Container Architectures

Question 1

What are the technical benefits of containerisation?

Answer 1

1) Portability - Applications / services easily transport between different servers and environments.
2) Less Resources - Efficiency through using far fewer resources than VMs as your are only virtualising the OS rather than the entire infra.
3) DevOps – Bridges the environment and dependency logic between development and production.
4) Teams can create functionality with its own life cycle and scaling policies.
5) Security - Improved security by isolating applications from the host system and from each other.
6) Faster - Faster app start-up and easier scaling.

Question 2

What are the business benefits of containerisation?

Answer 2

1) Consistency leading to lower cost of development via reduced overhead between development and operation.
2) Loose coupling, avoiding legacy and vendor lock-in
3) Agility

Question 3

How do you list all docker images?

Answer 3

docker images

Question 4

How would you go about deleting an old docker image?

Answer 4

docker rmi {image_name}

docker image rm {image_name}

Question 5

How would you go about running a container from a local docker image in detached mode?

Answer 5

docker run -d {image_name : image_tag}

Question 6

How would you go listing all running containers on docker?

Answer 6

docker ps

container ls

Question 7

How would you list docker containers even in exited state?

Answer 7

docker ps -a

Question 8

How would you go about mapping your dockerhost port to the container port when spinning up a container?

Answer 8

Docker run -d -p {dockerhost_portnumber}:{container_portnumber} {image_name}:{tag_id}

For example:
Docker run -d -p 8080:80 nginx:latest

Question 9

How would you go about mapping multiple ports on the host when spinning up a container?

Answer 9

Docker run -d -p {{dockerhost_portnumber}:{container_portnumber} -p {dockerhost_portnumber}:{container_portnumber} {image_name}:{tag_id}

For example:
Docker run -d -p 3000:80 -p 8080:80 nginx:latest

Question 10

How would you run a container in docker with a name?

Answer 10

Docker run –name {name} -d {image_name}:{tag_id}

Question 11

What is the purpose of docker volumes?

Answer 11

Allows us to MOUNT data between:

1) Host and container
2) Between multiple containers

Question 12

What command flag would you use to mount files between host and container in docker?

Answer 12

-v {host_destination} :{ conatiner_destination}

Question 13

How would you go about running commands within a active container in docker?

Answer 13

docker exec -it { container_name } bash

Question 14

How do you exit the CLI of a “stepped into” container?

Answer 14

ctrl + d

Question 15

What flag would you use to mount files between two containers in docker?

Answer 15

docker run –volumes-from { target_container_name }

Question 16

How would you go about building a docker image from a local dockerfile named “website”?

Answer 16

docker build -t website:latest .

Question 17

Are docker volumes better in dev or prod and why?

Answer 17

Development, for connecting local file system to container file system.

This is not as required prod, as you can use the dockerfile to move files between host and container.

Question 18

What’s the difference between CMD and RUN within a dockerfile?

Answer 18

RUN is an image build step, the state of the container after a RUN command will be committed to the container image. A Dockerfile can have many RUN steps that layer on top of one another to build the image.

CMD is the command the container executes by default when you launch the built image. A Dockerfile will only use the final CMD defined.

Question 19

How would you go about taking advantage of caching within docker builds?

Answer 19

Integrated the ADD and COPY commands into the Dockerfile.

The ADD and COPY commands in a Dockerfile allow you to import external files into a Docker image.

If the contents of all external files on the first ADD command are the same, the layer cache will be used and all subsequent commands until the next ADD or COPY command will use the layer cache.

However, if the contents of one or more external files are different, then all subsequent commands will be executed without using the layer cache.

Question 20

If you would like to reduce the size or resource efficiency of a single container, how would you go about it?

Answer 20

Use an alpine distribution of the container to reduce the image size.

Question 21

How would you go about tagging a existing docker image to give a version number?

Answer 21

docker tag website:latest website:1.0.0

Question 22

Where does the word Kubernetes come from?

Answer 22

Greek for “Captain”

Question 23

Why was Kubernetes invented by Google?

