SRE 面试对照表（岗位要求 → 可能问题 → 回答要点）

🔹 Interview Topics & Sample Q&A (口语化版)

1. AWS + Infrastructure as Code (IaC)

Q: How do you usually manage AWS resources in your projects? A: I mainly use Terraform to manage AWS resources. I usually define modules for VPC, EKS, and RDS. The state is stored remotely in S3 with DynamoDB for locking. This helps the whole team collaborate safely and avoid conflicts.

Q: Can you give an example where IaC helped you improve operations? A: Sure. In one project, we had to create multiple staging environments quickly. Using Terraform, I could spin up complete AWS environments in less than one hour, compared to days with manual setup. It also reduced human errors.

Q: How do you ensure security when managing AWS with IaC? A: I follow the principle of least privilege for IAM roles, use KMS for secrets, and always review changes with terraform plan before applying. All changes go through GitHub PRs for code review.

2. CI with GitHub Actions

Q: How do you usually design a CI pipeline in GitHub Actions? A: I usually define workflows with multiple jobs:

• First step: run unit tests.
• Second: build Docker images and scan them for vulnerabilities.
• Third: push the images to ECR. This way, we catch issues early before deployment.

Q: Have you optimized GitHub Actions workflows before? A: Yes. For example, I used caching for dependencies and Docker layers to reduce build time by almost 40%. Also, I used matrix builds to test across multiple versions of Python and NodeJS in parallel.

Q: How do you handle secrets in GitHub Actions? A: I store them in GitHub Secrets, and for more sensitive keys, I integrate with AWS Secrets Manager. This prevents hardcoding credentials in workflows.

3. CD with ArgoCD

Q: How do you use ArgoCD for deployments? A: I follow a GitOps approach. Once the manifest or Helm chart is updated in GitHub, ArgoCD detects the change and syncs it to the Kubernetes cluster automatically. This makes deployments reproducible and auditable.

Q: What’s the advantage of ArgoCD compared to manual kubectl apply? A: ArgoCD keeps the cluster state always in sync with Git. It also provides rollback, drift detection, and visibility through the UI. Manual apply is not traceable and easy to miss steps.

Q: Do you have experience with canary or blue-green deployment in ArgoCD? A: Yes. I combined ArgoCD with Argo Rollouts. For example, we deployed a new service version to 10% of traffic, monitored metrics in Prometheus, and then gradually increased to 100%.

4. General SRE / Troubleshooting

Q: What do you do if a deployment fails in ArgoCD? A: First, I check ArgoCD logs and events to see why the sync failed. Common issues are wrong manifests, missing secrets, or resource limits. If needed, I rollback to the previous version with one click.

Q: How do you monitor CI/CD pipelines? A: I integrate GitHub Actions and ArgoCD with Slack notifications. Also, I use Prometheus and Grafana dashboards to check build duration, deployment frequency, and failure rates.

Q: How do you collaborate with developers during incidents? A: I usually provide clear metrics and logs instead of just saying “it’s broken”. For example, “error rate increased to 5% after the last deployment”. This makes discussions more data-driven and efficient. SRE Interview Simulation Q&A （中英文对照）

1. 开放性/思维类问题 (Open-ended / Conceptual)

Q: 你如何理解 SRE 的核心价值？和传统运维/DevOps 有什么区别？ Q: How do you understand the core value of SRE? How is it different from traditional Ops/DevOps?

A:

• 传统运维偏执行，SRE 更强调可靠性工程和系统化。
• 强调通过 SLO/SLI 衡量系统健康，自动化降低 Toil。
• 更关注工程化思维，用代码实现运维。
• Traditional Ops focuses more on execution, while SRE emphasizes reliability engineering and systematic approaches.
• SRE measures system health via SLOs/SLIs and reduces toil with automation.
• It’s more engineering-driven, implementing operations through code.

