CKA Reloading Flashcards
What are the components of a control plane?
MASTER:
ETCD (Key-Value store)
kube-scheduler (identify the right node to place the pod on), controllers (node-controller, replication-controller, controller-manager)
kube-apiserver (primary management component - orchestrates all operations within the cluster)
WORKER:
container run-time engine (e.g. docker, rkt, containerd)
kubelet (captain - runs on each node, listens for instructions from kube-apiserver, creates the pod on the node)
kubeproxy (communication between worker nodes are enabled by this service)
How does kubernetes support other container run times e.g. rkt, containerd?
CRI (Container Runtime Interface) and should follow OCI standards (Open Container Initiative) - imagespec, runtimespec
dockershim (to still support docker) - REMOVED as containerd (deamon) supports CRI
How is the information stored in a key-value store
In form of documents/pages. Each individual entry gets a document. Changes to one file does not affect the others. Dataformats: json or yaml
What information is stored in etcd
Nodes
PODS
Configs
Secrets
Accounts
Roles
Bindings
Others
How does kubeadm deploy a kubernetes cluster control plane components?
As pods in kube-system namespace. you can check using
kubectl get pods -n kube-system
What happens when I type kubectl get nodes. Explain the workflow.
The kube-apiserver authenticates the request and validates it
The data is then retrieved from etcd cluster and responds back
Explain the workflow for a pod creation
The kube-apiserver updates the information in etcd cluster
updates user that a pod is created
kube-scheduler continuously monitors the apiserver and realizes there is a pod with no node assigned
scheduler identifies the right node to put the pod on and communicates back to the kube-apiserver
kube-apiserver then updates the information in etcd cluster
apiserver then passes the information to kubelet in the appropriate worker node
kubelet then creates the pod and instructs the container-engine to deploy the application image
Once done, kubelet updates the status back to the apiserver which in turn updates the data back in etcd cluster
kube-apiserver is the only component that interacts directly with the etcd data store
- Authenticate User
- Validate Request
- Retrieve data
- Update ETCD
- Scheduler
- Kubelet
What does kube-controller manager do?
Watch status e.g. every 5 secs for nodes
Remediate Situation
e.g. Node controller, replication controller (ensures desired no. of pods are present)
Which folder has all the config files for control plane components deployed using kubeadm
cat /etc/kubernetes/manifests/kube-controller-manager.yaml
cat /etc/kubernetes/manifests/kube-scheduler.yaml
What does kubelet do?
Registers the node with the kubernetes cluster
Create PODs
Requests container-engine to deploy the application in the POD
Monitor Mode & PODs and reports to kube-apiserver
KUBEADM does not deploy kubelet.. It should be manually installed
When is a service created?
To expose an application to other PODs. The other PODs can access the application using the name of the service. The service also gets an IP.
Service does not join the POD network.
Enable loose coupling between microservices application
What does kubeproxy do?
Runs on each node in the kubernetes cluster. It looks for new services and creates appropriate rules on each node to forward traffic to the POD using iptables rules
Single POD is always deployed on each node in the cluster (deployed as deamonset - e.g. logging)
What is a POD?
A single instance of an application. Containers are encapsulated in PODs
How to deploy a POD using kubectl?
kubectl run pod_name –image image_name
This command deploys a docker container by creating a POD
How to see a list of pods available?
kubectl get pods
How to create a POD using POD definition file?
apiVersion: v1
kind: Pod
metadata:
name: mypod
labels:
type: front_end
spec:
containers:
- name: mycontainer
image: nginx
kubectl create -f 1.yaml or kubectl apply -f 1.yaml
create and apply works the same way if you are creating a new object
What is the apiVersion for POD, Service, ReplicaSet & Deployment?
POD: v1
Service: v1
ReplicaSet: apps/v1
Deployment: apps/v1
How to see detailed information of the POD
kubectl describe pod pod_name
How to create a replicaset using pod definition file
apiVersion: apps/v1
kind: ReplicaSet
metadata:
name: myreplicaset
labels:
type: front_end
spec:
replicas: 2
selector:
matchLabels:
type: front_end
template:
metadata:
labels:
type: front_end
spec:
containers:
- name: mycontainer
image: nginx
What is the purpose of selector in replicaset?
It helps identify what pods fall under it. Replicaset can also manage pods that are not created as part of replicaset creation.
selector:
matchLabels:
type: front_end
How to scale a replicaset?
