Containers

Question 1

Binary Authorization

Answer 1

Ensures only trusted containers run in infrastructure (K8 and Cloud Run)
Requires images signed by trusted provider
Verifies signature before releasing image

Question 2

Node affinity labels

Answer 2

Used to group nodes and schedule VMs on specific nodes

Question 3

K8 API Server

Answer 3

Apps make calls to master via API server

Handles intercluster interactions

Question 4

K8 scheduler

Answer 4

Determines where to run pods

Question 5

etcd

Answer 5

Distributed key value store for state info across a cluster

Question 6

K8 control plane components (4)

Answer 6

Controller Manager
API server
Scheduler
etcd

Question 7

kubelet

Answer 7

Agent in nodes that communicate with cluster master

Question 8

kube-proxy

Answer 8

Network proxy on each node that implements rules for network communication inside and outside cluster

Question 9

GKE supported runtimes (4)

Answer 9

Docker *deprecated soon
containerd
CRI-O
Runtimes that implements K8 Container Runtime Interface (CRI)

Question 10

Components in nodes (3)

Answer 10

kubelet
kube-proxy
container runtime

Question 11

PersistentVolumes

Answer 11

Persistent storage for pods

Question 12

StatefulSets

Answer 12

Pods that are stateful

Clients paired with pod

Question 13

Ingress Controller

Answer 13

Controller that controls external access to services in a cluster

Question 14

Node pool

Answer 14

Set of clusters with the same config and node label

Question 15

GKE modes of operation (2)

Answer 15

Standard

Autopilot - preconfigured, managed

Question 16

GKE cluster zone and region options (3)

Answer 16

Zonal - 1 control plane in 1 zone, nodes and control in same zone

Multizonal - 1 control plane in 1 zone, nodes in multiple zones

Regional - replicas of control plane in multiple zones in 1 region, node pools replicated across 3 zones by default

Question 17

VPC native cluster

Answer 17

Uses alias IPs to route traffic between pods

Question 18

Routes-based cluster

Answer 18

Uses Google Cloud routes to route traffic between pods

Question 19

K8 supported IPs (3)

Answer 19

Cluster IP - fixed to a service

Pod IP - ephemeral IP for a pod

Node IP - IP of a node

Question 20

ClusterIP

Answer 20

Default service type

Internal clients send requests to stable internal IP

Makes service reachable from WITHIN the cluster

Question 21

NodePort

Answer 21

External clients sends request to IP of a node on static nodePort specified by the service

Question 22

LoadBalancer (service type)

Answer 22

Clients send requests to IP of a network load balancer

Question 23

Fleet

Answer 23

Group of multiple clusters (managed as one)

Question 24

All Anthos deployment types include…(2)

Answer 24

Anthos Service Mesh

Anthos Config Management

Question 25

Anthos Service Mesh features (4)

Answer 25

Traffic control for HTTPS
Metrics, logs, traces for HTTP traffic
Authentication and authorization with service level
Support for A/B testing and canary rollouts

Question 26

Anthos Config Management

Answer 26

Cluster configuration

Policy Controller - security and auditing rules across fleet

Question 27

Anthos Service Mesh deployment options (3)

Answer 27

In-cluster control plane
- Istiod service manages security, traffic, config, service discovery

Managed Anthos Service Mesh

• Google managed control plane (upgrades, scaling, security)
• Option to enable Google managed data plane by installing in-cluster controller that manages sidecar proxies

Anthos Service Mesh for Compute Engine VMs
- Observe, secure, manage traffic of MIGs in mesh

Question 28

Anthos deployment options (4)

Answer 28

GKE - GCP hosts control plan and manages nodes
On-Prem - Anthos clusters on VMware
Multi-Cloud - Anthos clusters in AWS or Azure
Attached Cluster - Anthos only manages Anthos services running in clusters (third party K8 distribution)

Question 29

Scaling GKE workloads

- Automatic options (3)

Answer 29

Horizontal pod autoscaler
Vertical pod autoscaler
Node auto-provisioning (scale underlying compute resources)

Question 30

GKE Usage Metering

Answer 30

Analyzes cluster usage by namespaces and labels