1) What is Kubernetes?
Kubernetes is a container management system developed in the Google platform. The purpose of Kubernetes is to manage a containerized application in various types of physical, virtual, and cloud environments. Google Kubernetes is a highly flexible container tool to deliver even complex applications, consistently. Applications run on clusters of hundreds to thousands of individual servers.
2) Define node in Kubernetes
A node the smallest unit of hardware. It defines a single machine in a cluster that can be a virtual machine from a cloud provider or physical machine in the data center. Every machine available in the Kubernetes cluster can substitute other machines.
3) What is the work of a kube-scheduler?
Kube-scheduler is the default scheduler for Kubernetes. It assigns nodes to newly created pods.
4) Define daemon sets
Daemon sets are a set of pods that runs on a host. They are used for host layers attributes like monitoring network or simple network.
5) Define Heapster in Kubernetes
A Heapster is a metrics collection and performance monitoring system for data that are collected by the Kublet.
6) What tasks are performed by Kubernetes?
Kubernetes is the Linux kernel which is used for distributed systems. It helps you to be abstract the underlying hardware of the nodes(servers) and offers a consistent interface for applications that consume the shared pool of resources.
7) Define Kubernetes controller manager
The controller manager is a daemon used for garbage collection, core control loops, and namespace creation. It enables the running of more than one process on the master node.
8) Why use namespace in Kubernetes?
Namespaces in Kubernetes are used for dividing cluster resources between users. It helps the environment where more than one user spread projects or teams and provides a scope of resources.
9) Why use Kubernetes?
Kubernetes is used because:
- Kubernetes can run on-premises bare metal, OpenStack, public clouds Google, Azure, AWS, etc.
- It helps you to avoid vendor lock issues as it can use any vendor-specific APIs or services except where Kubernetes provides an abstraction, e.g., load balancer and storage.
- It will enable applications that need to be released and updated without any downtime.
- Kubernetes allows you to assure those containerized apps run where and when you want and help you to find resources and tools which you want to work.
10) What are the features of Kubernetes?
The features of Kubernetes are:
- Automated Scheduling
- Self-Healing Capabilities
- Automated rollouts & rollback
- Horizontal Scaling & Load Balancing
- Offers environment consistency for development, testing, and production
- Infrastructure is loosely coupled to each component can act as a separate unit
- Provides a higher density of resource utilization
- Offers enterprise-ready features
- Application-centric management
- Auto-scalable infrastructure
- You can create predictable infrastructure
11) Mention the types of controller managers
Types of controller managers are: 1) endpoints controller, 2) service accounts controller, 3) node controller, 4) namespace controller, 5) replication controller, 6) token controller.
12) List various services available in Kubernetes
Various services available in Kubernetes are 1) Cluster IP service, 2) Load Balancer service, 3) Node Port service, 4) External Name Creation service.
13) Define Cluster IP
The Cluster IP is a Kubernetes service that offers a service inside the cluster that other apps inside cluster can access.
14) Explain node port
The node port service is a fundamental way to get external traffic to your service. It opens a particular port on all nodes and forwards network traffic sent to this port.
15) Define kubelet
The kubelet is a service agent which controls and maintains group pf pods by checking pod specification using Kubernetes. The kubelet runs on each node and allows to communicate between a master node and a slave node.
16) What are the disadvantages of Kubernetes?
- Kubernetes dashboard is not as helpful as it should be
- Security is not very effective.
- It is very complex and can reduce productivity
- Kubernetes is more costly than its alternatives.
17) How can containers within a pod communicate with each other?
Containers within a pod share networking space and can reach other on localhost. For instance, if you have two containers within a pod, a MySQL container running on port 3306, and a PHP container running on port 80, the PHP container could access the MySQL one through localhost:3306.
18) What does a Pod do?
Pods represent the processes running on a cluster. By limiting pods to a single process, Kubernetes can report on the health of each process running in the cluster. Pods have:
a unique IP address (which allows them to communicate with each other)
persistent storage volumes (as required)
configuration information that determine how a container should run.
