AWS EKS Interview Questions and Answers
Posted inInterview Question Kubernetes

AWS EKS Interview Questions and Answers

1. What is Amazon EKS, and how does it work?

Amazon EKS is a fully managed Kubernetes service provided by AWS that allows you to run Kubernetes clusters without managing the underlying infrastructure. It simplifies deploying, managing, and scaling containerized applications using Kubernetes. AWS handles tasks such as patching, scaling, and security for the control plane while you can focus on managing your applications.

2. How does EKS differ from running Kubernetes on an EC2 instance?

  • EKS: Fully managed Kubernetes service where AWS manages the control plane (Kubernetes master nodes). You only manage the worker nodes (EC2 instances) and the applications running on them.
  • Self-managed Kubernetes on EC2: You manage both the control plane and the worker nodes, meaning more overhead and responsibility for patching, scaling, and high availability.

3. How do you set up an EKS cluster?

To set up an EKS cluster, follow these basic steps:

  1. Create an IAM Role for EKS with the necessary permissions.
  2. Create the EKS Cluster using AWS CLI, SDK, or AWS Management Console.
  3. Create worker nodes using EC2 instances and associate them with the EKS cluster.
  4. Configure kubectl to interact with the cluster by updating the kubeconfig file.
  5. Deploy applications using kubectl or Helm charts.

4. Explain how EKS integrates with AWS IAM.

AWS IAM (Identity and Access Management) is tightly integrated with EKS to control access to Kubernetes resources. EKS uses IAM roles to grant permissions for API operations within the cluster. Kubernetes RBAC (Role-Based Access Control) works alongside IAM to manage access to cluster resources.

  • IAM for Service Accounts: You can associate IAM roles with Kubernetes service accounts using OIDC (OpenID Connect) for fine-grained access control to AWS resources like S3, DynamoDB, or SQS.

5. What is the role of kubectl in EKS?

kubectl is the Kubernetes command-line tool that interacts with EKS clusters to manage resources like pods, deployments, services, and more. You use kubectl to perform operations like creating, scaling, or deleting Kubernetes resources, configuring namespaces, and applying configurations (YAML files).

After creating the EKS cluster, you need to configure kubectl to use the right kubeconfig file, which contains details like the API server endpoint, cluster name, and authentication credentials.

6. What is the difference between a Kubernetes Deployment and a DaemonSet?

  • Deployment: Ensures that a specified number of pods are running and managed. It is typically used for stateless applications.
  • DaemonSet: Ensures that a specific pod is running on all (or a subset) of nodes in the cluster. It’s ideal for running cluster-wide services like logging agents, monitoring tools, or network proxies.

7. How does EKS handle scaling of applications and nodes?

  • Pod Scaling: You can scale the number of pods running within a deployment by updating the replica count or using Horizontal Pod Autoscalers (HPA) based on CPU or memory usage.
  • Node Scaling: EKS integrates with Amazon EC2 Auto Scaling to scale the worker nodes in response to workload demands. The Cluster Autoscaler can automatically scale the number of nodes up or down based on pod resource requirements.

8. What is Amazon ECR, and how does it integrate with EKS?

Amazon ECR (Elastic Container Registry) is a fully managed container registry service to store and manage Docker images. EKS integrates with ECR to pull container images when deploying applications in Kubernetes. You can push your container images to ECR and configure EKS to pull these images for running workloads.

9. What are EKS node groups, and how do you create them?

An EKS Node Group is a collection of EC2 instances that are used to run your application workloads (pods) in the cluster. These nodes are managed by EKS and can be configured to automatically scale based on the resource demands.

You can create node groups using the AWS Management Console, AWS CLI, or EKS API. You can specify the EC2 instance types, the desired number of nodes, and scaling policies when creating a node group.

10. How do you manage secrets in EKS?

You can manage secrets in EKS using:

  • AWS Secrets Manager: A service to store and manage sensitive information like database credentials, API keys, etc. You can use IAM roles to grant Kubernetes service accounts access to these secrets.
  • Kubernetes Secrets: Kubernetes provides its own secrets management system, but it is not encrypted by default. You can encrypt Kubernetes secrets at rest using EKS with the help of KMS (Key Management Service).
  • Vault: You can use HashiCorp Vault to manage secrets and integrate it with EKS.