Option 1: Update the definition file and then run k replace -f replicaset-definition.yaml
Option 2: k scale –replicas=6 -f replicaset-definition.yaml (DOES NOT CHANGE THE FILE)
OR
k scale –replicas=6 replicaset replicaset_name
If you have an object and want to extract the pod definition file of that object how to do that?
e.g. k get replicaset replica_set_name -o yaml > definition_file.yaml
If the object does not pre-exist
kubectl create replicaset <replicaset-name> --image=<image-name> --dry-run=client -o yaml > replicaset-definition.yaml</image-name></replicaset-name>
What is the purpose of deployments?
For managing updates to the infrastructure e..g rollingupdates, or rollback
How to create a deployment?
apiVersion: apps/v1
kind: Deployment
metadata:
name: mydeployment
labels:
type: front_end
spec:
replicas: 2
selector:
matchLabels:
type: front_end
template:
metadata:
labels:
type: front_end
spec:
containers:
- name: mycontainer
image: nginx
Types of deployment strategies
RollingUpdate (default)
Recreate
How to see the status of rollout for a deployment?
k rollout status deployment/deployment_name
How to see the revisions of rollout for a deployment?
k rollout history deployment/deployment_name
How to apply any definition file changes?
k apply -f deployment-definition.yaml
If you are changing image then you can do it by using set image command
k set image deployment/deployment_name container_name=image_name (FILE NOT CHANGED)
How to undo a rollout?
k rollout undo deployment/deployment_name
How to record the cause of change in a deployment
k create -f deployment_file.yaml –record
What does k edit command do
It will open the definition file and you can make edits to it. Once changes are done, the updates will take place
What are the types of services
NodePort (external access) - maps a port on the node to a port on the pod
ClusterIP (within the cluster)
LoadBalancer
What are the different ports in nodePort
TargetPort (pod)
Port (service) - mandatory
nodePort (node’s port) - 30000 - 32767
How to create a service?
apiVersion: v1
kind: Service
metadata:
name: myservice
labels:
type: front_end
spec:
ports:
- port: 80
targetPort: 80
nodePort: 30008
selector:
type: front_end (selects all pods that match this label as endpoints to forward the traffic)
type: NodePort
What are the 3 namespaces created by default in kubernetes
Default
kube-system
kube-public
How to reach a POD in a different namespace? e.g. database pod
mysql.connect(“db-service.dev.svc.cluster.local”)
When a service is created, a DNS entry is added automatically in this format.
How to view pods in different namespace?
k get pods –namespace=namespace_name
How to view pods in all namespaces?
k get pods –all-namespaces -o wide
How to create a namespace?
k create namespace dev
How to switch the context i.e. namespace permanently to something else instead of default?
k config set-context $(k config current-context) –namespace=dev
How to limit resources in a namespace?
ResourceQuota
apiVersion: v1
kind: ResourceQuota
metadata:
name: resource_quota
namespace: dev
spec:
hard:
pods: “10”
requests.cpu: “4”
requests.memory: 5Gi
limits.cpu: “5”
limits.memory: 10Gi
In declarative vs imperative approach which command is run?
k apply -f nginx.yaml - Declarative
k edit deployment nginx - Imperative
what are the imperative command to create pod, create deployment, expose the deployment on a port?
To create objects:
k run nginx –image=nginx
k create deployment nginx –image=nginx
kubectl expose deployment <deployment-name> --port=<port> --target-port=<target-port> --name=<service-name> --type=<service-type></service-type></service-name></target-port></port></deployment-name>
kubectl expose deployment my-app –port=80 –target-port=8080 –name=my-app-service –type=ClusterIP
To edit properties of the object:
k edit deployment nginx is the quickest way
How to create a deployment and output that to a yaml file
kubectl create deployment nginx –image=nginx –dry-run=client -o yaml > nginx-deployment.yaml
How to Create a Service named nginx of type NodePort to expose pod nginx’s port 80 on port 30080 on the nodes:
k expose pod nginx –type=NodePort –port=80 –name=nginx-service –dry-run=client -o yaml > file.yaml
Limitation: cannot give nodeport here.. you have to generate the file and enter the nodeport separately.