Although most pods contain a single container, many will have a few containers that work closely together to execute a desired function
19) What is Kubernetes, exactly?
The purpose of Kubernetes is to make it easier to organize and schedule your application across a fleet of machines. At a high level it is an operating system for your cluster.
Basically, it allows you to not worry about what specific machine in your datacenter each application runs on. Additionally it provides generic primitives for health checking and replicating your application across these machines, as well as services for wiring your application into micro-services so that each layer in your application is decoupled from other layers so that you can scale/update/maintain them independently.
20) Explain what are some Pods usage patterns?
Pods can be used in two main ways:
Pods that run a single container. The simplest and most common Pod pattern is a single container per pod, where the single container represents an entire application. In this case, you can think of a Pod as a wrapper.
Pods that run multiple containers that need to work together. Pods with multiple containers are primarily used to support colocated, co-managed programs that need to share resources. These colocated containers might form a single cohesive unit of service—one container serving files from a shared volume while another container refreshes or updates those files. The Pod wraps these containers and storage resources together as a single manageable entity.
Each Pod is meant to run a single instance of a given application. If you want to run multiple instances, you should use one Pod for each instance of the application. This is generally referred to as replication. Replicated Pods are created and managed as a group by a controller, such as a Deployment.
21) Explain when to use Docker vs Docker Compose vs Docker Swarm vs Kubernetes
Docker is a container engine, it makes you build and run usually no more than one container at most, locally on your PC for development purposes.
Docker Compose is a Docker utility to run multiple containers and let them share volumes and networking via the docker engine features, runs locally to emulate service composition and remotely on clusters. Docker Compose is mostly used as a helper when you want to start multiple Docker containers and don’t want to start each one separately using docker run ….
Docker Swarm is for running and connecting containers on multiple hosts. It does things like scaling, starting a new container when one crashes, networking containers.
Kubernetes is a container orchestration platform, it takes care of running containers and enhancing the engine features so that containers can be composed and scaled to serve complex applications (sort of PaaS, managed by you or cloud provider). Kubernetes’ goal is very similar to that for Docker Swarm but it’s developer by Google.
22) What does it mean that “pods are ephemeral”?
Pods are ephemeral. They are not designed to run forever, and when a Pod is terminated it cannot be brought back. In general, Pods do not disappear until they are deleted by a user or by a controller.
Pods do not “heal” or repair themselves. For example, if a Pod is scheduled on a node which later fails, the Pod is deleted. Similarly, if a Pod is evicted from a node for any reason, the Pod does not replace itself.
23) What happens when a master fails? What happens when a worker fails?
Kubernetes is designed to be resilient to any individual node failure, master or worker. When a master fails the nodes of the cluster will keep operating, but there can be no changes including pod creation or service member changes until the master is available. When a worker fails, the master stops receiving messages from the worker. If the master does not receive status updates from the worker the node will be marked as NotReady. If a node is NotReady for 5 minutes, the master reschedules all pods that were running on the dead node to other available nodes.
24) What is a StatefulSet in Kubernetes?
When using Kubernetes, most of the time you don’t care how your pods are scheduled, but sometimes you care that pods are deployed in order, that they have a persistent storage volume, or that they have a unique, stable network identifier across restarts and reschedules. In those cases, StatefulSets can help you accomplish your objective. It manages the deployment and scaling of a set of Pods, and provides guarantees about the ordering and uniqueness of these Pods.
StatefulSets are valuable for applications that require one or more of the following.
- Stable, unique network identifiers.
- Stable, persistent storage.
- Ordered, graceful deployment and scaling.
- Ordered, automated rolling updates.
25) What is a DaemonSet?
DaemonSets are used in Kubernetes when you need to run one or more pods on all (or a subset of) the nodes in a cluster. The typical use case for a DaemonSet is logging and monitoring for the hosts. For example, a node needs a service (daemon) that collects health or log data and pushes them to a central system or database.
