DevOps & SRE Interview Guide 2026: Infrastructure, CI/CD, Kubernetes, and Incident Response

Complete preparation guide for DevOps and Site Reliability Engineering interviews covering Kubernetes, Terraform, CI/CD pipeline design, observability, incident management, and real troubleshooting scenarios.

DevOps/SRE Interview Overview: What Companies Actually Evaluate

DevOps and SRE roles sit at the intersection of software engineering and operations. Interviews test a unique combination of skills:

  1. Infrastructure Design (30%) — Cloud architecture, networking, security
  2. Automation & CI/CD (25%) — Pipeline design, IaC, GitOps
  3. Reliability & Incident Response (25%) — SLOs, monitoring, troubleshooting
  4. Coding/Scripting (20%) — Python/Go/Bash automation, tool building

The key difference from software engineering interviews: you're expected to think about PRODUCTION from minute one. Failure modes, scaling, cost, security, and observability should be part of every answer.

Kubernetes (Asked at 90% of DevOps/SRE Interviews)

Core Concepts You Must Know

Architecture:

Workload Resources:

Networking:

Storage:

Kubernetes Interview Questions (With Expert Answers)

Q: How would you implement zero-downtime deployments in Kubernetes?

A: Use Deployment with RollingUpdate strategy. Configure:

Q: A pod is in CrashLoopBackOff. How do you debug it?

A: Systematic approach:

  1. kubectl describe pod <name> — Check Events section for scheduling/pulling errors
  2. kubectl logs <pod> --previous — See logs from the crashed container
  3. Check resource limits — OOMKilled means memory limit too low
  4. Check readiness/liveness probes — misconfigured probes cause restart loops
  5. kubectl exec -it <pod> -- /bin/sh (if it stays up briefly) — investigate filesystem/configs
  6. Check dependent services — DB connection strings, secrets mounting, DNS resolution

Q: How do you handle secrets in Kubernetes?

A: Multi-layered approach:

  1. Never store secrets in Git or ConfigMaps
  2. Use Kubernetes Secrets (base64 encoded, not encrypted at rest by default)
  3. Enable encryption at rest (EncryptionConfiguration with AES-CBC or KMS)
  4. External secret management: HashiCorp Vault, AWS Secrets Manager, or GCP Secret Manager
  5. Inject via ExternalSecrets Operator or CSI Secret Store Driver
  6. Rotate secrets automatically, audit access via RBAC

Helm and GitOps

Helm:

GitOps (ArgoCD/Flux):

Terraform and Infrastructure as Code

Core Concepts

State management:

Modules:

Workspaces vs Environments:

Terraform Interview Questions

Q: How do you handle Terraform state drift?

A:

  1. Run terraform plan regularly (CI/CD on schedule) to detect drift
  2. Investigate: was the drift intentional (emergency hotfix) or accidental?
  3. If intentional: update Terraform code to match reality, then terraform apply
  4. If accidental: terraform apply to enforce desired state
  5. Prevention: enforce all changes through Terraform (deny console access in prod), use Sentinel/OPA policies

Q: How do you manage secrets in Terraform?

A:

  1. Never commit secrets in .tf files or terraform.tfvars
  2. Use environment variables (TF_VAR_db_password)
  3. Reference secrets from Vault/AWS Secrets Manager using data sources
  4. Mark sensitive outputs with sensitive = true
  5. Encrypt state file (remote backend with encryption)
  6. Use SOPS or age for encrypting variable files in Git

CI/CD Pipeline Design

Modern Pipeline Architecture

Stages:

  1. Source — Git push triggers pipeline (webhook or poll)
  2. Build — Compile, Docker build, artifact creation
  3. Test — Unit tests, integration tests, contract tests
  4. Security Scan — SAST (code), SCA (dependencies), container scan
  5. Deploy to Staging — Automatic deployment to non-prod
  6. Integration/E2E Tests — Test in staging environment
  7. Deploy to Production — Manual approval gate or automatic (if brave)
  8. Verify — Smoke tests, synthetic monitoring, canary analysis
  9. Rollback — Automatic rollback if verification fails

Deployment Strategies

Blue-Green:

Canary:

Rolling Update:

Feature Flags:

Pipeline Interview Questions

Q: Design a CI/CD pipeline for a microservices architecture with 20 services.

