. + +### **61. How do you ensure idempotency in a Bash script used for automation?** + +**Answer:** +Idempotency means running the script multiple times produces the same result without causing unintended side effects. To ensure idempotency in Bash scripts, you should: + +- Check the current state before making changes (e.g., verify if a package is installed before installing). +- Use conditional statements to skip steps if already done. +- Avoid destructive commands without checks. +- Use flags or lock files to prevent concurrent runs. + +Example: + +```bash +if ! dpkg -l | grep -q "nginx"; then + apt-get install -y nginx +fi +``` + +This prevents reinstalling nginx if it’s already installed. + +### **62. Explain how you would debug a complex Bash script that is failing intermittently.** + +**Answer:** +To debug a complex Bash script: + +- Use `set -x` at the start to enable execution tracing and see each command as it runs. +- Use `set -e` to exit immediately on errors. +- Insert `echo` statements or logging to track variable values and flow. +- Check for race conditions or environment dependencies causing intermittent failures. +- Use `trap` to catch signals and errors and log them. +- Run the script in a controlled environment to isolate external factors. + +### **63. What are the differences between declarative and scripted Jenkins pipelines? When would you use each?** + +**Answer:** +- **Declarative Pipeline:** + - Uses a more structured and simpler syntax with predefined blocks (`pipeline`, `stages`, `steps`). + - Easier to read and maintain, designed for most CI/CD workflows. + - Supports built-in error handling and post actions. + +- **Scripted Pipeline:** + - Uses Groovy scripting language, more flexible and powerful. + - Allows complex logic, loops, and conditionals not easily done declaratively. + - Requires deeper Groovy knowledge. + +**Use cases:** +- Use declarative for standard CI/CD pipelines with straightforward stages. +- Use scripted when you need advanced logic, dynamic stages, or complex workflows. + +### **64. How do you handle secrets management in YAML files for Ansible playbooks?** + +**Answer:** +Secrets should never be stored in plain YAML files. Best practices include: + +- Use **Ansible Vault** to encrypt sensitive variables and files. +- Store secrets in encrypted files and decrypt them at runtime. +- Use environment variables or external secret managers (HashiCorp Vault, AWS Secrets Manager) and inject secrets dynamically. +- Avoid hardcoding secrets in playbooks or version control. + +Example command to create an encrypted file: + +```bash +ansible-vault create secrets.yml +``` + +### **65. How do you parse JSON data in a Bash script?** + +**Answer:** +Bash does not natively parse JSON, so you use tools like `jq`: + +```bash +json='{"name":"devops","age":5}' +name=$(echo $json | jq -r '.name') +echo $name # Output: devops +``` + +`jq` allows querying and extracting JSON fields easily. + +### **66. How can you trap signals in a Bash script and why is it important?** + +**Answer:** +Use the `trap` command to catch signals like `SIGINT` (Ctrl+C) or `SIGTERM` to perform cleanup or graceful shutdown: + +```bash +trap 'echo "Script interrupted"; exit 1' SIGINT SIGTERM +``` + +This is important to: + +- Clean up temporary files or resources. +- Prevent partial or corrupted state. +- Log interruptions for debugging. + +### **67. Describe how you would create a multi-stage Jenkins pipeline for a microservices application.** + +**Answer:** +A multi-stage Jenkins pipeline for microservices typically includes: + +- **Build stage:** Compile and build each microservice container image. +- **Test stage:** Run unit tests and integration tests per microservice. +- **Publish stage:** Push container images to a registry. +- **Deploy stage:** Deploy microservices to Kubernetes or other environments, possibly with Helm charts. +- **Approval stage:** Manual or automated approval before production deployment. +- **Production deploy stage:** Deploy to production with blue/green or canary strategies. + +This is implemented in Jenkinsfile with `stages` and parallel execution for microservices. + +### **68. What is the difference between `$(command)` and backticks `` `command` `` in Bash? Which one is preferred and why?