11. What is an EKS Service, and how does it work?

An EKS Service is an abstraction that allows you to expose a set of pods to the outside world or within the cluster. There are several types of services in Kubernetes:

  • ClusterIP: Exposes the service internally within the cluster (default).
  • LoadBalancer: Exposes the service externally with a public IP through an AWS ELB (Elastic Load Balancer).
  • NodePort: Exposes the service on a specific port across all nodes.
  • Headless Service: Provides DNS records for pods without a load balancer.

12. How do you monitor EKS clusters and troubleshoot issues?

To monitor and troubleshoot EKS clusters:

  • CloudWatch Logs: You can enable logging for the EKS control plane and send logs to Amazon CloudWatch for monitoring.
  • CloudWatch Container Insights: Provides detailed performance monitoring for containers running in EKS, including metrics like CPU and memory usage.
  • Kubernetes Metrics Server: Collects metrics like CPU and memory usage for pods and nodes, enabling Horizontal Pod Autoscaler and cluster health monitoring.
  • Prometheus and Grafana: You can deploy Prometheus to collect metrics and Grafana to visualize them in dashboards.
  • kubectl logs: Use the kubectl logs command to view logs from specific pods for debugging purposes.

13. What is the role of the EKS control plane?

The EKS control plane consists of the Kubernetes API server, scheduler, and controller manager that manage and control the Kubernetes cluster. EKS automatically provisions and manages the control plane for you, ensuring it is highly available, secure, and scalable. You don’t need to worry about the underlying infrastructure for the control plane.

14. What is Kubernetes RBAC, and how is it used in EKS?

RBAC (Role-Based Access Control) is a method for controlling access to Kubernetes resources based on roles and permissions. In EKS, you can configure RBAC to allow or deny access to specific resources like pods, services, or deployments.

You define roles and role bindings in Kubernetes to map users or service accounts to specific actions (e.g., get, list, create).

15. How does EKS support multi-region and multi-account clusters?

  • Multi-region: You can set up cross-region EKS clusters and use services like VPC Peering or Transit Gateway to enable communication between clusters in different AWS regions.
  • Multi-account: You can use AWS Organizations to manage multiple AWS accounts, and IAM roles for cross-account access between EKS clusters in different accounts.

16. What is the EKS managed node group, and what are its benefits?

EKS Managed Node Groups are EC2 instances that are automatically managed by Amazon EKS. AWS takes care of the provisioning, scaling, and lifecycle management of the EC2 instances. Benefits include:

  • Automated patching.
  • Easy scaling via the console or CLI.
  • Managed upgrades of the underlying EC2 instances.

17. How do you update an EKS cluster?

To update an EKS cluster:

  1. Update the EKS control plane: This can be done using the AWS Management Console or CLI. EKS control plane updates are automated and usually take a few minutes.
  2. Update worker nodes: You need to manually update the worker nodes either by launching new instances with the updated AMI (Amazon Machine Image) or by upgrading node groups via the console or CLI.
  3. Update Kubernetes resources: After updating the cluster, update your workloads (e.g., pods, deployments) to take advantage of new Kubernetes features.

18. What are some best practices for securing EKS clusters?

  • Use IAM Roles for Service Accounts (IRSA) to assign minimal permissions to pods.
  • Enable encryption at rest for sensitive data stored in EKS.
  • Use Network Policies to control the communication between pods.
  • Use Security Groups for Pods (SG for Pods) to restrict inbound and outbound traffic to specific IPs and ports.
  • Enable Audit Logs in CloudTrail for monitoring API activity.

19. What is AWS Fargate, and how does it work with EKS?

AWS Fargate is a serverless compute engine for containers that runs containers without requiring you to manage EC2 instances. In EKS, you can run pods on Fargate, allowing you to focus purely on the application without worrying about the infrastructure. Fargate handles provisioning, scaling, and managing the compute resources.

20. How do you troubleshoot a pod stuck in a pending state in EKS?

  • Check the pod’s resource requests and limits to ensure that sufficient resources are available.
  • Inspect the Events in the Kubernetes namespace using kubectl get events.
  • Check the node status and ensure there are available nodes in the cluster.
  • Use kubectl describe pod <pod_name> to get detailed information and error messages.
  • Ensure the node group has enough capacity for the pod.
Tags: