The DevOps Questions That Exposed My Infrastructure Knowledge Gaps
Eight years in DevOps taught me that interviews aren't about memorizing commands—they're about proving you can build reliable, scalable systems. Here are the questions that separate script kiddies from true infrastructure engineers.
My first DevOps interview was a disaster. When they asked "How would you handle a production outage?", I confidently listed every monitoring tool I knew. The principal engineer interrupted: "That's great, but what's your actual process? Who gets called first? How do you maintain communication?"
That question taught me that DevOps isn't just about tools—it's about building reliable systems, fostering collaboration, and maintaining calm under pressure. The best DevOps engineers don't just know Docker commands; they understand how to design systems that don't break in the first place.
After conducting hundreds of DevOps interviews and building infrastructure at companies from startups to Fortune 500s, I've compiled the questions that truly matter in 2026. These aren't just technical trivia—they're windows into how you think about reliability, automation, and scale.
DevOps Core Competencies
- Automation & CI/CD: Can you build reliable deployment pipelines?
- Infrastructure as Code: Do you treat infrastructure like software?
- Monitoring & Observability: Can you detect and diagnose issues quickly?
- Security & Compliance: Do you build security into every layer?
- Pro tip: Always discuss reliability, scalability, and security implications
Git & Version Control (Questions 1-10)
1. Explain the difference between git merge and git rebase.
Tests understanding of Git workflow and history management
Answer:
Git merge: Creates a new merge commit that combines two branches, preserving the complete history of both branches.
Git rebase: Replays commits from one branch onto another, creating a linear history without merge commits.
# Merge example
git checkout main
git merge feature-branch
# Rebase example
git checkout feature-branch
git rebase main
When to use: Use merge for shared branches, rebase for local feature branches before pushing.
2. How do you handle a Git conflict during merge?
Tests conflict resolution skills and Git workflow knowledge
Answer:
- Identify conflicted files:
git status - Open conflicted files and look for conflict markers (<<<<<<<, =======, >>>>>>>)
- Manually resolve conflicts by editing the file
- Stage resolved files:
git add filename - Complete the merge:
git commit
3. What's the difference between git reset, git revert, and git checkout?
Answer:
- git reset: Moves HEAD to a specific commit, can modify staging area and working directory
- git revert: Creates a new commit that undoes changes from a previous commit
- git checkout: Switches branches or restores files from a specific commit
4. Explain Git branching strategies (GitFlow, GitHub Flow, etc.)
Answer:
GitFlow: Uses main, develop, feature, release, and hotfix branches. Good for scheduled releases.
GitHub Flow: Simple workflow with main branch and feature branches. Deploy from main frequently.
GitLab Flow: Combines GitFlow and GitHub Flow with environment branches.
5. How do you secure Git repositories?
Answer:
- Use SSH keys instead of passwords
- Enable two-factor authentication
- Set up branch protection rules
- Use pre-commit hooks to scan for secrets
- Implement signed commits with GPG
- Regular access reviews and principle of least privilege
6-10. Additional Git Questions:
- 6. How do you find when a bug was introduced? (git bisect)
- 7. Explain git hooks and give examples (pre-commit, post-receive)
- 8. How do you handle large files in Git? (Git LFS)
- 9. What's the difference between git fetch and git pull?
- 10. How do you clean up local branches after remote deletion?
Jenkins & CI/CD (Questions 11-20)
11. Explain Jenkins Pipeline as Code (Jenkinsfile).
Answer:
Jenkinsfile defines the entire build pipeline as code, stored in version control with the application code.
pipeline {
agent any
stages {
stage('Build') {
steps {
sh 'mvn clean compile'
}
}
stage('Test') {
steps {
sh 'mvn test'
}
post {
always {
publishTestResults testResultsPattern: 'target/surefire-reports/*.xml'
}
}
}
stage('Deploy') {
steps {
sh 'docker build -t myapp .'
sh 'docker push myapp:latest'
}
}
}
}12. How do you handle Jenkins security?