** + +**Answer:** +- Both execute a command and substitute its output. +- `$(command)` is preferred because it is more readable, can be nested easily, and avoids confusion with backticks inside strings. +- Backticks are older syntax and harder to read especially when nested. + +Example: + +```bash +result=$(ls -l) +``` + +### **69. How do you ensure idempotency and error handling in Ansible roles?** + +**Answer:** +- Use **`when`** conditions to check states before making changes. +- Use **`changed_when`** and **`failed_when`** to control task outcomes. +- Use **handlers** to trigger actions only when changes occur. +- Use **`ignore_errors`** cautiously with proper logging. +- Test roles extensively in different environments. + +### **70. How do you create and use a Python virtual environment in a CI/CD pipeline?** + +**Answer:** +- Create a virtual environment: + +```bash +python3 -m venv venv +source venv/bin/activate +pip install -r requirements.txt +``` + +- Use the virtual environment to isolate dependencies and avoid conflicts. +- In CI/CD, activate the venv before running tests or deployment scripts to ensure consistent environment. + +These questions and answers cover advanced scripting, automation, CI/CD pipelines, configuration management, and best practices, providing a strong challenge for DevOps engineer interviews related to your list. If you want, I can provide more questions on specific topics like Kubernetes, Docker, or monitoring. + + --- ## **📢 Contribute & Stay Updated** diff --git a/containers/README.md b/containers/README.md index f6771f9..198601f 100644 --- a/containers/README.md +++ b/containers/README.md @@ -662,7 +662,41 @@ spec: ### **Docker Advanced Questions** -### **41. What are Docker namespaces and cgroups? How do they contribute to containerization?** +### **41. How do Docker namespaces and cgroups work together to provide container isolation?** + +Namespaces isolate the container’s view of the system (process IDs, network interfaces, mount points, etc.), making each container appear as a separate system. Cgroups (control groups) limit and prioritize resource usage (CPU, memory, I/O) for containers. Together, namespaces provide *security and separation*, while cgroups enforce *resource constraints*, enabling lightweight, secure containers without full virtualization. + +--- + +### **42. Explain the difference between Docker Volumes, Bind Mounts, and tmpfs mounts. When would you use each?** + +- **Docker Volumes:** Managed by Docker, stored in Docker’s storage area, best for persistent data that needs to survive container restarts and be shared between containers. +- **Bind Mounts:** Mount a host directory/file into a container, useful for development when you want live code changes reflected immediately. +- **tmpfs mounts:** Store data in the host’s memory only, ephemeral and fast, used for sensitive data or temporary files that should not persist. + +--- + +### **43. What are the advantages of Docker BuildKit, and how does it improve the Docker build process?** + +BuildKit improves build speed with parallel builds, better caching, and efficient layer reuse. It supports advanced features like build secrets, SSH forwarding, and inline cache export/import. BuildKit also produces smaller images by allowing multi-stage builds with better control and reduces build context size. + +--- + +### **44. How do you secure a Docker container in production?** + +Key practices include: + +- Use minimal base images to reduce attack surface. +- Run containers with least privileges (non-root user). +- Use Docker Content Trust to verify image signatures. +- Limit container resource usage with cgroups. +- Use seccomp, AppArmor, or SELinux profiles to restrict syscalls. +- Regularly scan images for vulnerabilities. +- Isolate containers using user namespaces and network policies. + +--- + +### **45. What are Docker namespaces and cgroups? How do they contribute to containerization?** **Answer:** @@ -678,7 +712,7 @@ cat /proc/self/cgroup --- -### **42. What is the difference between Docker Volumes, Bind Mounts, and tmpfs?** +### **46. What is the difference between Docker Volumes, Bind Mounts, and tmpfs?** **Answer:** @@ -696,7 +730,7 @@ docker run -v myvolume:/data nginx --- -### **43. What are Docker BuildKit advantages?** +### **47. What are Docker BuildKit advantages?