Implement IaaS solutions, Containers Flashcards

1
Q

What is ACR Tasks

A

Eliminates the need for local docker engine installation.

ACR tasks runs docker build operations in the cloud. Supports 3 step types:
build
push
cmd (used to run other docker commands)

The az acr build command in the Azure CLI takes a context (the set of files to build), sends it to ACR Tasks and, by default, pushes the built image to its registry upon completion.

All start with az acr

Group tasks in a yaml file for multi-step tasks, such as multiple registries involved.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is meant by Fabric Clusters

A

A Service Fabric cluster is a network-connected set of virtual or physical machines into which your microservices are deployed and managed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How to make a container from an app and then push to Azure

A

1) Start with a docker file (sequence of commands to build an image)
2) docker build to create a new image from dockerfile, use -t (tag, put name and version)
3) Create ACR if doesn’t exist (az acr create)
4) Get the loginServer name of the ACR: az acr show –name –query loginServer –output table
5) Sign into ACR with az acr login
6) Tag the image with the fully qualified name of your registry login server: docker tag azure-vote-front .azurecr.io/azure-vote-front:v1
7) Push image: docker push .azurecr.io/azure-vote-front:v1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

CLI Command to Create Azure Container Registry

A

az acr create –resource-group –name –sku Basic –admin-enabled true

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is meant by container registry replication?

A

If you’ve configured your registry for geo-replication, when you push your image, your image is automatically replicated to each region with this single docker push command.

Can be done in the Portal or in Azure CLI:
az acr replication create –registry –location

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

True or false? Container Replication View can be looked up in Azure Portal

A

True.
Azure portal –> Replications for an Azure Container Registry displays a map that details current replications. Container images can be replicated to additional regions by selecting the regions on the map.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

True of False? Container replication is possible by using the Portal and CLI?

A

True. Btw, geo-replication requires Premium tier registry.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following is not a benefit of using Azure Container Registry?

  • Replicate container images to multiple Azure datacenters.
  • Pull container images using any Docker container-related technology.
  • Allow public access to container images for pull operations.
  • Build container images without the need for locally installed Docker tools.
A

Allow public access to container images for pull operations.

Azure Container Registry is a private registry. Images cannot be accessed without authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Suppose you use container images to run compute workloads in multiple regions throughout the world. You plan to enable the geo-replication feature of Azure Container Registry to decrease the time required to provision an instance. In which regions should you configure the Azure Container Registry geo-replication feature?

  • Place a container registry in the region closest to your development team.
  • Place a container registry in each region where images are run.
  • Place a container registry in every Azure region.
A

Place a container registry in each region where images are run.

Placing a registry in each region that runs the images will ensure network-close registry access everywhere it is needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

In general, what is Azure Container Registry

A

Hosts container images, similar to Docker Hub. But only private images.

From Docs:
An Azure container registry stores and manages private Docker container images, similar to the way Docker Hub stores public Docker images.

You can use the Docker command-line interface (Docker CLI) for login, push, pull, and other operations on your container registry.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How does a basic Dockerfile looks like?

A

Every Dockerfile must start with the FROM instruction. The idea behind is that you need a starting point to build your image. You can start FROM scratch, scratch is an explicitly empty image on the Docker store that is used to build base images like Alpine, Debian and so on. Everything else is addon, modifiny the image

FROM node:8.9.3-alpine
RUN mkdir -p /usr/src/app
COPY ./app/ /usr/src/app/
WORKDIR /usr/src/app
RUN npm install
CMD node /usr/src/app/index.js
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the Syntax for creating a Docker Tag

A

docker tag

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is required for a container instance to be exposed to the internet?

A

A DNS Name. The DNS name must be unique.

Azure Container Instances enables exposing your container groups directly to the internet with an IP address and a fully qualified domain name (FQDN).

When you create a container instance, you can specify a custom DNS name label so your application is reachable at customlabel.azureregion.azurecontainer.io.

az container create –resource-group myResourceGroup –name mycontainer –image mcr.microsoft.com/azuredocs/aci-helloworld –dns-name-label aci-demo –ports 80

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How to specify the DNS name for a Container using CLI

A

–dns-name-label parameter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are container restart policies?

A

Restart policies define how Containers should be restarted.

  • Always (Default), good for long running tasks like web servers
  • Never, containers run one time only
  • OnFailure, for short tasks. Run at least once and restarted when exit code != 0
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

When Azure Container Instances stops a container whose restart policy is Never or OnFailure, what is the status of the container set to?

A

Terminated

17
Q

What should you do when you need to troubleshoot a container or the application it runs?

