Azure Kubernetes Service Flashcards

1
Q

What are the components thet make up Kubernetes?

A

kub-apiserver
etcd
kub-scheduler
kub-controller-manager
cloud-controller-manager
node (kublet)(kub-proxy)(kub-=runtime)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the cluster configuration presets available?

A

Production Standard
Best for most applications serving production traffic with AKS-recommended best practices.

Dev/Test
Best for developing new workloads or testing existing workloads.

Production Economy
It is best for serving production traffic in a cost-conscious way if your workloads can tolerate interruptions.

Production Enterprise
Best for serving production traffic with rigorous permissions and hardened security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Can you have a private cluster using:
production standard
Dev/Test
Production Economy
Production Enterprise

A

Just Production Enterprise.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a private cluster?

A

In Azure Kubernetes Service (AKS), a private cluster is a cluster where the API server (the control plane) is only accessible within a private network rather than being exposed over the public internet.

This configuration enhances security by restricting access to the AKS API server to a specific virtual network (VNet), eliminating the potential attack surface exposed by having the control plane accessible publicly.

Key features of an AKS private cluster include:

Private endpoint: The API server is exposed through a private IP address within the configured VNet.
No public IP: The API server doesn’t have a public endpoint, ensuring that external users or systems cannot access it directly over the internet.
Network Security: You can use Azure Network Security Groups (NSGs), User Defined Routes (UDRs), and firewalls to further control and secure the traffic to the AKS cluster.
Managed Identity & RBAC: Private clusters still support managed identities and Role-Based Access Control (RBAC) for secure access management.
Private DNS Zone: A private DNS zone is used to resolve the private endpoint of the AKS API server within your network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

I require AKS control plane to be only accessible in a vNET?

A

Use private cluster:

Private endpoint: The API server is exposed through a private IP address within the configured VNet.

No public IP: The API server doesn’t have a public endpoint, ensuring that external users or systems cannot access it directly over the internet.

Network Security: You can use Azure Network Security Groups (NSGs), User Defined Routes (UDRs), and firewalls to further control and secure the traffic to the AKS cluster.

Managed Identity & RBAC: Private clusters still support managed identities and Role-Based Access Control (RBAC) for secure access management.

Private DNS Zone: A private DNS zone is used to resolve the private endpoint of the AKS API server within your network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Can you have a private endpoint with the control plane using:
- Production standard
- Dev/Test
- Production Economy

A

No, you need Production Enterprise

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a private link AKS cluster?

A

It is a private cluster deployed with a private link to a vnet where the control plane is available only over the vnet and not the public interface.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What components of an AKS are deployed to the node?

A

kublet
kub-proxy
container runtime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does the sublet do?

A

he kubelet ensures that containers are running in a pod.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does the Kub-proxy do?

A

The kube-proxy is a network proxy that maintains network rules on nodes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Are availability zones available in AKS for nodes?

A

Yes, 100%. You can use availability zones for nodes when using Production Enterprise or Production Standard.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Can you use Azure Policy with AKS?

A

Yes, 100% when using Production Enterprise or Production Standard.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Can you use Azure Monitor with AKS?

A

Yes, 100% when using Production Enterprise or Production Standard.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a pod in AKS?

A

A Kubernetes pod is the smallest and simplest unit in the Kubernetes object model. It represents a single instance of a running process in your Kubernetes cluster. Each pod contains one or more containers, which are applications that need to run together. These containers share the same network namespace, meaning they can communicate with each other using localhost, and they can share storage volumes as well.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the pause container?

A

In Kubernetes, the pause container is a special, lightweight container that acts as the “parent” container for all other containers in a pod. It serves as a base container that holds the pod’s network namespace and allows other containers in the pod to share networking resources, such as IP addresses and port bindings.

Namespace Anchor: The pause container creates and holds the network and process namespaces for the pod. All other containers in the pod join these namespaces, which allows them to communicate over localhost and share resources.

Minimal Resource Usage: The pause container itself does very little—it’s an extremely lightweight container, often referred to as a “sleep” container because it essentially just sleeps or waits indefinitely, using minimal CPU and memory.

Pod Lifecycle Management: By separating the network namespace from the application containers, the pause container ensures that the pod’s IP address and networking setup remain stable, even if application containers are restarted or replaced.

Maintaining Isolation: It ensures that the pod’s network and other shared resources are consistently available, even if application containers experience lifecycle changes like restarts or upgrades.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Can you have more than a single container in a POD?

A

Yes, there is a pause container, the application containers

17
Q

What is the primary function of the Azure Ingress Controller in an Azure Kubernetes Service (AKS) cluster?

A

It manages external HTTP/S traffic to applications running in an AKS cluster by routing traffic based on defined ingress rules.

18
Q

How does the Azure Ingress Controller improve performance and reliability in AKS?

A

By distributing incoming traffic across multiple backend pods or services through load balanciNG

19
Q

What type of routing does the Azure Ingress Controller support that allows directing traffic to specific services based on URL paths?

A

Path-based routing.

20
Q

What feature of the Azure Ingress Controller offloads SSL/TLS encryption and decryption from backend services?

A

TLS termination.

21
Q

How does the Azure Ingress Controller help ensure secure HTTPS connections for applications in AKS?

A

By managing SSL/TLS certificates for secure HTTPS connections.

22
Q

Which Azure services can the Azure Ingress Controller integrate with for additional traffic control and routing across regions?

A

Azure Front Door and Application Gateway.

23
Q

What feature of the Azure Ingress Controller allows it to handle high traffic loads effectively?

A

It works with AKS’s horizontal scaling, enabling automatic scaling of pods based on demand.

24
Q

In AKS, how can developers define and manage how external users access applications securely using the Azure Ingress Controller?

A

By defining and managing ingress rules directly within Kubernetes.

25
Q

Which capability of the Azure Ingress Controller supports load balancing for HTTP/S traffic?

A

It provides load balancing to distribute traffic across backend services or pods.

26
Q

What benefit does the Azure Ingress Controller provide by supporting path-based routing in AKS?

A

It allows different URL paths to route traffic to specific services within the cluster, enhancing application segmentation and control.