Interview Kubernetes, Docker, Helm & Podman

What is a CNI plugin, and name a few (Calico, Cilium, AWS VPC CNI)?

Kubernetes, Docker, Helm & Podman · Basic level

Answer

A CNI plugin implements Pod networking: IP allocation, interface setup, routing, and often NetworkPolicy enforcement. Common examples are Calico, Cilium, Flannel, and AWS VPC CNI on EKS.

Technical explanation

CNI choice affects IP consumption, network policy support, eBPF features, observability, and cloud integration.

On EKS, AWS VPC CNI gives Pods VPC IPs, which is powerful but can make subnet IP exhaustion a scaling issue.

Kubernetes networking separates identity and discovery from Pod IP churn by using Services, DNS, EndpointSlices, and routing rules.

Security is not automatic in the flat Pod network; NetworkPolicy and application auth are required for segmentation.

Cloud integrations such as EKS load balancers add provider-specific annotations, subnet tagging, health checks, and security group behavior.

Hands-on example

1. Deploy an app Pod and a temporary debug Pod to test this traffic path with nslookup, dig, curl, and kubectl get endpointslices: compare CNI capabilities such as policy enforcement and IP allocation.

2. Add or change Service, Ingress, CNI, or NetworkPolicy resources one at a time and observe the traffic path.

3. Validate both allowed and denied flows so you know the policy is actually enforced by the CNI.

4. Record the troubleshooting path from DNS to Service to endpoint to Pod logs.

Preparing for an interview?

Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.

More Kubernetes, Docker, Helm & Podman interview questions

← All Kubernetes, Docker, Helm & Podman questions