As the name suggests you can use daemon sets for running daemons (and other tools) that need to run on all nodes of a cluster. These can be things like cluster storage daemons (e.g. Quobyte, glusterd, ceph, etc.), log collectors (e.g. fluentd or logstash), or monitoring daemons (e.g. Prometheus Node Exporter, collectd, New Relic agent, etc.)
26) When to use StatefulSet?
Some examples of reasons you’d use a StatefulSet include:
- A Redis pod that has access to a volume, but you want it to maintain access to the same volume even if it is redeployed or restarted
- A Cassandra cluster and have each node maintain access to its data
- A webapp that needs to communicate with its replicas using known predefined network identifiers
27) Which problems does a container orchestration solve?
Containers run in an isolated process (usually in it’s own namespace). This means that by default the container will not be aware of other containers. Additionally, it will not be aware of the systems files, network interfaces, and processes. While this can greatly help with portability of the software it does not solve several production issues such as microservices, container discovery, scalability, disaster recovery, or upgrades.
Adding a container orchestrator can greatly reduce the complexity in production as these tools are designed to resolve the issues outlined above. For example, Kubernetes is built to allow containers to be linked together, deploy containers across an entire network, scale and load balance the network based on container resource consumption, and allow upgrades of individual containers with no downtime.
If you are only running a single container or two containers together you are correct in that an orchestrator may be unnecessary and add unneeded complexity.
28) Explain Master
Master is the central control point that provides a unified view of the cluster. There is a single master node that control multiple minions.
Master servers work together to accept user requests, determine the best ways to schedule workload containers, authenticate clients and nodes, adjust cluster-wide networking, and manage scaling and health checking responsibilities
29) Explain Minions
A node is a worker machine in Kubernetes, previously known as a minion. A node may be a VM or physical machine, depending on the cluster. Each node contains the services necessary to run pods and is managed by the master components. The services on a node include the container runtime, kubelet and kube-proxy.
30) Explain Kubelet
Each node runs services to run containers and be managed from the master. In addition to Docker, Kubelet is another key service installed there. It reads container manifests as YAML files that describes a pod. Kubelet ensures that the containers defined in the pods are started and continue running.
31) What are the features/benefits of Kubernetes?
Below are some of the features of Kubernetes:
Automatic scheduling – Advanced scheduler to launch containers on cluster nodes.
Automated rollouts & rollback – Supports rollouts and rollbacks.
Horizontal scaling – Scale applications up or down as per requirements.
Storage orchestration – Automatically mount the storage system of your choice.
Self-healing capabilities – Reschedule, replace, and restart containers that have died or failed.
Load balancing – Offers Pods their own IP addresses and a single DNS name for a set of Pods, and can load-balance across them.
Secret and configuration management – This lets you store and manage sensitive information
Allows you to create predictable infrastructure.
32) List some recommended security measures for Kubernetes.
Below are some recommended security measures for Kubernetes:
- Enable Role-Based Access Control (RBAC)
- Keep Kubernetes up to date
- Use API authentication
- Restrict SSH access
- Protect ETCD with TLS and Firewall
- Isolate Kubernetes Nodes
- Implementing a pod security policy
- Turn on Audit Logging
- Implement Network Segmentation
- Ensure that the kube-dashboard applies a restrictive RBAC policy
- Use images from repositories that are authorized
- Conduct security and vulnerability scanning regularly
33) Name the process that runs on Kubernetes Master Node.
The Kube-api server process runs on the master node.
34) What is Google Container Engine (GKE)?
Google Container Engine (GKE) is open-source cluster management and container orchestration system. It is used to run and manage Docker containers. GKE supports only those clusters which run within Google’s public cloud services. This engine schedules containers into a cluster. Then, it manages them automatically based on defined requirements.
35) Name the different services in Kubernetes.
The different in Kubernetes are:
- Cluster IP service
- External Name Creation service
- Node Port service
- Load Balancer service
36) Name the different types of controller managers.