Answer 23

The rise of microservices caused an increased usage of container technologies, because containers offer the perfect host for small, independent and decoupled applications and servcies.

The rise of loosely coupled services resulted in the creation of applications that comprise of 100’s or even 1000’s of containers. Managing this number of containers across multiple environments using just scripts and self-made tools became more complex than managing a monolith.

Question 24

What benefits does container orchestration offer?

Answer 24

High availability

Automation - Automates deployment, scaling, load balancing, logging and monitoring of containers.

Self-Healing - Automatically replaces unhealthy or failed conatiners.

Question 25

What is a pod and why is it a kubernetes concept?

Answer 25

A running environment for a container.

The reason kubernetes abstracts pods as a layer ontop of the container is to give the engineers choice over which container runtime environment is used.

Question 26

What does it mean when we claim that pods in kubernetes are ephemeral?

Answer 26

The last for a very short length of time. They are not infinite.

Question 27

What happens when a pod goes down on a node in kubernetes?

Answer 27

A new pod will get created in its place, and the new pod will get assigned it’s own new IP address on re-creation.

Question 28

What is a service within kubernetes and why is it used?

Answer 28

A static/permanent IP address that can be assigned to each pod.

Services are used to disconnect lifecycles of pods from services, meaning that services are still discoverable even if pods go down and their IP addresses change.

They can also be used to share services between different replicas of the same application running on different nodes.

Question 29

What is a ingress within a Kubernetes node and why is it used?

Answer 29

Think of it as a service for services!

An ingress is an API object that manages external inbound connections to a set of existing services within a cluster, typically HTTP.

Ingress can be used for load balancing, SSL certificates and name-based virtual hosting (i.e. providing domain names to external services rather than IP addresses).

Question 30

Does your Kubernetes Cluster manage any data persistence?

Answer 30

No - You have to use volumes to persist data either within a kubernetes node itself or within a remote storage service.

If you do not use volumes, any data will be lost whenever a pod goes down and is recreated.

Question 31

What is a StatefulSet in kubernetes and why is it used?

Answer 31

StatefulSet is used to ensure data consistency between multiple database replicas. It does this by ensuring the database reads and writes are synchronised.

Question 32

How would you go about creating a deployment of a single pod with nginx running on it on kubernetes?

Answer 32

kubectl create deployment nginx –image=nginx

Question 33

How would you go about logging activity on a pod?

Answer 33

kubectl logs pod_name

Question 34

How would you go about creating a kubernetes deployment from a yaml file?

Answer 34

kubectl apply -f config-file.yaml

Question 35

How would you go about storing sensitive environmental variables in kubernetes?

Answer 35

You would store them on K8 itself rather than in any files being pushed to a repository, and you would accomplish this via creating a secret.

You create a secret by creating a new configuration file, setting “kind: Secret” and “type: Opaque” and then run the below command:

kubectl apply -f filename.yaml

Question 36

What is the difference between a kubernetes secret and a kubernetes ConfigMap?

Answer 36

Secrets store data in base64 format meanwhile ConfigMaps store data in a plain text. So:

Use Secrets for things which are actually secret like API keys, credentials, etc

Use ConfigMaps for not-secret configuration data that needs to be shared among multiple components/services

Question 37

What do you need to additionally specify on a service config file in order to create an external service?

Answer 37

type: LoadBalancer
nodePort: range from 30000 - 32767

Question 38

What is the default service type on a kubernetes config file if you do not specify one?

Answer 38

clusterIP, also known as Internal Service

Question 39

What are the 3 primary things namespaces are used for in Kubernetes?

Answer 39

1) You can organise resources inside a virtual cluster within your cluster. These resources might be grouped by function, for example:

Database
Monitoring
Elastic Stack
Web Server Ingress

2) You can also use it to separate out teams to ensure nobody overwrites deployments with the same name. You can even assign access and resource limits for users within these name spaces for security and cost saving benefits.
3) You can use namespaces to serparate out Dev, Staging and Prod environments.

Question 40

How would you go about placing a domain name url on your kubernetes service?

Answer 40

Using an ingress.