Q: 如果线上服务大面积不可用，你的应对步骤？ Q: What steps would you take if a large-scale production outage happens?

A:

• 快速响应：确认告警 → 判断影响范围。
• 稳定现场：先止损（降级、扩容、切流量）。
• 定位根因：看日志、监控、trace。
• 事后复盘：改进监控盲区、更新 Runbook。
• Quick response: acknowledge alerts → assess impact.
• Stabilize the system: stop the bleeding (degrade, scale up, shift traffic).
• Identify root cause: logs, monitoring, tracing.
• Postmortem: improve monitoring blind spots, update runbooks.

2. Kubernetes 与云原生 (Kubernetes & Cloud Native)

Q: 你如何设计并管理基于 Kubernetes 的基础设施？ Q: How do you design and manage Kubernetes infrastructure?

A:

• 使用 IaC（Terraform/Ansible/Helm）统一资源管理。
• K8s 层面：Deployment + HPA + PodDisruptionBudget 保证高可用。
• 网络：CNI 插件（Calico/Cilium），Ingress Controller。
• 安全：RBAC、NetworkPolicy、Secret 管理。
• Use IaC (Terraform/Ansible/Helm) for unified management.
• Kubernetes: Deployment + HPA + PodDisruptionBudget for HA.
• Networking: CNI plugins (Calico/Cilium), Ingress Controller.
• Security: RBAC, NetworkPolicy, Secret management.

Q: 一个 Pod 一直 CrashLoopBackOff，你怎么排查？ Q: How would you troubleshoot a Pod stuck in CrashLoopBackOff?

A:

• kubectl describe pod 看事件。
• kubectl logs 看容器日志。
• 检查 ConfigMap/Secret 是否挂载错误。
• 看 liveness/readiness 探针配置。
• Use kubectl describe pod to check events.
• Use kubectl logs to review container logs.
• Check ConfigMap/Secret mounts.
• Review liveness/readiness probes.

3. IaC / 自动化 (Infrastructure as Code / Automation)

Q: 你会如何使用 Terraform 管理云上资源？ Q: How do you manage cloud resources with Terraform?

A:

• 定义 VPC、子网、EKS、RDS 等模块化。
• 使用 remote backend（S3 + DynamoDB）存状态。
• 配合 GitHub Actions 做 plan & apply。
• 遵循原则：幂等、版本化、最小权限。
• Define modular resources: VPC, subnets, EKS, RDS.
• Use remote backend (S3 + DynamoDB) for state management.
• Integrate with GitHub Actions for plan & apply.
• Follow principles: idempotency, versioning, least privilege.

Q: Ansible 和 Terraform 的区别？ Q: What’s the difference between Ansible and Terraform?

A:

• Terraform 偏声明式，适合资源创建和 IaC。
• Ansible 偏过程式，适合配置和部署。
• 两者经常结合：Terraform 建资源，Ansible 部署软件。
• Terraform is declarative, best for provisioning and IaC.
• Ansible is procedural, best for configuration and deployment.
• They often work together: Terraform provisions infra, Ansible configures apps.

4. CI/CD 与自动化 (CI/CD & Automation)

Q: 如何设计一条 GitHub Actions + ArgoCD 的 CI/CD 流水线？ Q: How would you design a CI/CD pipeline with GitHub Actions and ArgoCD?

A:

• CI（GitHub Actions）：编译、单测、构建镜像、推送 registry。
• CD（ArgoCD）：GitOps 模式，监听 Git 仓库，自动同步 K8s manifests。
• 加入 Canary/蓝绿发布策略，回滚机制。
• 加监控和告警（Prometheus + Slack/邮件）。
• CI (GitHub Actions): build, test, build Docker image, push to registry.
• CD (ArgoCD): GitOps model, watches Git repo, syncs manifests automatically.
• Add Canary/Blue-Green deployments, rollback strategy.
• Add monitoring/alerting (Prometheus + Slack/email).

