KK DevOps Interview Prep

Question 1

Your EC2 instance is running out of disk space on the root/OS volume. What actions will you take to mitigate the issue? #4

Answer 1

EC2 Disk space means we are speaking of EBS volumes
1. Identify which directories or files are taking up the most space on the root/OS volume using du command.
2. Free up disk space by removing unnecessary files, using rm and find commands.
3. Optimize disk usage by moving large files to another instance or storage service using rsync command.
4. Increase disk space by resizing the instance or attaching an additional EBS volume to the instance.

Question 2

What is a bastion host or gateway server and what role do they play? 2

Answer 2

• A bastion host is a server that allows secure access to servers or resources in a private network from and external network.

Question 3

What are some scernarios that would warrant the use of a bastion host?

Answer 3

• Accessing an RDS instance or other database server that is not publicly accessible.
• Accessing a web server or other application server that is behind a load balancer or firewall.
• Accessing a server or resource in a private subnet within a VPC.

Question 4

How would an external user connect to a Bastion host? 2

Answer 4

• Users connect to the bastion host using SSH or RDP.
• Then, they use that connection to access other servers or resources in the private network.

Question 5

From a Security standpoint what is an advantage of using a bastion host or gateway server.

Answer 5

You can cut off all access to your internal workout at one source
You can monitor and control the flow of who can access your internal network

Question 6

Multiple EC2 instances in an ASG are getting terminated and this is causing downtime on the application. EC2 pricing and quota limits all look good. When you begin debugging what are the possible causes? #3

Answer 6

There are many reasions for this but I will cover the top 3.
* High CPU utilization
* Disk Space is Full (EBS)
* No Free Memory Available

Question 7

Multiple EC2 instances in an ASG are getting terminated and this is causing downtime on the application. EC2 pricing and quota limits all look good. Now that you’ve identified the causes what remedies do you suggest to fix the top 3 possible causes?

Answer 7

1. High CPU utilization based on CPU. Run the top command to look for a process that is occupying cpu. If its the application I would connect with the Developer team to resolve the issue.
2. Run the df -h to confirm there is no free disk space. Create a snapshot of the current EBS volume and increase the size, or add a volume.
3. The memory could be at it max. Run free -mt to confirm. I would suggest using a different type of instance that is more memeory intensive in the ASG.

Question 8

Multiple EC2 instances in an ASG are getting terminated and this is causing downtime on the application. How would you begin debugging this issue in AWS? #2

Answer 8

3. Check ASG configuration for scaling policies or other settings causing termination.
4. Review ASG activity history and CloudWatch metrics for spikes in CPU or Disk usage, network traffic, or other metrics.

Question 9

Multiple EC2 instances in an ASG are getting terminated, and this is causing downtime on the application. EC2 pricing and quota limits all look good. What are some advanced debugging techniques? #3

Answer 9

• If the issue remains, use advanced troubleshooting techniques like packet captures, system and application profiling, or debugging tools (strace or gdb).

Question 10

Which command would you use to check the free and used memory in a system?

Answer 10

The free -mt command is used to display the amount of free and used memory in the system

Question 11

The du and df -h commands are useful when looking into disk space issues. What are the differences and when should each be used?

Answer 11

The du command shows the disk usage of a directory and its subdirectories, whereas the df -h command shows the disk space usage of the file system containing a file or directory.

Question 12

Breakdown the use of the free -mt command and it’s flags?

Answer 12

The free -mt command is used to display the amount of free and used memory in the system, in Megabytes (MB).

The -m option displays the output in MB
The -t option adds a total line at the end of the output, which shows the total amount of memory, both physical and swap, in the system.

Question 13

How would you create a script that will push certain logs to S3 automatically? From a high level explain all the steps you’d take to achieve this. The script should run at a particular time. #5

Answer 13

1. Install and configure the AWS CLI on the instance
2. Use and IAM Role or Access Keys to grant the server access to S3
3. Write a bash script that copies & uploads logs to S3 using the AWS CLI, specifying credentials, bucket, and path.
4. Save file, make executable and Test the script.
5. Use a cron job to schedule the script to run automatically at desired intervals.