Advantage: Uses pod labels as selectors
How to create pod with multiple labels imperatively
kubectl run my-pod –image=nginx –labels=”env=production,app=web,version=v1”
How to Create a new pod called custom-nginx using the nginx image and run it on container port 8080.
kubectl run custom-nginx –image=nginx –port=8080 – This is the port the application inside the container will be listening to.
If you want to expose the pod - kubectl expose pod custom-nginx –port=8080 –target-port=8080 –name=custom-nginx-service
How to schedule a pod to a specific node?
use the nodeName attribute in the spec section.
nodeName: node01
How to select pods with a specific label?
kubectl get pods –selector app=App1
e.g. k get pod –selector env=prod,bu=finance,tier=frontend
Why are annotations used?
For informatory purpose. Added in metadata section.
name:
labels:
annotations:
buildversion: 1.34
On which objects are taints set and tolerations set
Taints - Nodes
Tolerations - Pods
If Node #1 has taint Blue and Node #2 & 3 dont have any taints
A
B
C
D - toleration blue
D can be allowed on Node #1. But does not stop from D being placed on #2,3,4
How to taint a node?
k taint nodes node_name key=value:taint-effect
If the tolerations are not set on the pods:
- NoSchedule (new pods will not be scheduled
- PreferNoSchedule (will try not to schedule)
- NoExecute (new pods will not be scheduled and existing ones will be evicted)
e.g. k taint nodes node01 app=blue:NoSchedule
How to add tolerations to a pod
Added in pod definition file under spec section
tolerations:
- key: “app”
operator: “Equal”
value: “blue”
effect: “NoSchedule”
Remember: All should be in “”
How to check the taint associated to a node?
k describe node kubemaster | grep Taint
How to label nodes?
k label nodes node_name label_key=label_value
nodeSelector:
size: Large
Will not work for complex operations
- place pod on large or medium nodes
How to use nodeAffinity
apiVersion: v1
kind: Pod
metadata:
name: mypod
labels:
type: front_end
spec:
containers:
- name: mycontainer
image: nginx
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: size
operator: In
values:
- Large
There are In, NotIn, Exists operations as well
What are the properties of nodeAffinity?
requiredDuringSchedulingIgnoredDuringExecution
preferredDuringSchedulingIgnoredDuringExecution
requiredDuringSchedulingRequiredDuringExecution
How to set resource requests & limits to a POD?
apiVersion: v1
kind: Pod
metadata:
name: mypod
labels:
type: front_end
spec:
containers:
- name: mycontainer
image: nginx
resources:
requests:
memory: “64Mi”
cpu: “250m”
limits:
memory: “128Mi”
cpu: “500m”
What is a LimitRange?
To set defaults
apiVersion: v1
kind: LimitRange
metadata:
name: cpu-resource-constraint
spec:
limits:
- default:
cpu: 500m
defaultRequest:
cpu: 500m
max: range
cpu: “1”
min:
cpu: 100m
type: Container
Memory:
apiVersion: v1
kind: LimitRange
metadata:
name: mem-limit-range
spec:
limits:
- default:
memory: 512Mi
defaultRequest:
memory: 256Mi
type: Container
What all actions can you perform using the command
k edit pod pod_name
Only these can be changed:
spec.containers[*].image
spec.initContainers[*].image
spec.activeDeadlineSeconds
spec.tolerations
What is Deamon Set and its use cases?
Ensures one copy of the POD runs in every node.
Use cases?
- Monitoring Agent
- Log Collector
- e.g. Kube-Proxy
Deamon set creation is same as replicaset except the apiVersion is apps/v1 and kind: DeamonSet
Example:
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: elasticsearch
namespace: kube-system
labels:
k8s-app: fluentd-logging
spec:
selector:
matchLabels:
name: elasticsearch
template:
metadata:
labels:
name: elasticsearch
spec:
containers:
- name: elasticsearch
image: registry.k8s.io/fluentd-elasticsearch:1.20
Can kubelet function without master node?
Yes, the pod manifest files can be placed in
Option 1: kubelet.service file - configure pod-manifest-path
/etc/kubernetes/manifests
Option 2: kubelet.service file - config=kubeconfig.yaml
within kubeconfig.yaml - define staticPodPath: /etc/kubernetes/manifests
These pods are called static pods
Note: only pods can be created this way!
Use case for static pods:
- To deploy control plane components itself (kubeadm does it this way)
Can we have multiple schedulers?
