Class 3 - Deploying app on Kubernetes Cluster

Question 1

What is a pod?

Answer 1

• A pod is a basic building block of Kubernetes
• It is very easy to horizontally scale a Pod
• A pod represents a unit of deployment in Kubernetes cluster
• A pod encapsulates single or multiple containers along with storage and unique network IP.

Question 2

Relation between pod and containers

Answer 2

A pod can be consumed in two ways

1) Single Container per Pod
2) Multiple containers per Pod

Question 3

Single container pod

Answer 3

One container per Pod
Widely used when a container runs on physical machine on top of an operating system.
Unique network IP from pod network CIDR
Storage volume for persistent data

NOTE
One should not run individual pods for multiple instances of same application

Question 4

Most used design patterns for Multi container pod

Answer 4

1) Side car pattern
2) Adapter pattern
3) Ambassador pattern

Question 5

Describe Side car pattern and when to use it

Answer 5

Side car pattern is used when there is reader and writer relationship between containers. When one container writes and other container reads.

In sidecar pattern there are two or more containers, there will be writer containers and reader container.

Question 6

Multi Container Pod

Answer 6

When multiple containers live inside same pod. This is not a good design in general. Like keeping application server and web server in a single pod.

Multiple containers share the same IP and share the same volume.
As all the containers will have same IP address, so multiple instances of application will not be able to run on same port in case of Multiple container pod.

Question 7

Adapter container pattern (Similar to OOP adapter pattern)

Answer 7

We have a Formatter container. Formatter is going to format the output produced by any of container.

When you have FluentDB or Splunk container as part of a single pod. FluentDB or Splunk will take logs from web server or other containers and format in the configurable way.

Question 8

Ambassador container pattern

Answer 8

We have a proxy service, which is the only point of entry to the application. The proxy acts as API gateway to the web application.

So all the requests will land on proxy and will be forwarded to actual application.

Question 9

Need for pod

Answer 9

1) Containers can work well alone but when scaled up, it becomes difficult to apply patches to them their management becomes cumbersome.
2) Secondly orchestrator is required to help in scaling out or scaling in
3) This orchestration is provided by Kubernetes by using Pod abstraction
4) Pods are building blocks of Kubernetes
5) Each pod manages single or multiple containers depending upon the application workload.
6) Through pod, one can manage multiple containers as one entity.

Question 10

What features do pods provide?

Answer 10

1) Self healing - restart pod if it crashes. Restart policies are there.
2) Auto scaling - scale on basis of certain metrics like CPU, disk
3) Load balancing using services - single endpoint for set of pods
4) Rolling update/rollback - zero downtime application upgrade
5) Resource monitoring and logging - Prometheus can be used for monitoring. Kubernetes does not come with inbuilt monitoring capabilities.

Question 11

Pod Lifecycle phases

Answer 11

Pending - Goes to this state when it is first created. Pod is waiting for a node to be assigned to it. It reflects the time spent in downloading the container images and creating them. It also means that system has accepted the Pod.
Pending status time = (Scheduling time) + (Download and start container)

Running - Pod is tied up with the node, and atleast one of the container is running.

Succeeded - A container’s termination in Kubernetes was successful. “It will not be restarted.” Some pods that are small batch jobs that start and complete after doing their job and don’t need to be run continuously go into this state.
As opposed to webserver or database server that run in daemon mode and run continuously.

Failed - When one or more container’s termination is unsuccessful. Termination due to failure is either because of non-zero exit status of container. Any failure that happens as part of container means that exit status is not zero. Then the pod goes in Failed state.

Unknown - When there is communication problem of a container with the host machine, status of the container cannot be obtained. Since there is no status update, Kubernetes system marks it as “Unknown”
For such errors channels should be checked first.
Unknown state does not mean that pod is not running. It may be running and serving requests but the master is not able to get the current status of the pod due to underlying networking issue or similar. It takes time to troubleshoot this status.

NOTE : Pod does not have to go through all the above phases.

Question 12

Do containers have private IPs inside pod?

Answer 12

No, container networking is disabled when we install CNI (Container networking interface by CNCF).
The only IP they will have is the one of the pod.

Question 13

What can be said about Succeeded state and restart in Kubernetes?

Answer 13

By default policy, restart is set as true for all pods as a part of self healing policy.
If pod fails then Kubernetes will try to restart that pod. But if the pod goes in Succeeded state then it will not be restarted.

Question 14

If we kill the container inside pod, which state will it go to?

