EKS Flashcards

Question 1

Q

What is EKS?

Answer

A

A managed service that allows you to run Kubernetes on AWS without installing, operating, or maintaining your own Kubernetes control plane or nodes.

Question 2

Q

What AWS services can EKS integrate with?

Answer

A

-Amazon ECR for container images
-Elastic Load Balancing for load distribution
-IAM for authentication
-Amazon VPC for isolation

Question 3

Q

What does an EKS cluster consist of?

Answer

A

-EKS Control Plane
-EKS Nodes

Question 4

Q

What does EKS Control Plane do?

Answer

A

-It is made up of nodes that run the Kubernetes software (API server & ).
-Each cluster is single-tenant and unique, and runs on its own set of EC2 instances.
-Cluster control plane is provisioned across multiple AZs and fronted by an ELB Network Load Balancer.
-Use AWS KMS to encrypt data stored by nodes and associated EBS volumes.

Question 5

Q

What are EKS Nodes?

Answer

A

-A cluster consists of one or more EC2 nodes on which pods are scheduled.
-Connects to the cluster’s control plane via the API server endpoint.

Question 6

Q

True/False. The API server endpoint is not public to the internet by default, but you can enable private access to keep communication between nodes and the API server within the VPC.

Answer

A

False. The API server endpoint IS public to the internet by default, but you can enable private access to keep communication between nodes and the API server within the VPC.

Question 7

Q

What autoscaling products does EKS support?

Answer

A

-Cluster Autoscaler – uses AWS Auto Scaling groups.
-Karpenter – works directly with the Amazon EC2 Fleet.

Question 8

Q

True/False. By default, cluster control plane logs aren’t sent to CloudWatch Logs. In order to send logs for your cluster, you have to enable each log type individually.

Question 9

Q

What authentication and authorization does an EKS cluster use?

Answer

A

EKS cluster uses IAM / OIDC for authentication and Kubernetes RBAC for authorization.

Question 10

Q

True/False. Nodes must not be in the same VPC as the subnets you chose when creating a cluster.

Answer

A

False. Nodes MUST BE in the same VPC as the subnets you chose when creating a cluster.

Question 11

Q

What do Nodes represent from the perspective of the Kubernetes API?

Answer

A

From the perspective of the Kubernetes API, nodes represent the compute resources provisioned for your cluster.

Question 12

Q

What prevents PODs from being scheduled on the wrong nodes?

Answer

A

Taints and tolerations prevent pods from being scheduled on the wrong nodes.

Question 13

Q

True/False. (Self-Managed Nodes) A cluster can have several node groups.

Question 14

Q

True/False. (Self-Managed Nodes) A node group is a collection of one or more EC2 instances deployed in an Amazon EC2 Auto Scaling group.

Question 15

Q

(Self-Managed Nodes) What characteristics must an instance have in a Node Group?

Answer

A

-Same instance type
-Running the same AMI
-Uses the same EKS node IAM role

Question 16

Q

True/False. (Self-Managed Nodes) Node groups with different instance types and host operating systems cannot exist in a cluster.

Answer

A

False. Node groups with different instance types and host operating systems CAN exist in a cluster.

Question 17

Q

(Self-Managed Nodes) What methods are used for updating self-managed Node Groups in a cluster to use a new AMI?

Answer

A

-Migrating to a new node group
-Updating an existing self-managed node group

Question 18

Q

What are Managed Node Groups?

Answer

A

Automates the provisioning and lifecycle management of nodes in EKS clusters.

Question 19

Q

True/False. Every managed node is provisioned as part of Amazon EC2 Auto Scaling group.

Question 20

Q

True/False. When nodes are launched as part of a managed node group, they are not automatically tagged for auto-discovery by Kubernetes Cluster Autoscaler.

Answer

A

False. When nodes are launched as part of a managed node group, they ARE automatically tagged for auto-discovery by Kubernetes Cluster Autoscaler.

Question 21

Q

True/False. (Managed node groups) Use node group to apply Kubernetes labels to nodes.

Question 22

Q

True/False. Multiple managed node groups can exist in a single cluster.

Question 23

Q

What options do you have when creating Managed Node Groups?

Answer

A

you have the option of selecting On-Demand or Spot instances

Question 24

Q

How do applications remain available in a Managed Node Group?

Answer

A

To ensure that your applications remain available, node updates and terminations drain nodes automatically.

Question 25

Q

What kind of Nodes can you have with EKS?

Answer

A

-Managed Node Groups
-Self Managed Node Groups
-AWS Fargate

Question 26

Q

What must you do first before scheduling PODs on Fargate in your cluster?

Answer

A

You must first define a Fargate profile before scheduling pods on Fargate in your cluster.

Question 27

Q

True/False. If a pod matches more than one Fargate profile, Amazon EKS picks one at random.

