ACloudGuru - Chapter 2: Kubernetes Fundamentals

Question 1

What is a kubernetes resource?

Answer 1

An object of a certain type in the Kubernetes API.

Question 2

What is the command to list all available resource types in a cluster?

Answer 2

kubectl api-resources

Question 3

What resource can be used to create your own custom resource?

Answer 3

CustomResourceDefinition

Question 4

What is the command to get documentation for a resource type?

Answer 4

kubectl explain <resource_type></resource_type>

Question 5

What can be used to run tasks before a pod’s main container starts?

Answer 5

init container

Question 6

Define ReplicaSet resource?

Answer 6

A Kubernetes resource that ensures a given number of Pod replicas are running at any given time. Can be configured with min and max.

Question 7

Define Deployment resource?

Stateless or Stateful?

What is the default deployment strategy?

Answer 7

A Kubernetes resource that provides a declarative description of ReplicaSets and Pods.

Ideal for scaling stateless applications.

RollingUpdate.

Question 8

What is the imperative command to create a Deployment resource?

Answer 8

kubectl create deploy <name> --image=<image> --replicas=<replicas></replicas></image></name>

Question 9

Define StatefulSet resource?

What kind of identity do replica pods have?

What additional step is required for StatefulSet?

Answer 9

A Kubernetes resource, similar to the Deployment resource, that provides a declarative description of ReplicaSets and Pods, but for stateful applications.

Replica Pods have sticky identity.

Must manually create a headless Service to manage Pods’ network identity.

Question 10

Define DaemonSet resource?

Answer 10

A Kubernetes resource that dynamically runs a replica Pod on each Node, or just some Nodes in a cluster.

Question 11

Define Job resource?

What subfield controls the retry logic and what is its default?

Answer 11

A Kubernetes resource that runs a containerized task to completion.

spec.backofflimit, default == 6

Question 12

Define CronJob resource?

Answer 12

A Kubernetes resource that runs Jobs repeatedly according to a schedule.

Question 13

What are the 2 most abstract components of a kubernetes cluster and what are they responsible for?

Answer 13

Control Plan: Set of components responsible for managing the cluster.

Worker Node(s): Set of components responsible for running container workloads.

Question 14

What are the components of the Control Plan and what are they responsible for?

Answer 14

API Server: Center of the Control Plane, interface used by other components to communicate and interact with the cluster.

etcd: Distributed object storage used by the API Server.

Scheduler: Assigns new Pods to appropriate Worker Nodes.

Controller Manager: Bundles controllers, each of which provide cluster functionality.

Cloud Controller Manager: Bundles controllers that interact with the cloud provider APIs. (Optional)

Question 15

What are the components of a Worker Node and what are they responsible for?

Answer 15

kube-proxy: Managed local routing rules on the Node to route network traffic to Pods.

kubelet: Kubernetes agent that works with the container runtime to run containers on the Node.

Container Runtime: Software that runs containers, such as containerd or CRI-O. Not part of core Kubernetes installation.

Question 16

What is Kubernetes CRI?

Answer 16

Kubernetes Container Runtime Interface is the standard interface for container runtimes. Any runtime that implements CRI should work with Kubernetes.

Question 17

How did kubelet support Docker as a container runtime?

When was this deprecated/removed?

Answer 17

Kubelet used dockershim to support Docker as a runtime even though it doesn’t implement CRI.

This was deprecated in 1.20 and removed in 1.24.

Question 18

What is the Kubernetes API?

Answer 18

An HTTP REST interface exposed by the Control Plane API Server that allows Users, Kubernetes components, and external components to interact with the Kubernetes cluster.

Question 19

How is container isolation achieved?

Answer 19

Using Linux control groups (c groups).

Question 20

Can a Pod have more that one container?

What is the best practice for organizing containers in Pods?

Answer 20

Yes.

A single container should be in each pod unless there is an initialization process or coupled components that require multiple containers.

Question 21

What is a Dockerfile?

Answer 21

A text file containing instructions for building a Docker image.

Question 22

What is scheduling?

When does scheduling occur?

What does the Scheduler take into account when selecting a node?

Answer 22

The process of assigning a Pod to a Node.

When a new Pod is created and has not yet been scheduled.

Resource requirements, pod affinity, taints, and tolerations.