Answer:
- Enable matrix-based security
- Use LDAP/SSO integration
- Implement role-based access control (RBAC)
- Secure Jenkins master and agents
- Use credentials plugin for secrets management
- Regular security updates and plugins audit
13. Explain Blue-Green deployment strategy.
Answer:
Blue-Green deployment maintains two identical production environments. At any time, one serves traffic (Blue) while the other (Green) is updated. Traffic is switched instantaneously.
Benefits: Zero downtime, instant rollback, reduced risk
Drawbacks: Requires double infrastructure, database synchronization challenges
14-20. Additional Jenkins/CI/CD Questions:
- 14. How do you implement parallel execution in Jenkins?
- 15. Explain Jenkins master-slave architecture
- 16. How do you handle build artifacts and dependencies?
- 17. What's the difference between Canary and Rolling deployments?
- 18. How do you implement automated testing in CI/CD?
- 19. Explain GitOps and its benefits
- 20. How do you monitor and optimize CI/CD pipelines?
Docker & Containerization (Questions 21-30)
21. Explain Docker architecture and components.
Answer:
Docker Client: Command-line interface for users
Docker Daemon: Background service managing containers
Docker Images: Read-only templates for creating containers
Docker Containers: Running instances of images
Docker Registry: Storage for images (Docker Hub, ECR)
Dockerfile: Text file with instructions to build images
22. Write a Dockerfile for a Node.js application.
Answer:
# Multi-stage build FROM node:18-alpine AS builder WORKDIR /app COPY package*.json ./ RUN npm ci --only=production FROM node:18-alpine AS runtime RUN addgroup -g 1001 -S nodejs RUN adduser -S nextjs -u 1001 WORKDIR /app COPY --from=builder /app/node_modules ./node_modules COPY . . USER nextjs EXPOSE 3000 HEALTHCHECK --interval=30s --timeout=3s \ CMD curl -f http://localhost:3000/health || exit 1 CMD ["node", "server.js"]
23. How do you optimize Docker images?
Answer:
- Use multi-stage builds
- Choose minimal base images (alpine, distroless)
- Minimize layers by combining RUN commands
- Use .dockerignore to exclude unnecessary files
- Cache dependencies effectively
- Run as non-root user
- Remove package managers and build tools in final image
24. Explain Docker networking modes.
Answer:
Bridge: Default network, containers communicate via internal network
Host: Container uses host's network directly
None: No networking, isolated container
Overlay: Multi-host networking for Docker Swarm
Macvlan: Assign MAC addresses to containers
25-30. Additional Docker Questions:
- 25. How do you handle persistent data in containers? (Volumes vs Bind Mounts)
- 26. Explain Docker Compose and provide an example
- 27. How do you secure Docker containers?
- 28. What's the difference between COPY and ADD in Dockerfile?
- 29. How do you debug a failing container?
- 30. Explain container orchestration and when you need it
Kubernetes (Questions 31-40)
31. Explain Kubernetes architecture.
Answer:
Master Node:
- API Server: Central management point
- etcd: Distributed key-value store
- Controller Manager: Manages controllers
- Scheduler: Assigns pods to nodes
Worker Node:
- Kubelet: Node agent
- Kube-proxy: Network proxy
- Container Runtime: Docker/containerd
32. Write a Kubernetes Deployment YAML.
Answer:
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.20
ports:
- containerPort: 80
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 30
periodSeconds: 1033. Explain Kubernetes Services and types.
Answer:
ClusterIP: Internal service, accessible only within cluster
NodePort: Exposes service on each node's IP at a static port
LoadBalancer: Exposes service externally using cloud provider's load balancer
ExternalName: Maps service to external DNS name
34. How do you handle secrets and config in Kubernetes?
Answer:
ConfigMaps: Store non-sensitive configuration data
Secrets: Store sensitive data (passwords, tokens, keys)
Best Practices:
- Use external secret management (Vault, AWS Secrets Manager)
- Enable encryption at rest for etcd
- Use RBAC to limit access
- Rotate secrets regularly
35-40. Additional Kubernetes Questions:
- 35. Explain Pod lifecycle and restart policies
- 36. How do you implement auto-scaling (HPA, VPA, Cluster Autoscaler)?