You create one of these within a configuration.yaml file by specifying “kind: Ingress” and then write routing rules for forwarding requests to the internal service(s).

You will also need to install an Ingress Controller pod which will act as the entrypoint to the K8 cluster and will evaluate all the rules and manage redirections.

Question 41

What is Helm and what can it be used for?

Answer 41

Helm is a package manager for kubernetes.

It can be used for:

1) Download Helm Charts from public and private registries.
2) A templating engine for YAML configuration files.
3) Deploying the same application across development, staging and production environments.

Question 42

What is Helm Charts?

Answer 42

Package collections of YAML file and that are distributed via public and private registries.

For example, there can be a mongodb Helm Chart that contains all the necessary YAML files to setup express,, mongodb and any ingress config files.

Question 43

How would you use Helm as a templating engine?

Answer 43

You would create a template YAML file with placeholders within appropriate value fields.

Then you would create a values.yaml file to specify the values used for that deployment.

Question 44

What is the need for volumes within Kubernetes?

Answer 44

To persist data by creating a data store that is not dependent upon pod lifecycles.

Question 45

How is persistent data storage achieved within kubernetes?

Answer 45

You use volumes to plug in an external database solution or file storage system into your K8 cluster.

Question 46

What is a headless service within Kubernetes?

Answer 46

Making requests directly to pods rather than going through a clusterIP address or loadbalancer.

This is useful for stateful database storage services as the pods do not necessarily all have the same read / write responsibiltiies.

Question 47

What does Anthos use for logging and monitoring within hybrid-cloud environments?

Answer 47

Stackdriver

Question 48

What are nodes within Kubernetes?

Answer 48

Compute Engine instances (VMs) that house groups of pods.

Question 49

How would you go about creating a GKE instance in the GCP CLI?

Answer 49

gcloud container clusters create webfrontend –zone $MY_ZONE –num-nodes 2

Question 50

How would you go about building a docker image within the GCP CLI?

Answer 50

gcloud builds submit -t gcr.io/$DEVSHELL_PROJECT_ID/{container_directory} {path_to_dockerfile}

The files are staged in Cloud Storage, and a Docker image is built and stored in the Container Registry.

Question 51

What is the difference between GKE standard and GKE autopilot?

Answer 51

GKE standard is configuration flexibility and pay-per-node.

GKE autopilot is a hands-off experience and pay-per-pod, making it more costly against those that configure GKE standard correctly.

Question 52

What are the steps to create a GKE deployment on GCP?

Answer 52

1) Enable the GKE and Container Registry API’s.
2) Create a standard GKE deployment in “Kubernetes Engine”. Ensure to tick “Allow full access to all Cloud API’s” within the Node Pool > Security > Access Scopes.
3) Click “Connect” from the GKE instance drop down and run the “gcloud container clusters get-credentials quiz-cluster –zone us-central1-b –project {project_id}” command within Cloud Shell.
4) Build your docker images from Dockerfiles using the “gcloud build” command, to upload the docker image to Cloud Registry.
5) Load the gcr addresses into the “image” key value pair of your Kubernetes deployment.yaml file.

Question 53

What is best practice when it comes to building docker images and shipping docker images?

Answer 53

It is best practice not to build your application in the very same container that you ship and run. Instead we employ a mutl-stage build process in which one container builds the image and a seperate container receives only what is actually needed to run the application.

This is important to keep build and run code clean and to remove an unnecessary additional attack surface from the in-production container.

Question 54

Why do Linux containers use union file systems?

Answer 54

To efficiently encapsulate applications and their dependencies into a set of clean, minimal layers.

Question 55

Why do containers traditionally write data to a external data service?

Answer 55

Because a containers topmost layer’s contents are lost when the conatiner is no longer runnning.

Question 56

When you use Kubernetes, you describe the desired state you want, and Kubernetes’s job is to make the deployed system conform to your desired state and to keep it there in spite of failures. What is the name for this management approach?

Answer 56

Declarative configuration

Question 57

What is a stateful application?

Answer 57

An application that requires data to be stored persistently

Question 58

What is the name for the computers in a Kubernetes cluster that can run your workloads?