Question 23

Upgrade Control Plane Node

Answer 23

1. Upgrade kubeadm (apt)
2. Drain the control node (kubectl)
3. Plan the cluster upgrade (kubeadm)
4. Apply the cluster upgrade (kubeadm)
5. Upgrade Kubelet and kubectl (apt)
6. Reload daemon (systemctl)
7. Restart kubelet (systemctl)
8. Uncordon node (kubectl)

Question 24

Upgrade Worder Node

Answer 24

1. Drain the worker node (kubectl)
2. SSH into worker node (ssh)
3. Upgrade kubeadm (apt)
4. Upgrade worker node (kubeadm)
5. Upgrade Kubelet and kubectl (apt)
6. Reload daemon (systemctl)
7. Restart kubelet (systemctl)
8. Exit worker node (exit)
9. Uncordon node (kubectl)

Question 25

Backup and Restore Etcd

Answer 25

Backup
1. Take snapshot (etcdctl)

Restore
1. Stop control plane services (mv /etc/kubernetes/manifests OR systemctl)
2. Stop kubelet (systemctl)
3. Rename etcd data directory (mv)
4. Restore snapshot to configured directory (etcdctl)
5. Start kubectl (systemctl)
6. Start control plane services (mv /etc/kubernetes/manifests OR systemctl)

Question 26

How to drain a node

Answer 26

kubectl drain <node> --ignore--daemonsets</node>

Question 27

Schedule a pod on a specific node

Answer 27

1. spec.nodeSelector = key.value (list)
2. spec.nodeName = value

Question 28

kubelet troubleshooting (status, logs, stop and start)

Answer 28

status: sudo systemctl status kubelet
logs: sudo journalctl -u kubelet
stop: sudo systemctl stop kubelet
start: sudo systemctl start kubelet

Question 29

StorageClass Yaml Specification

Answer 29

Required Fields
1. apiVersion: (Globally required)
2. kind: (Globally required)
3. metadata.name: (Globally required)
4. provisioner: (Ex: kubernetes.io/no-provisioner)

Important Optional Fields
1. reclaimPolicy: (Delete(d), Retain, Recycle)
2. allowVolumeExpansion: (False(d), True)
3. volumeBindingMode: (Immediate(d), WaitForFirstConsumer)

Question 30

PersistentVolume Yaml Specification

Answer 30

Required Fields
1. apiVersion: (Globally required)
2. kind: (Globally required)
3. metadata.name: (Globally required)
4. spec.capacity.storage: (Ex: 1Gi)
5. spec.accessModes: (ReadWriteOnce, ReadOnlyMany, ReadWriteMany, ReadWriteOncePod)
6. spec.<storage-type> (hostPath, nfs, awsElasticBlockStore)
- hostPath.path: (Ex: /mnt/data)</storage-type>

Important Optional Fields
1. spec.storageClassName
2. spec.persistentVolumeReclaimPolicy: (Delete(d), Retain, Recycle) (Should match storage class)

Question 31

PersistentVolumeClaim Yaml Specification

Answer 31

Required Fields
1. apiVersion: (Globally required)
2. kind: (Globally required)
3. metadata.name: (Globally required)
5. spec.accessModes: (ReadWriteOnce, ReadOnlyMany, ReadWriteMany, ReadWriteOncePod)
6. spec.resources.requests.storage (Ex: 1Gi)

Important Optional Fields
1. spec.storageClassName
2. spec.selector.matchLabels = key.value (list)
2. spec.volumeMode (Filesystem(d), Block)

Question 32

How to switch to context

Answer 32

kubectl config use-context <context></context>

Question 33

Resources that are not namespace specific

Answer 33

1. ClusterRole
2. ClusterRoleBinding
3. StorageClass
4. PersistentVolume
5. Node
6. Namespace

Question 34

A good doc reference for pv/pvc

Answer 34

Tasks > Configure Pods and Containers > Configure a Pod to Use a PersistentVolume for Storage

Question 35

How to expand pvc

Answer 35

kubectl edit pvc <pvc></pvc>

Question 36

Explain an empty selector {} in the following contexts:
1. NetworkPolicy
a. spec.podSelector
b. spec.ingress.from.podSelector
c. spec.ingress.from.namespaceSelector
3. Resource Definitions (Deployment, Service, etc.)

Answer 36

1a. Select all pods in namespace
1b. Allow traffic from all pods in namespace (same for egress)
1c. Allow traffic from all pods in all namespaces (same for egress)
2. Matches all pods regardless of labels