Top 50 DevOps Interview Questions & Answers 2026: The Ultimate Guide

1. How do you reduce the size of a Docker image in a production environment?

Answer: Use **Multi-stage builds** to separate the build environment from the runtime environment. Additionally, use lightweight base images like **Alpine Linux**, minimize the number of layers by combining RUN commands, and use .dockerignore to exclude unnecessary files.

5. What is the difference between a Docker ENTRYPOINT and CMD?

Answer: ENTRYPOINT defines the main command of the image that cannot be easily overridden, while CMD provides default arguments for that command which can be overridden by the user during docker run.

15. Explain the Kubernetes 'Control Plane' components.

Answer: The Control Plane manages the cluster state. Key components include:

• kube-apiserver: The entry point for all REST commands.
• etcd: Consistent and highly-available key-value store for cluster data.
• kube-scheduler: Watches for new pods and assigns them to nodes.
• kube-controller-manager: Runs controller processes like node and replication controllers.

22. How does a Service locate its Pods in K8s?

Answer: Through Labels and Selectors. The Service definition includes a selector that matches the labels assigned to the Pods it needs to target.

35. What is 'Blue-Green' deployment vs 'Canary' deployment?

Answer: **Blue-Green** involves having two identical production environments; you switch all traffic from old (Blue) to new (Green) at once. **Canary** involves rolling out the new version to a small subset of users first before scaling to the entire infrastructure.

42. How do you handle secrets in Terraform?

Answer: Never hardcode secrets. Use environment variables (prefixed with TF_VAR_), encrypted .tfvars files, or integrate with an external secret manager like **HashiCorp Vault** or **AWS Secrets Manager**.