A

Start by viewing the container instance logs:
az container logs –resource-group myResourceGroup –name mycontainer

You can also attach your local console to the container’s output string:
az container attach –resource-group myResourceGroup –name mycontainer

18
Q

How to pass arguments to a container during start

A

Use –environment-variables arg of command az container create

19
Q

How to pass secure arguments during container start

A

Use –secure-environment-variables instead of –environment-variables

20
Q

What are container data volumes

A

By default, Azure Container Instances are stateless. If the container crashes or stops, all of its state is lost. To persist state beyond the lifetime of the container, you must mount a volume from an external store.

21
Q

Common Steps to create a azure storage for containers?

A

1) Create a storage account
2) Copy the connection string of storage account to AZURE_STORAGE_CONNECTION_STRING, using export command
3) Get Storage Key
4) Deploy Container and mount the file share using various –azure-file-volume- parameters for az container create command

22
Q

What is AZURE_STORAGE_CONNECTION_STRING

A

A special azure environment variable to store connection strings, understood by Azure CLI

23
Q

How to troubleshoot container instances

A

1) Get logs with az container logs
2) Get diagnostics with az container attach
3) Run az container exec to run programs directly in the container, for example start /bin/sh to use ls to list folder content

24
Q

What does ‘az monitor metrics list’ do?

A

List CPU and memory usage on your container, its required to get a CONTAINER_ID

25
Q

Which restart policy is typically the best choice for long-running tasks that service requests?

A

Always

The restart policy Always will ensure needed processes continue to be available even if a restart is required.

26
Q

True or false: by default, the values of an environment variable can be seen in the Azure portal and the Azure CLI output.

A

True

27
Q

Which troubleshooting command can be used to view container startup events?

  • az container logs
  • az container attach
  • az container exec
A

az container attach

The az container attach command shows container events and logs. By contrast, the az container logs only shows the logs and not the startup events.

28
Q

What is Azure Container Instances?

A

Containers are becoming the preferred way to package, deploy, and manage cloud applications. Azure Container Instances offers the fastest and simplest way to run a container in Azure, without having to manage any virtual machines and without having to adopt a higher-level service.

29
Q

How are container image names constructed?

A

The repository (or repository and namespace) plus a tag defines an image’s name. (Tag = version)

  • marketing/campaign10-18/email-sender:v2
  • product-returns/web-submission:20180604
30
Q

How is the ACR loginServer formatted?

A

myregistry.azurecr.io

31
Q

True of False. ACR does not require authentication for all operations if the registry is private.

A

False. ACR requires authentication for all operations
Recommended methods:

1) Authenticate directly via individual login
2) Service Principle: Applications and container orchestrators can perform unattended, or “headless,” authentication by using an AAD service principal
3) Each ACR contains an admin account that has full permissions to the registry. It’s disabled by default, but required for some scenarios for deploying an image from ACR to certain Azure services. Don’t use ACR Admin account for headless authentication

(get login server) az acr show –name –query loginserver

32
Q

What ACR roles exist?

A

Pre-defined roles are:

  1. Owner
  2. Contributor
  3. Reader
  4. Acrpush
  5. Acrpull
  6. Acrdelete
  7. Acrimagesigner

Roles can be grouped into 2 use cases:

  • roles assigned to people (Roles 1-3)
  • roles assigned to tools, pipelines or orchestration using headless auth using service principles. (roles 4-7)
33
Q

What CLI command would you use to watch the startup process of a container?

A

az container attach
–resource-group $RES_GROUP –name acr-tasks

The az container attach output first displays the container’s status as it pulls the image and starts

34
Q

What are some good use cases for Azure Container Instances?

A

Simple applications, task automation, build jobs.

For scenarios where you need full container orchestration, including service discovery across multiple containers, automatic scaling, and coordinated application upgrades, we recommend Azure Kubernetes Service (AKS).

35
Q

What CLI command is used to deploy a container?

A

az container create

  • -resource-group myResourceGroup
  • -name aci-tutorial-app
  • -image /aci-tutorial-app:v1
  • -cpu 1
  • -memory 1
  • -registry-login-server
  • -registry-username
  • -registry-password
  • -dns-name-label
  • -ports 80
36
Q

What is a container group?

A

A container group is a collection of containers that get scheduled on the same host machine.

The containers in a container group share a lifecycle, resources, local network, and storage volumes.

37
Q

What is a manifest and what is the purpose?

A
  • Generated by the registry when the content is pushed
  • Uniquely identifies the artifacts and specifies the layers.
  • Identified by a unique SHA-256 hash, or manifest digest. This mechanism is what allows you to repeatedly push identically tagged images to a registry.