How do I approach System Design interview questions?

System Design questions require understanding of core concepts and practice. PracHub provides solutions with explanations to help you master system design interviews.

What difficulty level is this interview question?

This is a hard difficulty System Design question, commonly asked during Technical Screen rounds at Salesforce.

What role is this question designed for?

This question is commonly asked for Software Engineer candidates at Salesforce during technical interviews.

Design secure Kubernetes with CI/CD | Salesforce Interview Question

Quick Overview

This question evaluates expertise in Kubernetes architecture, cluster operations and troubleshooting, security hardening, and CI/CD pipeline design for managed Kubernetes clusters, covering control plane and node responsibilities, incident diagnosis, access and network policies, secret management, image integrity, and progressive delivery mechanisms. It is commonly asked to assess operational and security judgment and design thinking, testing both conceptual understanding of distributed control and security models and practical application in real-world CI/CD and incident-response scenarios within the System Design domain.

Kubernetes Architecture, Troubleshooting, Security, and CI/CD (GKE/EKS)

Context: You are the on-call software engineer for a managed Kubernetes cluster (GKE or EKS). Answer the following sections concisely and practically as if in a technical screen.

1) Control Plane Components

Describe the purpose and responsibilities of these components:

API server
Scheduler
Controller manager
etcd

2) Worker Node Responsibilities

Explain what runs on worker nodes and the role of each:

kubelet
kube-proxy
CRI (container runtime)
CNI (networking)

3) CrashLoopBackOff Diagnosis and Fix

A Deployment rollout is stuck with Pods in CrashLoopBackOff. Walk through the kubectl commands you would run and the key signals you would inspect to identify root cause and fix it.

4) Security Hardening Plan

Propose a practical hardening plan covering:

RBAC and least privilege for humans and services
NetworkPolicy (ingress and egress)
Secrets at rest with KMS and runtime access
Pod security standards and securityContext defaults
Image scanning and supply-chain integrity
Admission controls and policy enforcement

5) CI/CD for GKE/EKS with Canary and Rollbacks

Design an end-to-end pipeline (tools are your choice) that:

Builds, tests, scans, signs, and deploys images/manifests
Performs progressive delivery (canary) with automatic or manual promotion
Supports rapid, safe rollback

Quick Overview

4) Security Hardening Plan

Propose a practical hardening plan covering:

RBAC and least privilege for humans and services

NetworkPolicy (ingress and egress)

Secrets at rest with KMS and runtime access

Pod security standards and securityContext defaults

Image scanning and supply-chain integrity

Admission controls and policy enforcement

Design secure Kubernetes with CI/CD

Quick Overview

Kubernetes Architecture, Troubleshooting, Security, and CI/CD (GKE/EKS)

1) Control Plane Components

2) Worker Node Responsibilities

3) CrashLoopBackOff Diagnosis and Fix

4) Security Hardening Plan

5) CI/CD for GKE/EKS with Canary and Rollbacks

Solution

Comments (0)

Design secure Kubernetes with CI/CD

Quick Overview

Kubernetes Architecture, Troubleshooting, Security, and CI/CD (GKE/EKS)

1) Control Plane Components

2) Worker Node Responsibilities

3) CrashLoopBackOff Diagnosis and Fix

4) Security Hardening Plan

5) CI/CD for GKE/EKS with Canary and Rollbacks

Solution

Comments (0)