InterviewStack.io LogoInterviewStack.io

Container and Kubernetes Security Questions

Security for containerized applications and Kubernetes platforms across the full lifecycle: secure image creation and supply chain, image scanning and vulnerability management, secure base images, image signing, runtime protection and intrusion detection, container isolation and least privilege at the container level, secrets management, pod security policies and admission controllers, network policies and microsegmentation, role based access control for cluster access, cluster hardening and configuration management, secure cluster bootstrapping and upgrades, and compliance considerations and audit logging for container environments. Candidates should be able to discuss tooling, threat models specific to cloud native workloads, and operational practices for preventing and responding to container and orchestration security incidents.

HardTechnical
69 practiced
Build a threat model for supply chain attacks that target base images and container registries. Identify attacker capabilities, likely attack vectors, high-value assets, and short and long-term mitigations SRE teams should prioritize.
MediumTechnical
141 practiced
Explain the role of eBPF-based tools for container security (observability, network filtering, syscall tracing). What are the advantages compared to kernel modules or user-space agents, and what are the associated security risks of deploying eBPF programs?
MediumTechnical
77 practiced
Write a Kubernetes NetworkPolicy YAML that allows inbound traffic to pods with label app: frontend only from pods in namespace 'backend' with label role: api on TCP port 8080, and denies all other ingress. Explain each field briefly.
MediumSystem Design
72 practiced
Design a CI/CD pipeline step that enforces image scanning and image signing before an image is pushed to the production registry. Include tools, failure criteria, where SBoMs and signatures are stored, and how to handle legacy images without SBOMs.
EasyTechnical
99 practiced
What is a Kubernetes NetworkPolicy and how does it implement microsegmentation? Given the following Pod label selector app: frontend, explain how a NetworkPolicy could restrict ingress to only requests from a backend service in namespace backend.

Unlock Full Question Bank

Get access to hundreds of Container and Kubernetes Security interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.