- 37. What are Ingress controllers and how do they work?
- 38. Explain StatefulSets vs Deployments
- 39. How do you troubleshoot failing pods?
- 40. Implement network policies for security
Terraform & Infrastructure as Code (Questions 41-50)
41. Explain Terraform workflow and state management.
Answer:
Terraform Workflow:
terraform init- Initialize working directoryterraform plan- Create execution planterraform apply- Apply changesterraform destroy- Destroy infrastructure
State Management: Terraform state tracks resource mappings and metadata. Use remote state backends (S3, Terraform Cloud) for team collaboration.
42. Write Terraform code for AWS EC2 with security groups.
Answer:
# Configure AWS Provider
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
}
}
provider "aws" {
region = var.aws_region
}
# Security Group
resource "aws_security_group" "web_sg" {
name_prefix = "web-sg-"
description = "Security group for web server"
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "web-security-group"
}
}
# EC2 Instance
resource "aws_instance" "web_server" {
ami = data.aws_ami.ubuntu.id
instance_type = var.instance_type
vpc_security_group_ids = [aws_security_group.web_sg.id]
user_data = file("user_data.sh")
tags = {
Name = "web-server"
Environment = var.environment
}
}
# Data source for latest Ubuntu AMI
data "aws_ami" "ubuntu" {
most_recent = true
owners = ["099720109477"] # Canonical
filter {
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-20.04-amd64-server-*"]
}
}43. Explain Terraform modules and best practices.
Answer:
Modules: Reusable Terraform configurations that encapsulate multiple resources
Best Practices:
- Use remote state backend
- Implement proper tagging strategy
- Use variable validation and descriptions
- Follow naming conventions
- Implement state locking
- Use separate environments (dev/staging/prod)
- Pin provider versions
44-50. Additional Terraform Questions:
- 44. How do you handle Terraform state conflicts?
- 45. Explain terraform import and when to use it
- 46. How do you implement blue-green deployments with Terraform?
- 47. What are Terraform workspaces and their use cases?
- 48. How do you test Terraform code?
- 49. Explain Terraform Cloud vs Terraform Enterprise
- 50. How do you handle secrets in Terraform?
Ace Any DevOps Interview
Stuck on a Kubernetes YAML or can't remember Terraform syntax? LastRound AI provides real-time DevOps guidance during your interviews.
- ✓ Docker and Kubernetes YAML examples
- ✓ CI/CD pipeline configuration help
- ✓ Terraform and infrastructure code snippets
- ✓ Git workflow and troubleshooting commands
DevOps Interview Success Tips
The CALMS Framework
Use this framework to demonstrate DevOps understanding:
- Culture: Collaboration between dev and ops teams
- Automation: Automate repetitive tasks and processes
- Lean: Eliminate waste, continuous improvement
- Measurement: Monitor everything, data-driven decisions
- Sharing: Knowledge sharing and feedback loops
What Separates Great DevOps Engineers
✓ Top Performers Show:
- • Systems thinking and holistic approach
- • Strong automation and scripting skills
- • Security-first mindset
- • Incident response and troubleshooting
- • Continuous learning and adaptation
- • Collaboration and communication skills
❌ Common Pitfalls:
- • Tool-focused without understanding principles
- • Ignoring security and compliance
- • Poor monitoring and observability
- • Manual processes instead of automation
- • Siloed thinking (dev vs ops)
- • Not considering scalability and reliability
The best DevOps engineers I've worked with understand that technology is just the enabler. They focus on building reliable, scalable systems while fostering a culture of collaboration and continuous improvement. Master the tools, but more importantly, understand how they fit into the bigger picture of delivering value to users reliably and quickly.