Answer 58

Nodes

Question 59

Which control plane component is the cluster’s database?

Answer 59

etcd

Question 60

What is the role of the kubelet?

Answer 60

To serve as Kubernetes’s agent on each node

Question 61

Which control plane component is the only one with which clients interact directly?

Answer 61

kube-apiserver

Question 62

In GKE clusters, how are nodes stood up?

Answer 62

As Compute Engine virtual machines

Question 63

What is the purpose of configuring a regional cluster in GKE?

Answer 63

To allow applications running in the cluster to withstand the loss of a zone

Question 64

In a manifest file for a Pod, in which field do you define a container image for the Pod?

Answer 64

spec

Question 65

What is the purpose of the Deployment object within Kubernetes?

Answer 65

To ensure that a defined set of Pods is running at any given time.

Question 66

What are the three primary types of services within Kubernetes?

Answer 66

1) ClusterIP: Exposes the service on an IP address that is only accessible from within this cluster. This is the default type.
2) NodePort: Exposes the service on the IP address of each node in the cluster, simiarly to ClusterIP, but this time at a specific port number.
3) LoadBalancer: Exposes the service externally, using a load balancing service provided by a cloud provider.

Question 67

What’s the difference between a Deployment and a StatefulSet in kubernetes?

Answer 67

The Pods created through Deployment are not given persistent identities, however; by contrast, Pods created using StatefulSet have unique persistent identities with stable network identity and persistent disk storage.

Question 68

What is a DaemonSet in kubernetes?

Answer 68

DaemonSet ensures that a specific Pod or Pods are always running on all or some subset of nodes.

For example, you might use a DaemonSet to ensure that a logging agent is running on all nodes within the cluster.

Question 69

You want to deploy multiple copies of your application, so that you can load balance traffic across them. How should you deploy this application’s Pods to the production Namespace in your cluster?

Answer 69

Create a Deployment manifest that specifies the number of replicas that you want to run.

Question 70

You need to ensure that the production applications running on your Kubernetes cluster are not impacted by test and staging deployments. Which features should you implement and configure to ensure that the resources for your production applications can be prioritized?

Answer 70

Configure Namespaces for Test, Staging and Production and configure specific Kubernetes resource quotas for the test and staging Namespaces.

Question 71

You have deployed a new Kubernetes Engine regional cluster with four machines in the default pool for the first zone and left the number of zones at the default. How many Compute Engine machines are deployed and billed against your account?

Answer 71

Twelve. (Four nodes are deployed in each of three zones. A control plane node is deployed in each zone but it is not billed against your account.)

Question 72

Which Kubernetes component does the kubectl command connect to in order to carry out operations on a cluster?

Answer 72

kube-apiserver

Question 73

You have a new logging and auditing utility that you need to deploy on all of the nodes within your cluster. Which type of controller should you use to handle this task?

Answer 73

DaemonSet

Question 74

When configuring storage for stateful applications, what steps must you take to provide file system storage inside your containers for data from your applications that will not be lost or deleted if your Pods fail or are deleted for any reason?

Answer 74

1) Create a StateFul Set.
2) Create a Volume.
3) Create a volumeClaim.

Question 75

How are kubectl commands structured?

Answer 75

kubectl [COMMAND] [OBJECT] [NAME] [flags]

Question 76

Which control plane component does the kubectl command interact with?

Answer 76

kube-apiserver

Question 77

What is the most common reason for a Pod to report CrashLoopBackOff as its state?

Answer 77

The Pod’s configuration is not correct.

Question 78

You want to have two versions of your application in production, but be able to shift a small percentage of traffic to the newer version as a gradual test. This is an example of which deployment strategy?

Answer 78

Canary Deployment

Question 79

You want to have two versions of your application in production, but be able to switch all traffic between them. This is an example of which deployment strategy?

Answer 79

Blue-Green Deployment

Question 80

What does the “maxUnavailable” field indicate during a rolling update in Kubernetes?

Answer 80

The maximum number of pods that can be down at any given time across the old and new replicasets of a rolling update.

