architect Flashcards
(25 cards)
Reverse proxy, forward proxy, examples.
Reverse proxy (more popular) a server or software component that sits between client devices and web servers. It receives client requests and forwards them to the appropriate backend servers. Unlike a forward proxy that handles client requests on behalf of the clients, a reverse proxy acts on behalf of the servers to handle incoming requests from clients.
e.g. Nginx for web application (forward, reverse), HAProxy, Apache Http server or Apache (reverse),
what does HTTP Request, REST API HTTP request response?
HTTP Request -> HTML (source code of web page)
REST API HTTP Request -> JSON (not for human to read)
k8s NodePort: targetPort, port, nodePort. Which one is mandtory?
Port. Therefore the targetPort will be the same as it. NodePort is randomly assigned. targetPort is the exposed port number of the pod. port is the port on the service object.
k8s service endpoint number how to check?
kubectl describe svc will print the endpoints. Endpoint mainly means the pods which the service is connecting.
K8s ingress controller vs load balancer? Vs nginx server?
Ingress controller contains load balancer + nginx server + other functions
K8s ingress controller role in k8s?
Ingress controller helps the apps deployed in k8s using a single accessible url that you can configure routes to different services within your cluster based on the url path. It also implement ssl security.
What kind of k8s object need to set up ingress controller?
Deployment, service type of node port, configMap, service account.
Term of ingress rules?
Ingress resources
链接cluster的网址怎么config?可以有多个吗?
Get different domain name, and then add multiple DNS entries all pointing to the same ingress controller service on your cluster
imperative vs declarative ? Explain in the context of k8s.
imperative means: cli tool to create sth.
declarative: use yaml manifest
multi-namespaces, how to create ing?
create ing in each ns
use exponential backoff to retry? meaning?
The term “backoff” refers to the practice of delaying subsequent attempts at retrying a failed operation. This delay is typically implemented to avoid overwhelming a system, reducing the chances of further failures due to excessive load or congestion. The backoff time can vary depending on the context.
OpenID connect? SSO? Their relationship? Any other similar tech to OpenID connect?
OpenID connect is a authentication protocol. It allows users to login to various app/web via a single set of credentials (google login). Similar tech like SAML. SAML and OpenID connect can be used to implement SSO. SSO, Social Login are similar things, the are just the concepts of above.
DNS? CNAME?
when type a url in browser, DNS system translate that domain name into IP points to the server where the website is hosted. In DNS, different types of DNS records serve various purposes in mapping domain names to specific resources or services on the internet. CNAME is a type of DNS record. A CNAME record maps one domain name to be an alias for another domain, i.e.
What is DNS? Explain an example DNS record type: A record
“A record” (Address record) is one of the fundamental types of DNS records used to translate domain names into IP addresses.
Apigee? main use case?
Apigee can be used to build reserver proxy for API, but it covers the whole lifecycle of APIs
Apigee concepts: api proxy, api product, app and developer, api token
api proxy: a proxy for your api
CDN and Akamai
A CDN, or Content Delivery Network, is a system of distributed servers that deliver web content to users based on their geographic location, mainly for static contect
CDN + Nginx on Sales
In a typical setup, Nginx can handle dynamic requests and backend operations within the Kubernetes cluster, while the CDN manages the delivery of static frontend assets globally. This combination ensures efficient handling of both dynamic and static content, optimizing the overall performance of your application.
what is the edgekey.net of Akamai
The edgekey.net domain is an internal DNS domain used by Akamai to dynamically route web traffic through its global network of edge servers for optimized content delivery and enhanced security.
IP address private vs public
Private IPs: Used internally within a local network (e.g., company LAN). They are not routable on the internet.
Ranges:
10.0.0.0 – 10.255.255.255 (10.0.0.0/8)
172.16.0.0 – 172.31.255.255 (172.16.0.0/12)
192.168.0.0 – 192.168.255.255 (192.168.0.0/16)
Purpose: Assigned to devices like computers, printers, and servers within the company.
Public IPs: Assigned by ISPs, routable on the internet. Used for external communication.
Examples: Any IP outside the private ranges above (e.g., 203.0.113.5).
Purpose: Identifies your company’s network to the outside world (e.g., hosting websites, email servers).
aws vpc dns resolver 169.254.169.253
IP address 169.254.169.253 is a well-known AWS service endpoint for the VPC DNS resolver
nslookup SDW-CORE-MongoDB-NLB-c3ced96371ae387f.elb.eu-central-1.amazonaws.com 169.254.169.253
~ $ nslookup SDW-CORE-MongoDB-NLB-c3ced96371ae387f.elb.eu-central-1.amazonaws.com
Server: 172.20.0.10
Address: 172.20.0.10:53
Non-authoritative answer:
Name: SDW-CORE-MongoDB-NLB-c3ced96371ae387f.elb.eu-central-1.amazonaws.com
Address: 44.109.12.175
Key Observations from Your Output
DNS Server:
The DNS server used is 172.20.0.10:53.
This is likely the CoreDNS service running in your EKS cluster (part of the Kubernetes DNS infrastructure).
CoreDNS forwards queries to the VPC’s DNS resolver (169.254.169.253) unless configured otherwise.
Resolved IP:
The NLB’s DNS name resolves to 44.109.12.175, which is a public IP address.
This indicates that the EKS cluster cannot see the NLB’s private IP (due to cross-VPC DNS resolution issues).
aws endpoint vs endpoint service
Key Differences
VPC Endpoint (Consumer): Connect to a service (AWS or third-party) on our own account
VPC Endpoint Service (Provider): Expose your service to others, on atlas mongo db account
