Kubernetes Architecture, Troubleshooting, Security, and CI/CD (GKE/EKS)

Context: You are the on-call software engineer for a managed Kubernetes cluster (GKE or EKS). Answer the following sections concisely and practically as if in a technical screen.

1) Control Plane Components

Describe the purpose and responsibilities of these components:

• API server
• Scheduler
• Controller manager
• etcd

2) Worker Node Responsibilities

Explain what runs on worker nodes and the role of each:

• kubelet
• kube-proxy
• CRI (container runtime)
• CNI (networking)

3) CrashLoopBackOff Diagnosis and Fix

A Deployment rollout is stuck with Pods in CrashLoopBackOff. Walk through the kubectl commands you would run and the key signals you would inspect to identify root cause and fix it.

4) Security Hardening Plan

Propose a practical hardening plan covering:

• RBAC and least privilege for humans and services
• NetworkPolicy (ingress and egress)
• Secrets at rest with KMS and runtime access
• Pod security standards and securityContext defaults
• Image scanning and supply-chain integrity
• Admission controls and policy enforcement

5) CI/CD for GKE/EKS with Canary and Rollbacks

Design an end-to-end pipeline (tools are your choice) that:

• Builds, tests, scans, signs, and deploys images/manifests
• Performs progressive delivery (canary) with automatic or manual promotion
• Supports rapid, safe rollback