5. 监控、日志与可观测性 (Monitoring, Logging & Observability)

Q: 你如何构建一个监控体系？ Q: How do you build a monitoring and observability system?

A:

• 指标：Prometheus + Grafana（CPU/Mem/延迟/QPS/错误率）。
• 日志：ELK/EFK（收集、存储、分析）。
• 链路：Jaeger/Tempo。
• 告警：Alertmanager，设置基于 SLO 的阈值。
• Metrics: Prometheus + Grafana (CPU/Mem/Latency/QPS/Error rate).
• Logs: ELK/EFK for collection, storage, analysis.
• Tracing: Jaeger/Tempo.
• Alerts: Alertmanager with SLO-based thresholds.

Q: Prometheus 的存储优化机制是什么？ Q: How does Prometheus optimize time-series storage?

A:

• 采用 TSDB，分块存储时间序列。
• 使用 Snappy 压缩。
• WAL（Write Ahead Log）保证崩溃恢复。
• Thanos/Mimir 解决长时间存储。
• Uses TSDB with block storage.
• Snappy compression.
• WAL (Write Ahead Log) ensures crash recovery.
• Thanos/Mimir for long-term storage.

6. 脚本与自动化能力 (Scripting & Automation)

Q: 你写过哪些 Python/Bash 脚本来提高效率？ Q: What automation scripts have you written in Python or Bash?

A:

• 批量收集日志、自动生成监控告警。
• 自动化巡检（磁盘使用、负载、Pod 状态）。
• 灰度发布脚本（流量切换、版本对比）。
• AWS 成本分析脚本。
• Batch log collection, auto-generate alerts.
• Automated health checks (disk, load, pod status).
• Canary/gradual deployment scripts.
• AWS cost analysis scripts.

7. 云平台（AWS/Azure） (Cloud Platforms)

Q: 你如何优化 AWS 环境的成本和安全？ Q: How do you optimize cost and security in AWS?

A:

• 成本优化：RI/Spot、S3 生命周期、关停闲置资源。
• 安全：IAM 最小权限、CloudTrail 审计、GuardDuty。
• 高可用：多 AZ 部署，跨 Region 备份。
• Cost optimization: RI/Spot, S3 lifecycle, shut down idle resources.
• Security: IAM least privilege, CloudTrail audit, GuardDuty.
• High availability: multi-AZ deployment, cross-Region backup.

Q: AWS 中你常用的监控与自动化工具有哪些？ Q: What AWS tools do you commonly use for monitoring and automation?

A:

• CloudWatch（指标+日志）。
• CloudTrail（审计日志）。
• Lambda（事件驱动自动化）。
• 配合 Terraform 管理基础设施。
• CloudWatch (metrics + logs).
• CloudTrail (audit logs).
• Lambda (event-driven automation).
• Combine with Terraform for infra management.

8. 行为/软技能 (Behavioral / Soft Skills)

Q: 遇到研发和 SRE 对某个方案有冲突，你会如何处理？ Q: How would you handle conflicts between Dev and SRE teams over a solution?

A:

• 倾听双方诉求，明确优先级（可靠性 vs 迭代速度）。
• 提供数据支撑（SLO、成本、事故案例）。
• 推出折中方案（渐进式优化）。
• Listen to both sides, clarify priorities (reliability vs delivery speed).
• Provide data support (SLOs, costs, incident history).
• Propose a compromise (gradual optimization).

Q: 能分享一次你提出基础设施改进建议并落地的经历吗？ Q: Can you share an example of an infrastructure improvement you suggested and implemented?

A:

• 背景：部署效率低 → 手动操作多。
• 动作：引入 GitHub Actions + Terraform。
• 效果：交付速度提升 40%，错误率下降。
• Situation: Slow deployment → too many manual steps.
• Action: Introduced GitHub Actions + Terraform.
• Result: Delivery speed improved by 40%, error rate dropped.