Container Orchestration

Question 1

What two problems do containers solve?

Answer 1

1) Managing the dependencies of an application
2) Runs much more efficiently than spinning up a lot of virtual machines

Question 2

What is one of the earliest ancestors of modern container technologies?

Answer 2

chroot

Question 3

What does the “chroot” command do?

Answer 3

The chroot command can isolate a process from the root filesystem, “hide” the files from the process and simulate a new root directory.

Question 4

What are the eight namespaces of the Linux 5.6 Kernel?

Answer 4

1) pid (process id)
2) net (network)
3) mnt (mount)
4) ipc (inter-process communication)
5) user
6) uts (Unix time sharing)
7) cgroup
8) time

Question 5

What is the difference between a virtual machine and a container?

Answer 5

A virtual machine emulates a complete machine and has its operating system and kernel. Containers share the kernel of the host machine and are isolated processes.

Question 6

True or False

You need to use Docker to run industry-standard containers.

Answer 6

False

Question 7

What’s the name of the container runtime reference implementation that the Open Container Initiative maintains?

Answer 7

runC

Question 8

What is the primary use of runC?

Answer 8

runC is a low-level runtime used in a variety of tools to start containers, including Docker.

Question 9

What does the runtime-spec describe?

Answer 9

The runtime-spec describes how to unpack a container image and manage the complete container lifecycle.

Question 10

__________ provides a similar API as Docker and can be used as a drop-in replacement.

Answer 10

Podman

Question 11

What is a container image?

Answer 11

A container image is a lightweight, standalone, executable package of software that includes everything needed to run an application, including code, runtime, system tools, system libraries and settings.

Question 12

What do container images consist of?

Answer 12

Container images consist of a filesystem bundle and metadata.

Question 13

Images can be built by reading the instructions from a buildfile called a __________.

Answer 13

Dockerfile

Question 14

What is the purpose of a container registry?

Answer 14

Container registries act as a container distribution serve, where developers can upload and download different container images.

Question 15

What is one of the biggest security risks of containers and why?

Answer 15

One of the biggest security risks of containers is that they share the same kernel as the machine they run on. This is a security risk because containers can run kernel processes with elevated privileges, which could unintentionally alter the host system.

Question 16

True or False.

Public image registries are completely safe to use.

Answer 16

False

Question 17

What are the 4C’s of Cloud Native security?

Answer 17

Code, container, cluster, cloud

Question 18

What problems can be solved by container orchestration?

Answer 18

1) Providing compute resources like virtual machines where containers can run on
2) Schedule containers to servers in an efficient way
3) Allocate resources like CPU and memory to containers
4) Manage the availability of containers and replace them if they fail
5) Scale containers if load increases
6) Provide networking to connect containers together
7) Provision storage if containers need to persist data

Question 19

What do container orchestration systems provide?

Answer 19

Container orchestration systems provide a way to build a cluster of multiple servers and host the containers on top.

Question 20

A ________ is responsible for the management of containers and __________ host the containers.

Answer 20

Control plane; worker nodes

Question 21

__________ namespaces allow each container is have their own unique ___________.

Answer 21

Network; IP address

Question 22

True or False.

Containers have the ability to map a port from the container to a port from the host system.

Answer 22

True

Question 23

What is the chroot isolated environment sometimes called?

Answer 23

chroot jail

Question 24

Define Service Discovery.

Answer 24

Service Discovery is finding other services in the network and requesting information about them.

Question 25

In container orchestration, where is service information stored?

Answer 25

In a Service Registry

Question 26

What are the two most-used approaches to Service Discovery?

Answer 26

DNS and Key-Value-Store

Question 27

What is a proxy?

Answer 27

A proxy is a server application that sits between the client and server and can modify or filter network traffic before it reaches the server.

Question 28

What are some common proxy technologies?

Answer 28

1) nginx
2) haproxy
3) envoy

Question 29

What does a service mesh do?

Answer 29

A service mesh adds a proxy server to every container.

Question 30

What are the two most popular service meshes?

Answer 30

1) istio
2) linkerd

Question 31

The proxies in a service mesh form a ______ ______.

Answer 31

data plane

Question 32

What does a data plane do?

Answer 32

Data planes implement network rules and shape traffic flow.

Question 33

Networking rules are managed centrally in the ______ ______ of a service mesh.

Answer 33

control plane

Question 34

What does a service mesh control plane do?

Answer 34

It defines how traffic flows between services and what configuration should be applied to the proxies.

Question 35

If a container needs to persist data on a host, a ______ can be used to achieve that.

Answer 35

Volume

Question 36

What is the primary weakness of container volumes?

Answer 36

They give access to the host filesystem.

Question 37

Container orchestration systems like Kubernetes can help to mitigate the problems with using container volumes, but always require a robust ______ _______ system that is attached to the host servers.

Answer 37

Central storage