Azure Kubernetes Service Flashcards

1
Q

What is a Container constructed of?

A

A set of file system Layers constructed using the following:

1, Base layer: A container image starts with a base layer, which is usually a minimal root filesystem.

2, Additional layers: Each subsequent layer represents a set of changes to the filesystem, such as adding, modifying, or deleting files and directories.

  1. Read-only layers: These layers are stacked on each other in a read-only manner. Each layer only contains the changes from the previous layer.
  2. Union filesystem: When a container runs, these layers are combined using a union filesystem to create a single, coherent filesystem view.
  3. Copy-on-write: When a running container needs to modify a file, it uses a copy-on-write mechanism to create a new, writable layer on top of the read-only layers.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Where do we store container images?

A

Azure Image Registry

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the name of the system responsible for:

  1. Deployment
  2. Autoscaling
  3. Update
  4. Storage
  5. Network integration
  6. Load Balancer
A

Orchestrator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How are updates handled in a containerized environment?

A

A new container is created using the use image, and the old container is deleted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the critical parts that make Azure Kubernetes System?

A
  1. API Server
  2. Scheduler
  3. ECD
  4. Controllers
  5. Nodes (Workers)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

I want to use Windows and Linux Containers. Can I use a single cluster?

A

Yes, But you need two separate pools, one Windows and the other Linux

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the component of Kubernetes running on each Node?

A

Kublet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What cost tier is required for Acure Container Registry to have container geo-replication?

A

Premium tier, standard, and basic tiers do not support this feature.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

I have multiple regions with Azure Kubernetes Service and wnat centralized management for the container images; what are my options?

A

You cna use a premium Azure container registry in multiple regions, which will have central management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Can Azure Kubernetes Service be deployed across regions?

A

No, it is a regional service. You can, however, deploy an Azure traffic manager to manage traffic to a tow independent clusters deployed in two regions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the types of network options for Kubernetes?

A
  1. Kubernetes networking
  2. Azure CNI
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the primary function of the Azure Ingress Controller in an Azure Kubernetes Service (AKS) cluster?

A

It manages external HTTP/S traffic to applications running in an AKS cluster by routing traffic based on defined ingress rules.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How does the Azure Ingress Controller improve performance and reliability in AKS?

A

By distributing incoming traffic across multiple backend pods or services through load balancing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What type of routing does the Azure Ingress Controller support that allows directing traffic to specific services based on URL paths?

A

Path-based routing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What feature of the Azure Ingress Controller offloads SSL/TLS encryption and decryption from backend services?

A

TLS termination.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How does the Azure Ingress Controller help ensure secure HTTPS connections for applications in AKS?

A

By managing SSL/TLS certificates for secure HTTPS connections.

17
Q

Which Azure services can the Azure Ingress Controller integrate with for additional traffic control and routing across regions?

A

Azure Front Door and Application Gateway.

18
Q

What feature of the Azure Ingress Controller allows it to handle high traffic loads effectively?

A

It works with AKS’s horizontal scaling, enabling automatic scaling of pods based on demand.

19
Q

You have an Azure subscription that contains an Azure Kubernetes Service (AKS) cluster. You need to ensure that the AKS cluster can authenticate to Azure AD to access Azure resources. What should you use?

A

To enable an Azure Kubernetes Service (AKS) cluster to authenticate with Azure Active Directory (Azure AD) for access to Azure resources, you should use Azure AD Workload Identity or Azure Managed Identity.

Here’s a breakdown of both:

Azure AD Workload Identity:

This allows pods within the AKS cluster to use Azure AD identities to access Azure resources securely.
It enables fine-grained access control, leveraging Azure RBAC to manage permissions for Azure resources.
Recommendation: This is now the preferred method for new AKS clusters, as it simplifies authentication and enhances security.
Managed Identity for AKS:

With a managed identity assigned to the AKS cluster, AKS can authenticate directly with Azure AD without needing application secrets or credentials.
This managed identity can then be granted permissions to access Azure resources (e.g., Key Vaults, storage accounts).

20
Q

In AKS, how can developers define and manage how external users access applications securely using the Azure Ingress Controller?

A

By defining and managing ingress rules directly within Kubernetes.

21
Q

Which capability of the Azure Ingress Controller supports load balancing for HTTP/S traffic?

A

It provides load balancing to distribute traffic across backend services or pods.

22
Q

What benefit does the Azure Ingress Controller provide by supporting path-based routing in AKS?

A

It allows different URL paths to route traffic to specific services within the cluster, enhancing application segmentation and control.

23
Q

You have an Azure subscription that contains an Azure Kubernetes Service (AKS) cluster. You need to ensure that the AKS cluster can authenticate to Azure AD to access Azure resources. What should you use?

A

To enable your Azure Kubernetes Service (AKS) cluster to authenticate to Azure AD and access Azure resources, you should use Managed Identity. By enabling a Managed Identity on your AKS cluster, you allow the cluster to authenticate with Azure AD without needing explicit credentials, making access to Azure resources both secure and easier to manage.

Here are the steps involved:

Enable Managed Identity on the AKS Cluster: This assigns a unique identity to your AKS cluster.
Assign Permissions to the Managed Identity: Use Azure Role-Based Access Control (RBAC) to grant this identity the necessary permissions for accessing Azure resources.
Using Managed Identities is the recommended approach for securing access from AKS to Azure resources.

24
Q

What storage has AKS?

A

Azure Storage Account Files
Azure Account Account Blobs
Azure Managed Disk

25
Q

Can you mound a Azure Disk to a AKS Pod?

A

Yes

26
Q

When you mound a Azure Disk to a AKS Node , can it also be shared and mounted in a AKS Node?

A

No

27
Q

When you mound a Azure Disk to a AKS Node , can all the pods (containers) in the node access the disk if they want?

A

Yes the disk is mounted as a volume in the node and exposed to the posts (containers)