This number can either be absolute or a percentage.

Question 81

What does the “maxSurge” field indicate during a rolling update in Kubernetes?

Answer 81

The maximum number of pods that can be created concurrently in a new replicaset.

For example, if you set maxSurge to 2 then the new replicaset can only create 2 new pods at a time.

This number can either be absolute or a percentage.

Question 82

Describe the purpose of the Job Scheduler within Kubernetes?

Answer 82

The Job Scheduler will take jobs (finite tasks) and schedule these tasks on a pod and monitors the pod until the task is complete.

If a pod failure occurs, and the task is not completed, the Job Scheduler will schedule the task to run on a different pod on a different node until it is complete.

Question 83

What are CronJobs within Kubernetes?

Answer 83

Use cronjobs to schedule jobs to run periodically at fixed times, dates, or intervals.

Question 84

What is a job within Kubernetes?

Answer 84

A Kubernetes Job is a workload controller that represents a finite task. Jobs differ from other controller objects in that Jobs manage the task as it runs to completion, rather than managing an ongoing desired state (such as the total number of running Pods).

Question 85

True or false: if you manually decrease the size of a node pool, any Pods on deleted nodes will be restarted on other nodes.

Answer 85

False

Question 86

True or false: if autoscaling decreases the size of a node pool, any Pods on deleted nodes that aren’t managed by a replication controller will be lost.

Answer 86

False

Question 87

What is the definition of the word affinity (generalised, not for Kubernetes)?

Answer 87

The degree to which a substance tends to combine with another.

Question 88

What methods can you use to control pod placement in Kubernetes?

Answer 88

nodeSelector - For a pod to run on a specific node, that nodemust match all of the labels defined under the nodeSelector field within a pod configuration file.

Affinity and Anti-Affinity - Able to set soft preferences aswell as hard requirements on which node pods are deployed on. For example, ensuring it only deploys to nodes with GPU or TCU acceleration…or that it is preferred to be deployed with a pod of the same label.

Question 89

What is the difference between Affinity and Taints in Kubernetes?

Answer 89

Affinity is used to attract pods into the same node and / or zone based upon rulesets. Anti-affinity is used to repel pods from other pods in the same node and / or zone based upon rulesets.

By contrast you configure Taints on Nodes and the rules apply to all pods within the cluster.

Question 90

If a Taint ruleset is preventing you from scheduling a pod in any node, what can you do?

Answer 90

Apply a “Toleration” in the Pod to counteract the effect of a taint that would otherwise prevent the pod from being scheduled.

Question 91

What command do you use to create a service within Kubernetes?

Answer 91

kubectl expose

Question 92

How do you get a list of autoscale configurations in the command line?

Answer 92

kubectl get hpa

Question 93

You are configuring the rollout strategy for your Deployment that contains 8 Pods. You need to specify a Deployment property that will ensure at least 75% of the desired number of Pods is always running at the same time. What property and value should you set for the deployment to ensure that this is the case?

Answer 93

maxUnavailable=25%

Question 94

What status or event is used by the GKE autoscaler to decide when scaleout is required and a new node needs to be added?

Answer 94

When the scheduler cannot schedule a Pod due to resource constraints and the Pod has been marked as unschedulable.

Question 95

A parallel Kubernetes Job is configured with parallelism of property of 4 and a completion property of 9. How many Pods are kept in a running state by the Job controller immediately after the sixth successful completion?

Answer 95

3

Question 96

With a Kubernetes Job configured with a parallelism value of 3 and no completion count what happens to the status of the Job when one of the Pods successfully terminates?

Answer 96

The entire Job is considered complete and the remaining Pods are shut down.

Question 97

You have made a number of changes to your deployment and applied those changes. Which command should you use to rollback the environment to the deployment identified in the deployment history as revision 2?

1) Run ‘kubectl rollout undo deployment –to-revision=2’.
2) Run ‘kubectl apply -f DEPLOYMENT_FILE –to-revision=2’.
3) Run ‘kubectl rollout undo deployment ‘ twice.
4) Select the desired revision from the revision history list in the Google Cloud console.