Question 28

Q

Are Fargate Profiles immutable and what components do they contain?

Answer

A

Yes.
-Pod execution role
-Subnets
-Selectors
-Namespace
-Labels

Question 29

Q

True/False. Fargate runs only one pod per node.

Question 30

Q

True/False. Regarding Fargate, Pod storage is not ephemeral, and data is encrypted with AWS Fargate managed keys.

Answer

A

False. Pod storage IS ephemeral, and data is encrypted with AWS Fargate managed keys.

Question 31

Q

Regarding Fargate, how do you encrypt ephemeral POD storage?

Answer

A

To encrypt ephemeral pod storage, you can use AWS Fargate managed keys.

Question 32

Q

How are Workloads deployed?

Answer

A

Workloads are deployed in containers and define the applications that run on a Kubernetes cluster

Question 33

Q

Can a POD contain one or more containers?

Question 34

Q

What adjusts your PODs’ CPU and memory reservations?

Answer

A

Vertical Pod Autoscaler adjusts your pods’ CPU and memory reservations.

Question 35

Q

What adjusts the number of PODs in a deployment?

Answer

A

Horizontal Pod Autoscaler adjusts the number of pods in a deployment, replication controller, or replica set based on CPU utilization.

Question 36

Q

What does an EKS connector do?

Answer

A

Enables you to register and connect any Kubernetes cluster to AWS.

Question 37

Q

How can you view the status, configuration, and workloads of a cluster?

Answer

A

You can view the status, configuration, and workloads of the cluster in the Amazon EKS console after it has been connected.

Question 38

Q

What is Container Storage Interface (CSI)?

Answer

A

Container Storage Interface (CSI) enables third-party storage providers to create and deploy plugins in Kubernetes that provide alternative storage systems without modifying the core Kubernetes code.

Question 39

Q

How is the lifecycle of persistent volumes, such as EBS volumes handled?

Answer

A

The lifecycle of persistent volumes, such as EBS volumes, is handled by EKS clusters.

Question 40

Q

What does EBS CSI need to make calls to the AWS APIs?

Answer

A

To make calls to AWS APIs, the EBS CSI plugin requires IAM permissions.

Question 41

Q

True/False. Although the Amazon EBS CSI controller can be run on Fargate, volumes cannot be mounted to Fargate pods.

Question 42

Q

True/False. You can also manage the EBS CSI driver as an EKS add-on.

Question 43

Q

True/False. EKS clusters do not manage the EFS file system lifecycle.

Answer

A

False. EKS clusters manage the EFS file system lifecycle.

Question 44

Q

True/False. Container images based on Windows are compatible with the EFS CSI driver.

Answer

A

False. Container images based on Windows are INCOMPATIBLE with the EFS CSI driver.

Question 45

Q

True/False. Regarding EFS CSI driver, Fargate nodes only support static provisioning.

Question 46

Q

True/False. A pod running on Fargate automatically mounts an EFS file system.

Question 47

Q

True/False. EKS clusters cannot manage the lifecycles of FSx file systems.

Answer

A

False. EKS clusters CAN also manage the lifecycles of FSx file systems.

Question 48

Q

True/False. Fargate does not support the Lustre CSI driver.

Question 49

Q

What is Amazon FSx for NetApp ONTAP CSI driver?

Answer

A

A storage service for fully-managed ONTAP file systems in the cloud.

Question 50

Q

What ways can you create a VPC for an EKS cluster?

Answer

A

-Private Subnets
-Public Subnets
-Public and Private Subnets

Question 51

Q

EKS networking, how are private subnets distributed across different AZs?

Answer

A

Three private subnets are distributed across different AZs.

Question 52

Q

How can EKS nodes send/receive internet traffic in a Private subnet?

Answer

A

Nodes have the option of sending and receiving internet traffic via a NAT instance or NAT gateway.

Question 53

Q

EKS networking, how are public subnets distributed across different AZs?

Answer

A

Three public subnets are distributed across different AZs.

Question 54

Q

True/False. Nodes are assigned public IPv4 addresses by default and can send and receive internet traffic via an internet gateway.

Question 55

Q

True/False. When cluster endpoints are in a public subnet they cannot be accessed from outside your VPC. Traffic from worker nodes will leave your VPC to connect to the endpoint.

Answer

A

False. The cluster endpoint CAN be accessed from outside your VPC. Traffic from worker nodes will leave your VPC to connect to the endpoint.

Question 56

Q

True/False. EKS clusters can be in both a public and private subnet.

Question 57

Q

How are EKS cluster assigned network addresses when configured with both private and public subnets?

Answer

A

-Nodes are deployed to private subnets.
-Load balancers are assigned to public subnets to load balance traffic to pods running on nodes.