** **Answer:** @@ -712,7 +746,7 @@ DOCKER_BUILDKIT=1 docker build . --- -### **44. How do you secure a Docker container?** +### **48. How do you secure a Docker container?** **Answer:** @@ -729,7 +763,7 @@ docker run --user 1001 --read-only nginx --- -### **45. How do multi-stage builds improve security in Docker?** +### **49. How do multi-stage builds improve security in Docker?** **Answer:** @@ -750,7 +784,7 @@ ENTRYPOINT ["/myapp"] --- -### **46. What are immutable infrastructure principles, and how do they apply to Docker?** +### **50. What are immutable infrastructure principles, and how do they apply to Docker?** **Answer:** @@ -760,7 +794,7 @@ ENTRYPOINT ["/myapp"] --- -### **47. How does Docker Content Trust (DCT) improve security?** +### **51. How does Docker Content Trust (DCT) improve security?** **Answer:** @@ -773,7 +807,7 @@ ENTRYPOINT ["/myapp"] --- -### **48. How do you troubleshoot a Docker daemon issue?** +### **52. How do you troubleshoot a Docker daemon issue?** **Answer:** @@ -783,7 +817,7 @@ ENTRYPOINT ["/myapp"] --- -### **49. What is the difference between Docker stack and Docker compose?** +### **53. What is the difference between Docker stack and Docker compose?** **Answer:** @@ -792,7 +826,7 @@ ENTRYPOINT ["/myapp"] --- -### **50. How do you handle container networking in a multi-host Docker Swarm?** +### **54. How do you handle container networking in a multi-host Docker Swarm?** **Answer:** @@ -805,9 +839,27 @@ ENTRYPOINT ["/myapp"] --- -## **Kubernetes Advanced Questions** +## **Kubernetes Advanced Questions** + +### **55. What is a PodDisruptionBudget (PDB) and how does it help maintain high availability?** + +A PDB defines the minimum number or percentage of pods that must remain available during voluntary disruptions (e.g., node drain, rolling updates). It prevents Kubernetes from evicting too many pods at once, ensuring application availability during maintenance or upgrades. + +--- + +### **56. How do Kubernetes Admission Controllers enhance cluster security?** + +Admission Controllers intercept requests to the Kubernetes API server after authentication and authorization but before persistence. They can enforce policies, mutate requests, or reject unsafe operations. Examples include PodSecurityPolicy, ResourceQuota, and NetworkPolicy controllers, which enforce security, resource limits, and network segmentation. + +--- + +### **57. Explain how Kubernetes Horizontal Pod Autoscaler (HPA) works internally.** + +HPA monitors metrics like CPU or custom metrics via the Metrics API. It compares current usage against target thresholds and adjusts the number of pod replicas accordingly by updating the Deployment or ReplicaSet spec. It uses a control loop running every 15 seconds by default to maintain desired load levels. + +--- -### **51. How does Kubernetes handle stateful applications?** +### **58. How does Kubernetes handle stateful applications?** **Answer:** @@ -828,7 +880,7 @@ spec: --- -### **52. What are PodDisruptionBudgets (PDBs)?** +### **59. What are PodDisruptionBudgets (PDBs)?** **Answer:** @@ -849,7 +901,7 @@ spec: --- -### **53. How do you secure Kubernetes Secrets?** +### **60. How do you secure Kubernetes Secrets?** **Answer:** @@ -863,7 +915,7 @@ spec: --- -### **54. What are Kubernetes Admission Controllers?** +### **61. What are Kubernetes Admission Controllers?** **Answer:** @@ -872,7 +924,7 @@ spec: --- -### **55. How does Kubernetes handle node failures?** +### **62. How does Kubernetes handle node failures?** **Answer:** @@ -882,7 +934,7 @@ spec: --- -### **56. What is a Kubernetes Mutating Webhook?** +### **63. What is a Kubernetes Mutating Webhook?** **Answer:** @@ -891,7 +943,7 @@ spec: --- -### **57. How do you debug networking issues in Kubernetes?** +### **64. How do you debug networking issues in Kubernetes?** **Answer:** @@ -915,7 +967,7 @@ spec: --- -### **58. How does Kubernetes Horizontal Pod Autoscaler (HPA) work internally?** +### **65. How does Kubernetes Horizontal Pod Autoscaler (HPA) work internally?** **Answer:** @@ -929,7 +981,7 @@ spec: --- -### **59. How do you implement multi-tenancy in Kubernetes?** +### **66. How do you implement multi-tenancy in Kubernetes?** **Answer:** @@ -951,7 +1003,7 @@ spec: --- -### **60. What is Kubernetes Cluster Federation?** +### **67. What is Kubernetes Cluster Federation?** **Answer:**