Answer 97

1) Run ‘kubectl rollout undo deployment –to-revision=2’.

Question 98

When specifying Inter-pod affinity rules, you need to specify an affinity rule at the zone level, not at the individual Node level. Which additional parameter in the Pod manifest YAML must you set to apply this override?

1) label: failure-domain.beta.kubernetes.io/zone
2) zone: failure-domain.beta.kubernetes.io/zone
3) topologyKey: failure-domain.beta.kubernetes.io/zone
4) matchLabels: failure-domain.beta.kubernetes.io/zone

Answer 98

3) topologyKey: failure-domain.beta.kubernetes.io/zone

Question 99

After a Deployment has been created and its component Pods are running, which component is responsible for ensuring that a replacement Pod is launched whenever a Pod fails or is evicted?

Answer 99

ReplicaSet

Question 100

How do you configure a Kubernetes Job so that Pods are retained after completion?

1) Set an activeDeadlineSeconds value high enough to allow you to access the logs.
2) Configure the backofflimit parameter with a non-zero value.
3) Set a startingDeadlineSeconds value high enough to allow you to access the logs.
4) Configure the cascade flag for the Job with a value of false.

Answer 100

4) Configure the cascade flag for the Job with a value of false.

Question 101

You are configuring a Job to process the conversion of a sample of a large number of video files from one format to another. Which parameter should you configure to ensure that you stop processing once a sufficient quantity have been processed?

Answer 101

completions=n

Question 102

In GKE, what is the source of the IP addresses for Pods?

Answer 102

Address ranges assigned to your Virtual Private Cloud

Question 103

Which statement is true about Kubernetes networking?

1) Each Pod in a cluster has a unique IP address.
2) Each Pod in a node has a unique IP address, but IP addresses might be duplicated among nodes.
3) Each container in a cluster has a unique IP address.

Answer 103

1) Each pod in a cluster has a unique IP address

Question 104

What is the difference between a NodePort and a LoadBalancer service within Kubernetes?

Answer 104

NodePort is a simplified version of the LoadBalancer service, however you have toconfigure the Nodeport security walls and firewalls yourself.

LoadBalancer gives you the benefit of using the cloud provider’s load balancer service, bypassing all the configuration headache.

Question 105

What happens when you create an Ingress within GKE?

Answer 105

Exposes defined services via a single public IP address bound to HTTP load balancer.

Question 106

How does an Ingress resource decide how to route incoming requests?

Answer 106

By a combination of the host name and resource path requested.

Question 107

What is the purpose of enabling network policies in a Kubernetes cluster?

Answer 107

To restrict network access from a Pod to other Pods and Services inside the cluster.

Question 108

Describe the 3 most common types of Load Balancing in GKE, what resource they create within Google Cloud and their typical usage scenario?

Answer 108

1) ClusterIP Service - Sets up a GKE network - Used for internal applications and for clustering microservices.
2) LoadBalancer Service - Google Cloud Network Load Balancer (Regional) - Used for clustered microservices that need to communicate with external services to the cluster.
3) Ingress Object - Google Cloud HTTP(S) Load Balancer (Global) - Application front ends.

Question 109

What is the primary difference between Secrets and ConfigMaps?

Answer 109

Secrets are intended for use with security-sensitive data, such as private keys, while ConfigMaps are intended for use with general-purpose configuration information.

Question 110

How can a Pod request persistent storage without specifying the details of how that storage is to be implemented?

Answer 110

By using a PersistentVolumeClaim

Question 111

What happens if a Pod fails while it is using a persistent volume?

Answer 111

The volumes are unmounted from the failing Pod, and they continue to exist with their last contents.

Question 112

An application owner has created a Pod manifest using a PersistentVolumeClaim with a StorageClassName value of standard. What type of storage is used for this volume in a GKE Cluster?

Answer 112

Google Persistent Disk.

Question 113

A stateful set consists of four Pods that are named Demo-0, Demo-1, Demo-2 and Demo-3. The StatefulSet originally only had two replica Pods but this was recently increased to four replicas. An update is being rolled out to this StatefulSet using the RollingUpdate updateStrategy type. Which Pod will be the last member of the StatefulSet to be updated?