Question 58

Q

True/False. Public IPv4 addresses are automatically assigned to nodes deployed in public subnets.

Question 59

Q

True/False. IPv6 addresses cannot be assigned to nodes in both public and private subnets.

Answer

A

False. IPv6 addresses CAN be assigned to nodes in both public and private subnets.

Question 60

Q

When EKS clusters are in both a private and public subnet, how can the POD talk to the internet?

Answer

A

A NAT gateway (IPv4) or an egress-only Internet gateway (IPv6) can be used to allow pods to communicate outbound to the internet.

Question 61

Q

When EKS is in both a private and public subnet, how can cluster endpoints be accessed?

Answer

A

The cluster endpoint can be accessed from outside your VPC. Traffic from worker nodes to the endpoint will remain within your VPC.

Question 62

Q

What allows communication between the control plane and the cluster’s compute resources?

Answer

A

The cluster security group manages communication between the control plane and the cluster’s compute resources (worker nodes and Fargate pods).

Question 63

Q

True/False. You can use AWS PrivateLink to privately access the management APIs of Amazon EKS from within your VPC.

Question 64

Q

With POD networking, how are private IP addresses assigned to each POD?

Answer

A

Container Network Interface (CNI) is a plugin that assigns a private IPv4/IPv6 address from VPC to each pod.

Answer 47

A

-L-IPAM daemon
-CNI plugin

Answer 48

A

-Creates and attaches network interfaces to EC2 instances.
-Assigns secondary IP addresses to network interfaces.
-Maintains a warm pool of IP addresses that will be assigned to pods on each node.

Answer 49

A

Configures the host network and adds the correct network interface to the pod namespace.

Answer 50

A

False. With security groups for pods, you can control the inbound and outbound network traffic to and from your pods.

Answer 51

A

Attach multiple network interfaces to a pod using the Multus CNI plugin.

Answer 52

A

It is a tool that allows you to:
-Scrape network interface and IP address information.
-Aggregate metrics at the cluster level.
-Publish the cluster’s CNI metrics to CloudWatch.

Answer 53

A

It is in charge of managing AWS Elastic Load Balancers in a Kubernetes cluster and provisions the following load balancers:
-ALB when you create a Kubernetes .
-NLB when you create a Kubernetes service of type .

Answer 54

A

A DNS service within EKS clusters that allows individual containers to easily discover and connect to other containers in the cluster.

Answer 55

A

By default, two replicas of the CoreDNS image are deployed to an EKS cluster.

Answer 56

A

-Maintains network rules on each Amazon EC2 node.
-Enables network communication to pods from network sessions inside/outside of the cluster.

Answer 57

A

-A network policy engine to implement network segmentation and tenant isolation.
-Pod selectors and labels can be used to assign network policies to pods.

Answer 58

A

False. By default, IAM users and roles do not have permission to create or modify Amazon EKS resources. An IAM administrator must first create IAM policies and attach them to the IAM users or groups that require those permissions.

Answer 59

A

To grant additional AWS users or roles access to a cluster, edit the within Kubernetes and create a Kubernetes or with the name of a group specified in the .

Answer 60

A

A service-linked role is predefined by Amazon EKS and includes all of the permissions that the service requires to call other AWS services. You can use this roles for:
-EKS clusters
-EKS node groups
-EKS Fargate profiles
-EKS cluster connecto

Answer 61

A

-AmazonEKSWorkerNodePolicy
-AmazonEC2ContainerRegistryReadOnly
-AmazonEKS_CNI_Policy (IPv4) or IPv6 policy

Answer 62

A

False. To view a Kubernetes cluster to Amazon EKS, you will need to create an Amazon EKS connector IAM role.

Answer 63

A

You can use or the AWS Management Console to create an OIDC provider for your cluster in order to use IAM roles for service accounts.

Answer 64

A

-API server (kube-apiserver)
-Audit (kube-apiserver-audit)
-Authenticator (authenticator)
-Controller manager (kube-controller-manager)
-Scheduler (kube-scheduler)

Answer 65

A

Logs are sent as log streams to a group in Amazon CloudWatch for each Amazon EKS cluster.

Answer 66

A

False. You CAN deploy your Kubernetes cluster in various ways in AWS and can include additional networking add-ons to improve your containerized architecture.

Answer 67

A

-Amazon EKS cluster in your AWS account
-Amazon EKS on AWS Outposts
-Amazon EKS Anywhere
-Amazon EKS Distro.

Answer 68

A

False. You ARE charged for the AWS resources that you create to run Kubernetes worker nodes in Amazon EC2 with Amazon EKS managed node groups.

Answer 69

A

In Amazon EKS on AWS Fargate, you are charged for the vCPU and memory resources.

Brainscape's Knowledge GenomeTM

EKS Flashcards

Brainscape's Knowledge Genome^TM