ACloudGuru - Chapter 3: Container Orchestration Flashcards

1
Q

**What is a Container Runtime?

What is the CRI?

What are two examples of container runtimes that implement the CRI standard?**

A

A piece of software responsible for actually
running containers.

Standard protocol for
communication between kubelet and the container runtime.

CRI-O and containerd.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the 4 C’s of Cloud Native Security?

A

Cloud, Clusters, Containers, and Code. As you go from left to right, you gain responsibility and control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are 3 common ways of authenticating to the Kubernetes cluster?

A

Client Certificates: API Server uses a signed X509 client certificate.

Bearer Token: <>

OpenID Connect: Uses a JSON Web Token (JWT) signed by an external identity provider to authenticate a user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What opensource tool can integrate with the Kubernetes API to enable the creation of API policies?

A

OPA Gatekeeper

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

<Networking>
</Networking>

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define a Service

A

Kubernetes resource that exposes a Pod(s) as a network service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are 4 common Services?

A

ClusterIP: Expose internally within the cluster network.

NodePort: Expose externally on a port on each Node. Not best practice to use.

LoadBalancer: Expose using a cloud provider’s load balancer. Relies on cloud controller manager for load balancer. Layer 3 or 4.

ExternalName: Provide a DNS name for an external service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a Headless Service?

A

A Service with no cluster IP address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the 2 main service discovery methods in Kubernetes?

A

DNS and environment variables.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is an Ingress?

A

Exposes an application externally using the ingress controller (Nginx, Cloud Provider LB, etc.) and routes traffic to a Service. It can provide layer 7 functionality like SSL termination and path based routing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How does a Service without a selector discover service targets?

A

They must be manually configured.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Define service mesh?

What are the 2 main components of a service mesh?

A

A tool that manages communication between
application components, often adding additional functionality, like logging, tracing, or encryption.

Control plane and service proxy/data plane

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

<Storage>
</Storage>

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly