{"id":8760,"date":"2020-01-15T06:53:42","date_gmt":"2020-01-15T06:53:42","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=8760"},"modified":"2021-11-13T11:32:56","modified_gmt":"2021-11-13T11:32:56","slug":"kubernetes-interview-questions-and-answer-part-7","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/kubernetes-interview-questions-and-answer-part-7\/","title":{"rendered":"Kubernetes Interview Questions and Answer Part \u2013 7"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><strong>What is the main reason why the Ingress API has not been developed beyond its original specification?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>It was delivered to test ingress use cases, but annotations took over and now there\u2019s no going back<\/li><li><strong>It was intended to accommodate a wide range of technologies as a lowest common denominator (Ans)<\/strong><\/li><li>It\u2019s developers were aware that Istio was coming down the line, with a more sophisticated ingress capability<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Which proxy technology underpins Contour, Ambassador and Istio?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Nginx<\/li><li><strong>Envoy (Ans)<\/strong><\/li><li>HAProxy<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>If a service of type NodePort has its externalTrafficPolicy set to Local, what will happen to ingress traffic that arrives at a particular node that isn&#8217;t running a service endpoint (pod)?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Packets will get dropped, as the policy prohibits routing traffic to an endpoint on another node (Ans)<\/strong><\/li><li>The packets will get routed to an appropriate endpoint, courtesy of Kubernetes&#8217; flat network model<\/li><li>The source IP address of packets arriving at the node will be changed (SNAT) to that of the node<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Why does a service of either type, NodePort or LoadBalanacer, result in a clusterIP being allocated for the service?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>So that external requests can be load balanced across the service&#8217;s endpoints, via the clusterIP (Ans)<\/strong><\/li><li>For backwards compatibility &#8211; the kube-proxy in &#8216;userspace&#8217; proxy mode requires it, but it is entirely optional when operating in &#8216;iptables&#8217; or &#8216;ipvs&#8217; mode<\/li><li>Without the clusterIP, a NodePort service with externalTrafficPolicy set to Local, will fail to route traffic to endpoints on other nodes<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>With regular expression syntax used in the following ingress definition for the nginx ingress controller, which of the following path rewrites is correct?<br> apiVersion: extensions\/v1beta1<br> kind: Ingress<br> metadata:<br>   name: path-rule-ingress<br>   annotations:<br>     nginx.ingress.kubernetes.io\/rewrite-target: \/$1<br> spec:<br>         rules:<br>         &#8211; host: dibble.sh<br>             http:<br>                 paths:<br>                 &#8211; backend:<br>                 serviceName: nginxhello-blue<br>                 servicePort: 80<br>                 path: \/blue\/?(.*)<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>dibble.sh\/blueberry rewrites to dibble.sh\/blue<\/li><li>dibble.sh\/ rewrites to dibble.sh\/blue\/<\/li><li><strong>dibble.sh\/blue rewrites to dibble.sh\/ (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>What is the primary purpose for annotations in Ingess API definitions?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>The primary Kubernetes API mechanism for defining ingress configuration<\/li><li><strong>A means of circumventing the limitations in the Ingress API (Ans)<\/strong><\/li><li>A method for differentiating between different ingress controller capabilities<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>What is the best technique for handling X.509 certificate renewals with cert-manager?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Create a cron job to periodically check the validity of the certificate, and generate a new Certificate object 30 days before expiry<\/li><li><strong>Relax, cert-manager is aware of the renewal window for certificates, and will attempt to renew the certificate in the renewal window (Ans)<\/strong><\/li><li>Cert-manager requires the deployment of Certbot in the cluster, which handles certificate renewals on its behalf<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Which ACME challenge type needs to be configured for obtaining a wildcard certificate from Let&#8217;s Encrypt using cert-manager?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Cert-manager is unable to obtain wildcard certificates from Let&#8217;s Encrypt<\/li><li>Either of DNS01 or HTTP01. A DNS01 challenge explicitly establishes control of a domain, whilst a HTTP01 challenge implicitly establishes control of a domain<\/li><li><strong>DNS01, because the challenge establishes control of a domain (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Which of the following is NOT a technique for setting the ingress class of an ingress controller?