Yes
e..g default-scheduler, my-scheduler-1, my-scheduler-2
https://kubernetes.io/docs/tasks/extend-kubernetes/configure-multiple-schedulers/
In pod definition file
schedulerName: my-scheduler-1
k get events -o wide to view which scheduler picked the pod
How does POD’s scheduling happen?
- Scheduling Queue (Priority)
- Filtering (Nodes that cannot run the pod are filtered out)
- Scoring (Nodes are scored by calculating the free space left after)
- Binding (Pods are bind to the node finally)
What are scheduler profiles?
Multiple schedulers can be added in the profiles section
What are some of the monitoring solutions for kubernetes?
Opensource (few examples):
- Prometheus
- Elastic Stack
- DataDog
- Dynatrace
What receives the metrics from nodes & pods?
Metrics Server (one per cluster) - In Memory (NO HISTORY). Need to rely on open source tools
cAdvisor in kubelet sends the metrics to metrics server
kubectl top node (CPU & memory details)
kubectl top pod
How to view kubernetes logs?
kubectl logs -f event-simulator-pod event-simulator
kubectl logs -f pod_name container_name
How to specify commands in a docker build file?
CMD sleep 5
CMD [“sleep”, “5”]
Dynamically change the parameter of the seconds
ENTRYPOINT [“sleep”]
Now you can give docker run ubuntu-sleeper 10
You can give default value:
ENTRYPOINT[“sleep’]
CMD [“5”]
If you want to change the command during execution
docker run –entrypoint sleep2.0 ubuntu-sleeper
How to pass commands and arguments to pod definition file?
apiVersion: v1
kind: Pod
metadata:
name: mypod
labels:
type: front_end
spec:
containers:
- name: mycontainer
image: nginx
command: [“sleep”]
args: [“10000”]
docker file already has:
FROM Ubuntu
ENTRYPOINT [“sleep”]
CMD [“5”]
command corresponds to entrypoint in the dockerfile (command overrides)
args corresponds to CMD in the dockerfile (args overrides)
k run webapp-green –image=kodekloud/webapp-color – command – python app2.py –color green
IMPORTANT: If you set both command and args in Kubernetes, it directly controls the command and arguments your container will run. If you only set command, Kubernetes will use the Dockerfile’s CMD. If you only set args, Kubernetes will use the Dockerfile’s ENTRYPOINT.
How to create environment variables in pods for a specific container
env:
- name: APP_COLOR
value: pink
You can also set environment variables using configmaps and secrets
env:
- name: APP_COLOR
valueFrom:
configMapKeyRef:
env:
- name: APP_COLOR
valueFrom:
secretKeyRef:
How to use configmap within the pod
apiVersion: v1
kind: Pod
metadata:
name: dapi-test-pod
spec:
containers:
- name: test-container
image: registry.k8s.io/busybox
command: [ “/bin/sh”, “-c”, “env” ]
envFrom:
- configMapRef:
name: special-config
restartPolicy: Never
How to create configmap imperatively
kubectl create configmap config_map_name \
–from-literal=APP_COLOR=blue \
–from-literal=APP_MOD=prod
less complex option:
kubectl create configmap config_map_name \
–from-file=./username.txt \
–from-file=./password.txt
Components of ./username.txt
.: This represents the current directory.
/: This is the separator between the current directory and the file name.
username.txt: This is the name of the file you’re referencing.
How to create configmap declaratively
apiVersion: v1
kind: ConfigMap
metadata:
name: game-demo
data:
# property-like keys; each key maps to a simple value
player_initial_lives: “3”
ui_properties_file_name: “user-interface.properties”
# file-like keys
game.properties: |
enemy.types=aliens,monsters
player.maximum-lives=5
user-interface.properties: |
color.good=purple
color.bad=yellow
allow.textmode=true
How to view config maps
k get configmaps
k describe configmaps
How to create secret & inject to pod
kubectl create secret generic db-user-pass \
–from-literal=username=admin \
–from-literal=password=’S!B*d$zDsb=’
What is drain and cordon
k drain node1
kubectl cordon node1
kubectl uncordon node1
drain - move the pods to an existing node
cordon - just makes the node unschedulable
Explain how versioning happens in kubernetes
v1.11.3
1 - major
11 - minor (features/functionalities)
3 - patch (bug fixes)
How to know the version of kubernetes cluster components?
kubeadm upgrade plan
