CKA, former CKAD Flashcards
Ingress vs egress ?
Ingress enables external traffic to reach containers, while egress enables containers to reach external resources. Ingress is typically used for exposing web applications and APIs to the outside world, while egress is used for accessing databases and other services outside of the cluster.
why do i do need livenessprobe?
Caution: Liveness probes can be a powerful way to recover from application failures, but they should be used with caution. Liveness probes must be configured carefully to ensure that they truly indicate unrecoverable application failure, for example a deadlock.
ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
whats special when configured using goproxy?
it need to come with readinessProbe of its own cause its a 2-step rocket
Difference in CKA vs CKAD exam allowed doc. sources?
CKA or CKAD: use the browser within the VM to access the following documentation:
https://kubernetes.io/docs/, https://kubernetes.io/blog/ and their subdomains. This includes all available language translations of these pages (e.g. https://kubernetes.io/zh/docs/)
CKAD only: https://helm.sh/docs
See here for all details: https://docs.linuxfoundation.org/tc-docs/certification/certification-resources-allowed#certified-kubernetes-administrator-cka-and-certified-kubernetes-application-developer-ckad
a tip how to search for multiple container pod yaml in the allowed documentation?
search two containers maybe? i found nginx and debian container in one pod yaml!
Which of the following commands will run a command inside an active container?
A. kubectl exec
B. kubectl run
C. kubectl create
D. kubectl describe
kubectl exec -i -t my-pod –container main-app – /bin/bash.
what does nodeSelector can be good for?
The nodeSelector: entry in the podspec could use this label to cause a pod to be deployed on a particular node with an entry such as:
P.s. Poor mans affinity option from what i understood later.
Can you name some built-in object labels?
There are several built-in object labels. For example nodes have labels such as the arch, hostname, and os, which could be used for assigning pods to a particular node, or type of node.
whats an ambassador in kubernetes?
It is “an open source, Kubernetes-native API gateway for microservices built on Envoy”.
It allows for access to the outside world without having to implement a service or another entry in an ingress controller: proxy local connection, reverse proxy, limits HTTP requests, re-route from the main container to the outside world.
Whats an initContainer?
The use of an initContainer allows one or more containers to run only if one or more previous containers run and exit successfully. For example, you could have a checksum verification scan container and a security scan container check the intended containers. Only if both containers pass the checks would the following group of containers be attempted. You can see a simple example below:
spec:
containers:
- name: intended
image: workload
initContainers:
- name: scanner
image: scanapp
Can k8s deployments be described in other terms?
This controller, or operator, is an agent to create and manage one or more instances of a specific stateful application. We have worked with built-in controllers such for Deployments and other resources.
The addition of a Custom Resource Definition can be handled through exactly what?
The addition of a Custom Resource Definition will be added to the cluster API path, currently under apiextensions.k8s.io/v1.
What does An option spec field is .spec.concurrencyPolicy used for?
An option spec field is .spec.concurrencyPolicy which determines how to handle existing jobs, should the time segment expire. If set to Allow, the default, another concurrent job will be run, and twice as many pods would be running. If set to Forbid, the current job continues and the new job is skipped. A value of Replace cancels the current job and the controlled pods, and starts a new job in its place.
Q. lab 4.1????: Verify your nodes are using a CNI plugin. Read through the startup process of CNI. Each message begins with a type ofmessage and a time stamp, followed by the details of the message. UseTABto complete for your node name. Examineboth the controller and one of your proxy pods
Those are the messages, dont see any type of message in the begining: I1212 11:23:19.028798 1 replica_set.go:205] Starting replicationcontroller controller
I1212 11:23:19.028813 1 shared_informer.go:252] Waiting for caches to sync for ReplicationC
ontroller
how many layers are there in the context of k8s CNI and what are their names?
1) physical is not talked about according to chatgpt
2) Layer 2 - Data Link Layer: This layer is responsible for node-to-node data transfer and handles things like MAC addressing, Ethernet framing, VLAN tagging, and error detection. CNI plugins operating at this layer manage how data is transferred within the same network segment or VLAN.
Layer 3 - Network Layer: This layer deals with IP addressing and routing. It is responsible for moving packets across network boundaries. CNI plugins operating at this layer are involved in routing and IP address assignment for pods.
Layer 4 - Transport Layer: While not directly managed by CNI plugins, this layer, which handles protocols like TCP and UDP, is relevant in the overall Kubernetes networking picture, particularly in services, ingress, and egress operations.
how is OSI organised?
Layer 1 - Physical Layer: This is the most fundamental layer, dealing with the transmission of raw bits over a physical medium. It includes things like cable types, electrical signals, and data rates. It’s the foundation upon which all higher layers are built.
Layer 2 - Data Link Layer: This layer is responsible for node-to-node data transfer and operates on frames. It handles things like physical addressing (MAC addresses), error detection and correction, and defines the protocol to establish and terminate a connection between two physically connected devices.
Layer 3 - Network Layer: The Network Layer is concerned with the routing of packets across different networks. It deals with logical addressing (IP addresses) and determines how data is sent to its destination through routing.
Layer 4 - Transport Layer: This layer provides end-to-end communication services for applications. It ensures complete data transfer and is responsible for error recovery and flow control. Protocols like TCP and UDP operate at this layer.
