ACloudGuru - Chapter 3: Container Orchestration Flashcards
**What is a Container Runtime?
What is the CRI?
What are two examples of container runtimes that implement the CRI standard?**
A piece of software responsible for actually
running containers.
Standard protocol for
communication between kubelet and the container runtime.
CRI-O and containerd.
What are the 4 C’s of Cloud Native Security?
Cloud, Clusters, Containers, and Code. As you go from left to right, you gain responsibility and control.
What are 3 common ways of authenticating to the Kubernetes cluster?
Client Certificates: API Server uses a signed X509 client certificate.
Bearer Token: <>
OpenID Connect: Uses a JSON Web Token (JWT) signed by an external identity provider to authenticate a user.
What opensource tool can integrate with the Kubernetes API to enable the creation of API policies?
OPA Gatekeeper
<Networking>
</Networking>
Define a Service
Kubernetes resource that exposes a Pod(s) as a network service.
What are 4 common Services?
ClusterIP: Expose internally within the cluster network.
NodePort: Expose externally on a port on each Node. Not best practice to use.
LoadBalancer: Expose using a cloud provider’s load balancer. Relies on cloud controller manager for load balancer. Layer 3 or 4.
ExternalName: Provide a DNS name for an external service.
What is a Headless Service?
A Service with no cluster IP address.
What are the 2 main service discovery methods in Kubernetes?
DNS and environment variables.
What is an Ingress?
Exposes an application externally using the ingress controller (Nginx, Cloud Provider LB, etc.) and routes traffic to a Service. It can provide layer 7 functionality like SSL termination and path based routing.
How does a Service without a selector discover service targets?
They must be manually configured.
Define service mesh?
What are the 2 main components of a service mesh?
A tool that manages communication between
application components, often adding additional functionality, like logging, tracing, or encryption.
Control plane and service proxy/data plane
<Storage>
</Storage>