Answer 113

Demo-0

Question 114

A stateful set consists of four Pods that are named Demo-0, Demo-1, Demo-2 and Demo-3; with matching volumeClaims called Demo-0 to Demo-3 assigned by the StatefulSet. Demo-1 Pod has failed and the StatefulSet controller deploys a new Pod to replace it. What will the new Pod be called and what storage volume is attached to it?

Answer 114

The new Pod will be called Demo-1 and will have the existing Demo-1 volume attached to it.

Question 115

Which authentication method is enabled by default in GKE clusters of version 1.12 and later?

Answer 115

OpenID Connect

Question 116

What is the purpose of Kubernetes RBAC?

Answer 116

Offers control over kubernetes resources within the cluster supplementing the control provided directly by cloud IAM which allows you to control access at the gke and cluster level.

Question 117

True or false: Kubernetes RBAC offers both “allow” and “deny” rules.

Answer 117

Fasle.

In Kubernetes RBAC, there are no “deny” rules. If no rule grants a user a verb on a given resource, that user can’t do the action.

These arelisted within an array within the Role manifest file.

Question 118

Which statement is true about Kubernetes networking?

1) Each container in a cluster has a unique IP address.

2) Each Pod in a node has a unique IP address, but IP addresses might be duplicated among nodes.
check

3) Each Pod in a cluster has a unique IP address.

Answer 118

3) Each Pod in a cluster has a unique IP address.

Containers run on ports on that IP address.

Question 119

In GKE, what is the source of the IP addresses for Pods?

Answer 119

Address ranges assigned to your Virtual Private Cloud

Question 120

You want to implement account controls that will allow you to grant junior admin users the ability to view details about production clusters and applications, and to be able to fully manage test and lab resources inside your GKE cluster environments. Which account control mechanism will provide you with the level of granular control that is required for this type of user?

Answer 120

Kubernetes Roles Based Access Controls (RBAC)

Question 121

What is the role of Prometheus in a Kubernetes cluster?

Answer 121

To allow applications to expose application-specific metrics.

Question 122

What are the two types of probes in Kubernetes and how should they be used?

Answer 122

Liveness probe - Is the container running? If not, restart the container

Readiness probe - Is the container ready to accept requests? Is it still booting? Is it still processing the previous request?

Question 123

You are unable to find any logs in Cloud Logging for an issue with a Pod that occurred 2 months ago. You know that events were logged at the time for this issue. Why can you no longer find these logs?

Answer 123

They have been deleted by Cloud Logging as it only retains informaiton for 30 days.

If longer retention of logging is required, consider exporting to BigQuery.

Question 124

You have configured both a Readiness probe and Liveness probe for a critical application component. Shortly after the application has started, the Pod is running, but the Readiness probe is failing. What effect does this have on the application’s Pods and Services?

1) The Pod will be restarted continuously until the Readiness Probe succeeds.
2) Additional replica Pods are started until the Readiness Probe succeeds.
3) The Service will ignore the Pod until the Readiness Probe succeeds.
4) The Service is disabled until the Readiness Probe succeeds.

Answer 124

3) The Service will ignore the Pod until the Readiness Probe succeeds.

Question 125

You are troubleshooting an issue which happened in the last hour. You execute the command ‘kubectl logs –since=3h demo-pod’. However, the events you are looking for do not appear in the output. What is the likely cause?

Answer 125

The log file was greater than 100MB in size and it has been rotated.

Question 126

What are the steps you would take to use Google Cloud managed services from an application running in GKE?

Answer 126

1) Create a new service account
2) Give the service account a Cloud IAM role with least privilege
3) Store its credential in a Kubernetes secret
4) Use the credential in API calls to the service.

Question 127

You are configuring applications that need access to Google managed storage services. The applications will be deployed to your GKE clusters. How should you provide the credentials to the applications so that they are protected?

Answer 127

Create Kubernetes Secrets containing the account credential files and present those to the containers as environment variables or Secret Volumes.