Layer 5 - Session Layer: This layer manages sessions between applications. It establishes, manages, and terminates connections between applications.
Layer 6 - Presentation Layer: It translates data between the application layer and the network. It’s responsible for data encryption, decryption, compression, and conversion.
Layer 7 - Application Layer: The highest layer of the OSI model, it provides services directly to user applications. It deals with network services that support applications.
Come up with questions about support of these features in k8s CNI projects: about support for vxlands, which layer is supported, network policies support, support for encryption of tcp and udp trafic and more? Here is what chatgpt 4 said:
Enhanced Kubernetes CNI Providers Comparison
Calico
Network Layer Support: Layer 3.
VXLAN Support: Yes, offers both VXLAN and IP-in-IP encapsulation.
Network Policies: Advanced network policy enforcement.
Encryption Support: Supports WireGuard for encrypting traffic.
Use Cases: High-performance, security-focused environments; advanced policy management.
Calico with Canal
Network Layer Support: Combines Layer 2 (Flannel) and Layer 3 (Calico).
VXLAN Support: Inherits VXLAN support from both Calico and Flannel.
Network Policies: Advanced, from Calico.
Encryption Support: Supports encryption via Calico (WireGuard).
Use Cases: Environments needing both simple setup (Flannel) and advanced policy control (Calico).
Flannel
Network Layer Support: Primarily Layer 2.
VXLAN Support: Yes, focuses on simplicity in VXLAN implementation.
Network Policies: Basic support, not as advanced as Calico.
Encryption Support: Does not natively support encryption of traffic.
Use Cases: Smaller, simpler Kubernetes setups; focus on ease of deployment.
Cilium
Network Layer Support: Layer 3, with eBPF-based networking.
VXLAN Support: Yes, along with other encapsulation formats.
Network Policies: Highly advanced, with eBPF-powered security features.
Encryption Support: Strong support for encryption, including transparent encryption of traffic.
Use Cases: Security-centric deployments; environments requiring detailed network visibility and control.
Kube-router
Network Layer Support: Layer 3 focused.
VXLAN Support: Limited or no native support for VXLAN.
Network Policies: Basic to moderate policy support.
Encryption Support: No native support for traffic encryption.
Use Cases: Balances performance and simplicity; suitable for medium-scale environments
What are some ways containers can communicate within the same pod?
IPC, loopback or shared filesystem access
Tips for the exam!
second: k should already be an alias, otherwise; alias k=kubectl
third: dont ever click on links not allowed or u will get disqualified. for that exit maximum window and see what are the links before clicking
fourth: Use :set paste or even better vim ~./.vimrc and put these there:
syntax on
autocmd FileType yaml setlocal ts=2 sts=2 sw=2 expandtab
What does those options stand for? autocmd FileType yaml setlocal ts=2 sts=2 sw=2 expandtab
autocmd FileType yaml: This part tells Vim to automatically execute the following commands whenever a file of the ‘yaml’ file type is opened. Vim detects the file type based on the file extension or sometimes the file content.
setlocal: This command sets options locally for the current buffer. It ensures that the changes made apply only to the YAML file you’re working on, not globally across all open files in Vim.
ts=2: This sets the ‘tabstop’ (ts) option to 2. The ‘tabstop’ option specifies the number of spaces that a tab in the file counts for. In this case, each tab character will be displayed as two spaces.
sts=2: This sets the ‘softtabstop’ (sts) option to 2. When you’re entering text, the ‘softtabstop’ setting makes Vim behave as though the tab character is 2 spaces wide. It affects how text is inserted and how the Tab and Backspace keys work.
sw=2: This sets the ‘shiftwidth’ (sw) option to 2. The ‘shiftwidth’ setting determines the number of spaces to use for each step of (auto)indent. It controls how many spaces are inserted for indentation.
expandtab: This option, when enabled, makes Vim insert spaces instead of tabs when the Tab key is pressed. Combined with the settings above, it means that each time you press Tab, it will insert two spaces.
Name possible memory settings in the pod yaml
Requests is what Kubernetes guarantees as available for the container.
Limits is the maximum amount of memory the container is allowed to use.
Args (“–vm-bytes”, “250M”) is specific to the stress tool used inside the container for testing and is not a Kubernetes resource allocation setting.
How do you aproach this on the exam? you need to know cron, its the linux 5 places cron thats used and which place is which:
Create a new cronjob which runs busybox and the sleep 30 command. Have the cronjob run every three minutes. View the job status to check your work. Change the settings so the pod runs 10 minutes from the current time, every week. For example, if the current time was 2:14PM, I would configure the job to run at 2:24PM, every Monday.
Obs! remember its 5parts cron and they are MHDMDofweek
What is the ambassador in Kubernetes?
Ambassador is a Kubernetes-native API Gateway built on Envoy Proxy. Managed entirely via Kubernetes Custom Resource Definitions, Ambassador provides powerful capabilities for traffic management, authentication, and observability.
Which of the following are helper container types? Choose all answers that apply: Ambassador, Adapter,ProbeHelper,Sidecar
All except Probehelper. can u give example of those?