Answer 14

When we kill the app the exit status will be > 0, so it will go to the FAILED state.

Question 15

Which are the bare minimum fields required while creating a pod?

Answer 15

1) apiVersion
2) kind - Pod, Deployment etc
3) metadata
4) spec

Question 16

Give example of a bare minimum pod yaml file

Answer 16

apiVersion: v1
kind: pod
metadata:
  name: mypod
  labels:
    version: v1
    app: webserver
spec:
  containers:
    - images: nginx:latest
      name: myfirstcontainer

Question 17

How to view detailed events for pod?

Answer 17

kubectl describe pod

will show detail about all the events and status. Like image information, events etc.

Question 18

How to get pods information in yaml format?

Answer 18

kubectl get pods -o yaml

Question 19

How to get logs of pods?

Answer 19

kubectl logs

Question 20

How to preserve the data that is part of pod that will vanish if the pod dies?

Answer 20

We need to mount the volume from the pod to the host machine location. So we need to identify the location from pod that we need to preserve and mount it to physical location on host machine.

Question 21

How many types of volumes does Kubernetes support?

Answer 21

1) hostPath - this path is located at the host at which pod is running. location on physical VM where to mount the data.
2) emptyDir - Ephemeral. It is present till the lifecycle of pod. Once pod is deleted, the emptyDir will go away
3) configMap
4) GlusterFS
5) ….

Question 22

Sample hostPath volume mapping yaml

Answer 22

spec:
  containers:
    - name: mysql
      image: mysql
      volumeMounts:
        - path: /var/lib/mysql
          name: mysqlvol
  volumes:
    hostPath:
      path: /data
      type: DirectoryOrCreate
    name: mysqlvol

Volume mapping is two part
1) VolumeMount - where we provide location inside the container/ pod
2) Volumes - where we provide location of physical VM.
To map volumeMount and Volumes we need to provide the same name for volumeMount and volume

Question 23

Cardinality relation between volumeMounts and Volumes

Answer 23

We can have multiple volumeMounts pointing to the same volume. Or you can have 5 volumeMounts pointing to 5 different types of volumes on host machine.

Question 24

Equivalent of docker exec command in Kubernetes which can be used to enter the pod

Answer 24

kubectl exec -it

kubectl exec -ti mysql bash

Question 25

What problem does Kubernetes sercret resource solve?

Answer 25

Kubernetes secret provides a way to securely store sensitive information such as passwords, private keys that we don’t have to give directly into yaml file. Otherwise anyone who has access to the machine will be able to view those passwords and sensitive values.

Question 26

Where are secrets stored in Kubernetes?

Answer 26

Secrets are stored in etcd and is a key value pair.

Question 27

How to create and use secret resource in Kubernetes?

Answer 27

1) First we have to create secret resource. Secret is a resource in Kubernetes and its data contains key value pairs.

Definition of secret - mysecret
data:
password: root

2) Now we use that in yaml where we need to use the secret

env:
  name: MYSQL_ROOT_PASSWORD
  valueFrom:
    secretKey:
      name: mysecret
      key: password

Question 28

How is secret encoded in Kubernetes?

Answer 28

Kubernetes secret is encoded in Base64

Question 29

How many formats of secrets does kubernetes provide?

Answer 29

1) generic - encoded by Base64

2) clear - no encoding (data is exposed)

Question 30

Command to generate a secret resource

Answer 30

kubectl create secret generic –from-literal==

kubectl create secret generic mysql-pass –from-literal=password=root

Question 31

Command to get list of all secrets

Answer 31

kubectl get secret

returns list of all secrets created.

Question 32

Command to get detail of secret

Answer 32

kubectl describe secret

Shows detail of secret and will show keys but will not show the value. Will just show size of value

kubectl describe secret -o yaml

Shows encoded base 64 value of password.

Question 33

If secrets are only encoded then how do we get security if anyone can decode the base 64 value?

Answer 33

In Kubernetes we can enable RBAC (Role based access control) so that only few people have access to some privileged resources.

Question 34

Sample YAML file way to create a secret

Answer 34

apiVersion: v1
kind: Secret
metadata:
  name: mysecret
type: Opaque
data:
  password:

Question 35

What is the difference between ephemeral region of pod and emptyDir volume?

Answer 35

ephemeral region of pod will be cleaned up when the pod crashes. So after pod dies/crash if the pod comes back up it will not have that data and will start with fresh data.

But in case of emtpyDir, the data lasts till the lifecycle of pod. So even if pod crashes and comes back up the data will be preserved.