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>A configuration override applied to a Helm chart during installation<\/li><li><strong>An annotation set in an ingress resource definition (Ans)<\/strong><\/li><li>A command line argument defined in a Deployment definition for the ingress controller<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Which of the following is NOT a mechanism for configuring an ingress controller?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Labels (Ans)<\/strong><\/li><li>Annotations<\/li><li>Command line arguments<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Why might it be necessary to deploy a default backend service?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Without a default backend service, ingress definitions will fail to be configured when applied<\/li><li><strong>To provide a coherent, customized experience for clients presenting invalid HTTP requests (Ans)<\/strong><\/li><li>Invalid client requests will otherwise be randomly routed to one of the available backend services<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Which of the following is NOT a perceived limitation of using a Service object to handle ingress traffic?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Any external TCP\/UDP traffic can be proxied to a service&#8217;s virtual IP address (Ans)<\/strong><\/li><li>Routing of HTTP\/S traffic based on hostname or path is not supported<\/li><li>Client IP addresses are subject to source network address translation (SNAT)<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Which Kubernetes API resource types do you think cert-manager need access to, in order to manager certificate lifecycles?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>ConfigMap, Secret, Event, Service, Pod<\/li><li>ConfigMap, Event, Service, Pod, Ingress<\/li><li><strong>ConfigMap, Secret, Event, Service, Pod, Ingress (Ans)<\/strong><\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Which of the following ingress options is the only one that fully supports the Ingress API?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Contour ingress controller (Ans)<\/strong><\/li><li>Ambassador API gateway<\/li><li>Istio service mesh<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Which of the following ensures maximum availability of an ingress controller in a Kubernetes cluster?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Define multiple Deployments of the ingress controller, scoped to different namespaces<\/li><li>Use a DaemonSet to invoke an ingress controller pod on each of the cluster&#8217;s nodes<\/li><li><strong>Configure a Deployment with more than one replica specified in its definition (Ans)<\/strong><\/li><\/ul>\n\n\n<div class=\"epyt-gallery\" data-currpage=\"1\" id=\"epyt_gallery_17166\"><figure class=\"wp-block-embed wp-block-embed-youtube is-type-video is-provider-youtube epyt-figure\"><div class=\"wp-block-embed__wrapper\"><iframe loading=\"lazy\"  id=\"_ytid_35153\"  width=\"760\" height=\"427\"  data-origwidth=\"760\" data-origheight=\"427\" src=\"https:\/\/www.youtube.com\/embed\/?enablejsapi=1&#038;autoplay=0&#038;cc_load_policy=0&#038;cc_lang_pref=&#038;iv_load_policy=1&#038;loop=0&#038;rel=1&#038;fs=1&#038;playsinline=0&#038;autohide=2&#038;theme=dark&#038;color=red&#038;controls=1&#038;disablekb=0&#038;\" class=\"__youtube_prefs__  no-lazyload\" title=\"YouTube player\"  data-epytgalleryid=\"epyt_gallery_17166\"  allow=\"fullscreen; accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen data-no-lazy=\"1\" data-skipgform_ajax_framebjll=\"\"><\/iframe><\/div><\/figure><div class=\"epyt-gallery-list\"><div>Sorry, there was a YouTube error.<\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>What is the main reason why the Ingress API has not been developed beyond its original specification? It was delivered to test ingress use cases, but annotations&#8230; <\/p>\n","protected":false},"author":1,"featured_media":12763,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[4859],"tags":[1056,4860,5675,5543],"class_list":["post-8760","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kubernetes","tag-api","tag-kubernetes","tag-loadbalanacer","tag-pod"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/8760","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=8760"}],"version-history":[{"count":3,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/8760\/revisions"}],"predecessor-version":[{"id":25121,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/8760\/revisions\/25121"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media\/12763"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=8760"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=8760"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=8760"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}