The different types of controller managers in Kubernetes are:
- node controller
- replication controller
- endpoints controller
- service accounts controller
- token controller
- namespace controller
37) What is the role of the Kubernetes Controller Manager (kube-controller-manager)?
A Kubernetes Controller Manager is a Kubernetes control plane component that runs controller processes. It ensures the desired state of the cluster matches the observed state. It is a daemon that embeds the core control loops shipped with Kubernetes. Some types of these controllers are:
- Node controller
- Job controller
- Replication controller
- Endpoints controller
- Service Account & Token controller
38) Which three namespaces are available on new clusters?
The following are the three namespaces available on new clusters
default: It is the default namespace for objects with no other namespace. This namespace acts as the main target for new user-added resources until alternative namespaces are created.
kube-system: It is the namespace for objects created by the Kubernetes system.
kube-public: It is globally readable by all users with or without authentication. It helps in exposing any cluster information necessary to bootstrap components. Its public aspect is only a convention and not a requirement.
39) What information does the node status contain?
The node status consists of the following information:
40) Name some tools for container monitoring.
Some popular tools for container monitoring include:
41) How does Kubernetes relate to Docker?
Docker is a container runtime, which is a software that runs containerized applications. When Kubernetes schedules a pod to a node, the kubelet running on that node instructs Docker to launch the containers.
42) What is container orchestration?
Container orchestration is the automation of components and processes related to running containers. It includes things like configuring and scheduling containers, the availability of containers, allocation of resources between containers, and securing the interaction between containers, among other things.
43) What do you know about Kubernetes clusters?
A Kubernetes cluster is a set of nodes that containerized applications run on. These nodes can be physical machines or virtual machines.
44) What is kubectl?
Kubectl is the command-line configuration tool for Kubernetes that communicates with a Kubernetes API server. Using kubectl allows you to create, inspect, update, and delete Kubernetes objects.
To learn all the stuff you can do with kubectl, check out our kubectl cheatsheet.
45) What is a pod?
A pod is the most basic Kubernetes object. A pod consists of a group of containers running in your cluster. Most commonly, a pod runs a single primary container.
46) Can you explain the different components of Kubernetes architecture?
Kubernetes is composed of two layers: a control plane and a data plane. The control plane is the container orchestration layer that includes 1. Kubernetes objects that control the cluster, and 2. the data about the cluster’s state and configuration. The data plane is the layer that processes the data requests and is managed by the control plane.
47) Do all of the nodes have to be the same size in your cluster?
No, they don’t. The Kubernetes components, like kubelet, will take up resources on your nodes, and you’ll still need more capacity for the node to do any work. In a larger cluster, it often makes sense to create a mix of different instance sizes. That way, pods that require a lot of memory with intensive compute workloads can be scheduled by Kubernetes on large nodes, and smaller nodes can handle smaller pods.
48) What is a sidecar container, and what would you use it for?
A sidecar container is a utility container that is used to extend support for a main container in a Pod. Sidecar containers can be paired with one or more main containers, and they enhance the functionality of those main containers. An example would be using a sidecar container specifically to process system logs or for monitoring.
49) How do logs work for pods?
With a traditional server setup, application logs are written to a file and then viewed either on each server or collected by a logging agent and sent to a centralized location. In Kubernetes, however, writing logs to disk from a pod is discouraged since you would then have to manage log files for pods. The better way is to have your application output logs to stdout and stderr. The kubelet on each node collects stdout and stderr on the running pods and then combines them into a log file managed by Kubernetes. Then you can use different kubectl commands to view the logs.
50) How can you separate resources?
You can separate resources by using namespaces. These can be created either using kubectl or applying a YAML file. After you have created the namespace you can then place resources, or create new resources, within that namespace. Some people think of namespaces in Kubernetes like a virtual cluster in your actual Kubernetes cluster.
- Packer Tutorials: Amazon Secrets Manager Data Source – amazon-secretsmanager - May 25, 2023
- Packer Tutorials: Amazon Data Sources – amazon-parameterstore - May 25, 2023
- What is DevSecTestOps? - May 25, 2023