Question 36

Create pod definition for following multi-container scenario.
Need to implement sidecar pattern for nginx container. Nginx container will serve index.html and the sidecar i.e. a debian based container will keep appending date output to index.html per second.

HINT: Use emptyDir volume mount

Answer 36

apiVersion: v1
kind: Pod
metadata:
  name: nginxsidecar
spec:
  volumes:
  - name: html
    emptyDir: {}
  containers:
  - name: 1st
    image: nginx
    volumeMounts:
    - name: html
      mountPath: /usr/share/nginx/html
  - name: 2nd
    image: debian
    volumeMounts:
    - name: html
      mountPath: /html
    command: ["/bin/sh", "-c"]
    args:
      - while true; do
          date >> /html/index.html;
          sleep 1;
        done

Question 37

How to view logs specific to a particular container when working with multi-container pods

Answer 37

If we don’t give any container name when trying to view logs in multicontainer pod then it will be confused and not show any output.
So we have to tell it which container logs need to be shown

kubectl logs -c

Question 38

How to run exec command for a particular container when working with multi-container pods

Answer 38

kubectl exec -ti -c

e.g.
kubectl exec -ti nginxsidecar -c 1st bash

Container name is required because without it kubernetes will not know which container to fire that command on.

Question 39

What are init containers?

Answer 39

Init containers are containers that run as part of actual pod deployment. You will deploy primary applications and have flexibility of deploy init containers.
Init containers is container that runs before the application container starts. There is dependency that application containers cannot start till the init container completes. So init containers always run to completion.

Question 40

Is init container part of application image?

Answer 40

No, init containers have custom code which is not part of application image.

Question 41

What happens if init container fails?

Answer 41

Kubernetes keeps on restarting the pod till the init container succeeds.

Question 42

What is the use of init containers?

Answer 42

Init containers are used to perform some pre-requisites. For example: In case of multi-tiered application, web containers should start only after database server starts. As part of web server deployment we can deploy init container which is a small script and does nslookup on the database container IP address or container service name.

Similarly downloading some content from GitHub repository for CI/CD to start, checking if certain ports are available or not, making sure dependent applications or services are up or not. These things are not responsibility of application. These things are done by infrastructure deployment. This responsibility is taken by init container.

Question 43

Is init container considered as multi-container pod?

Answer 43

No init container is not considered as multi-container pod. As init container runs before application container and will complete before application container starts. There will only be one container running. In multi-container there are multiple containers running in parallel.

Question 44

Is it mandatory to have init containers?

Answer 44

No it is not mandatory.

Question 45

Can we have multiple init containers?

Answer 45

Yes, a pod may have multiple-init containers.

If there are multiple all the containers run to completion before the application is started.

Question 46

What are advantages of multiple-init containers?

Answer 46

Since they a

Question 47

What is busybox?

Answer 47

Busybox is an OS image that is very lightweight and is useful to run lightweight containers that have some startup scripts as part of init containers.

Question 48

Are init containers visible in describe?

Answer 48

Yes, kubectl describe will provide information about the init container, its status and if completed the application container will be started.

Question 49

What is difference between kubectl create and kubectl apply?

Answer 49

Kubectl create is used to create the pod for the first time. Running that command again for an existing pod will give AlreadyExists error.
While lets say we change the image version inside pod spec and the fire apply. That will re-configure the pod.

Question 50

What are Pod Presets?

Answer 50

Pod preset allows you to reuse some information lets say ports, volumeMounts, environment variables, etc that need to be repeated for every deployment in different projects.
Pod Preset in an API resource which is used to provide additional runtime requirement to a Pod at the time of creation.

Question 51

How does Pod Preset help us?

Answer 51

It helps us because if you are working as developer, or devops person who so ever is maintainer of yaml files, as Pod template authors we don’t need to know about the environment variables, build number, that is something that is automated.

Question 52

Who is Pod template author?

Answer 52

Person who writes YAML files are called pod template authors.

Question 53

Relation between pod and pod presets?

Answer 53

While pods are created, it inherits all the extra information required from the Pod presets.

Question 54

How to view CPU utilization and resource consumption information of Pod (not individual containers) ?

Answer 54

kubectl top

command is used to view that information.

Question 55

How to view per container resource consumption information?

Answer 55

We have use some other tools like Prometheus or MetricServer to get that information, kubernetes does not provide in built way to monitor metrics of individual containers.

Question 56

What are pause containers?

Answer 56

TBA