A: Key considerations:

Observability and Monitoring

The Three Pillars

Metrics (Prometheus/Datadog):

Logs (ELK/Loki):

Traces (Jaeger/Tempo):

SLOs, SLIs, and Error Budgets

SLI (Service Level Indicator): The metric you measure

SLO (Service Level Objective): The target value for the SLI

SLA (Service Level Agreement): Business contract with consequences

Error Budget: 100% - SLO = acceptable error

Alerting Best Practices

  1. Alert on symptoms, not causes — Alert on "users can't log in," not "CPU is 80%"
  2. Every alert must be actionable — If receiving the alert doesn't change your behavior, remove it
  3. Severity levels: P1 (page immediately), P2 (respond in 1 hour), P3 (next business day)
  4. Reduce noise: Group related alerts, use intelligent suppression during known outages
  5. Document runbooks: Every alert links to a runbook explaining: what it means, how to investigate, how to resolve

Incident Management

The Incident Lifecycle

  1. Detection — Monitoring alert, customer report, or automated check
  2. Triage — Assess severity (P1-P4), assign incident commander
  3. Communication — Status page update, stakeholder notification
  4. Investigation — Follow the data (metrics → logs → traces)
  5. Mitigation — Restore service (rollback, failover, hotfix)
  6. Resolution — Root cause fix (permanent)
  7. Postmortem — Blameless review, action items, learning

Troubleshooting Framework (For Interview Scenarios)

When given a troubleshooting scenario:

  1. Assess impact: "First, I'd check: how many users are affected? Is it total or partial outage?"
  2. Check recent changes: "Were there any deployments in the last hour? Config changes? Infrastructure changes?"
  3. Follow the request path: Start from the user and trace through each component
  4. Use metrics → logs → traces: Metrics show WHAT's wrong, logs show WHERE, traces show HOW
  5. Isolate the component: "Is it the load balancer? The application? The database? The network?"
  6. Mitigate first, debug later: "I'd rollback the recent deployment while continuing to investigate root cause"

Troubleshooting Scenarios (Common Interview Questions)

Scenario: API latency increased 5x after a deployment

Scenario: Intermittent 503 errors for 5% of users

Security (Increasingly Important in DevOps/SRE Interviews)

Key Topics

How to Practice for DevOps/SRE Interviews

  1. Build real infrastructure — Deploy a multi-service app on Kubernetes with Terraform, CI/CD, and monitoring
  2. Break things intentionally — Kill pods, saturate resources, inject network failures. Practice diagnosis.
  3. Write incident postmortems — For real outages you've experienced or read about publicly
  4. Practice design questions verbally — "Design a deployment pipeline for..." should be a 35-minute verbal exercise
  5. Mock interviews — DevOps/SRE interviews are highly conversational. Practice explaining architectures and troubleshooting scenarios out loud.

Frequently Asked Questions

What are the most important Kubernetes concepts for DevOps interviews?

The most critical Kubernetes concepts for interviews are: Pod lifecycle and debugging (CrashLoopBackOff, OOMKilled), Deployments with rolling update strategies, Services and networking (ClusterIP, Ingress, Network Policies), resource management (requests/limits, HPA), secrets management, and observability (health probes, logging, monitoring). Practice troubleshooting scenarios verbally.

How do I prepare for SRE interviews with no SRE experience?

Focus on: (1) Learn observability fundamentals (metrics, logs, traces, alerting), (2) Understand SLOs/SLIs/error budgets conceptually, (3) Practice incident response scenarios verbally, (4) Build a personal project with monitoring and CI/CD, (5) Read the Google SRE book (free online), (6) Study real incident postmortems from companies like Cloudflare, GitHub, and Datadog. SRE interviews value principles over specific tool experience.

Is coding important for DevOps and SRE interviews?

Yes. Most DevOps/SRE interviews include a coding round (Python, Go, or Bash). Common coding tasks include: writing automation scripts, implementing a health check system, creating a log parser, building a simple CLI tool, or solving infrastructure-related coding problems. The coding bar is typically lower than SDE interviews but you must demonstrate programming competence.

What is the difference between DevOps and SRE interviews?

DevOps interviews emphasize: CI/CD pipeline design, Infrastructure as Code (Terraform), containerization, automation, and developer experience. SRE interviews emphasize: reliability engineering (SLOs, error budgets), incident management, distributed systems understanding, capacity planning, and performance engineering. SRE roles typically require stronger coding skills and systems thinking.