Question 14

Set S3 bucket and path

Explain whats happening in each section of this script.

~~~
#!/bin/bash

s3_bucket=”my-logs-bucket”

aws –profile my-iam-role s3 cp /var/log/myapp/ s3://$s3_bucket/$s3_path –recursive```

Answer 14

1. The first line, shebang, #! tells the system that this is a bash script and should be executed.
2. The next section sets variables that contain the name of the S3 bucket and the path within the bucket where the logs will be uploaded to.
3. The fifth line is the command that uploads the logs to S3. It uses the aws command, to copy the contents of the /var/log/myapp/ directory to the specified S3 bucket and path. The -profile option specifies the AWS CLI profile to use, and the -recursive option tells the aws command to upload all files and directories within the /var/log/myapp/ directory. The $s3_bucket and $s3_path variables are used to specify the destination of the logs.

Question 15

What are the steps to using a cron job to schedule the script to run automatically at desired intervals?

Answer 15

• Open the cron tab by running the crontab -e command
• Add a line to the file to schedule the script to run automatically at a specified interval.
• Save the file and exit the editor. The script will now run automatically at the specified interval.

For example, if you want the script to run every day at midnight, you would use the following line: 0 0 * * * /path/to/script

Question 16

What is logging and why is it important for applications? #4

Answer 16

Logging:
- Records important events and error messages in an application.
- Provides insight into the behavior of an application.
- Can help in debugging and troubleshoot issues.
- Facilitates collaboration between developers, operations, and support teams.

Question 17

What is centralized logging?

Answer 17

Centralized logging simplifies log data analysis and troubleshooting by collecting data from various sources into one location. This enables identification of patterns and trends across different systems and applications

Question 18

In what scenario would you use centralized logging?

Answer 18

In a production, when applications are running in a scalable manner, centralized logging is required since you lose the data associated with any instance terminated.

Question 19

What tools helps to achieve centralized logging within AWS and outside of AWS?

Answer 19

AWS: S3, Cloudwatch Logs, ElasticSearch
Splunk & Graylog

Question 20

What is branch protection in GitHub?

Answer 20

• A feature that allows repository administrators to set rules for branches like:
• Block force pushes or require pull request reviews.

Question 21

What does branch protection in GitHub help prevent?

Answer 21

• It helps prevent accidental or malicious changes to the codebase.

Question 22

How can I view the logs of my Docker container and limit the output to only the last 200 lines?

Answer 22

docker container logs --tail 200 <container_id or container_name>

Question 23

What will happen to docker logs if you stop, start, restart, or remove a container?

Answer 23

If you stop, start, or restart a Docker container, its logs will still be available. However, if you remove the container using the command docker rm its logs will be deleted permanently.

Question 24

Why would a Docker image that is 2.7 GB in size, be a cause for concern?

Answer 24

Larger images have longer build times and increased storage requirements.

Question 25

If you encounter a Docker image that is 2.7 GB in size, how would you resolve it?

Answer 25

• Use a base image that is smaller in size. (alpine)
• Removing unnecessary files, dependencies and binaries
• Use a multistage build, which can significantly reduce the size of the final image.

Question 26

What is the difference between a docker image and docker layer?

Answer 26

Docker, images are read-only templates that create containers.
They use stacked, immutable layers to optimize image creation and reduce data duplication.

Question 27

What is kubernetes kOps?

Answer 27

• Kops is a tool that allows you to automate the process of creating and managing the underlying AWS resources needed for a Kubernetes cluster, such as EC2 instances, security groups, and load balancers.

Question 28

In Kubernetes, PV stands for Persistent Volume, which is a

Answer 28

storage resource that can be used by pods.

Question 29

PVC stands for Persistent Volume _____ , which is a request for ________ by a pod. A PVC can be used to request a PV or to dynamically ________ a new one.

Answer 29

PVC stands for Persistent Volume Claim, which is a request for storage by a pod. A PVC can be used to request a PV or to dynamically provision a new one.

Question 30

A persistent volume is required in scenarios where data needs to be stored __________________ of the lifecycle of the ____________ that created it. Some examples include ____________, ____ _________ , and __________ for stateful applications.

Answer 30

A persistent volume is required in scenarios where data needs to be stored independently of the lifecycle of the container that created it. Some examples include databases, file servers, and storage for stateful applications.

Question 31

A pod is attempting to access a volume, but it receives an access error. How would you resolve this? #4

Answer 31

• Check the status of the volume to ensure it is healthy and available.
• Check the access mode of the pod and ensure it matches the access mode of the volume.
• Check the permissions and ownership of the files and folders within the volume to ensure they allow access to the pod.
• Check the logs of the pod and the volume to identify any errors or issues that may be causing the access error.

Question 32

A sidecar container runs alongside a primary container in the same pod in Kubernetes. It provides additional functionality such

Answer 32

as logging, monitoring, or security features.

Question 33

How does a sidecar container communicates with the primary container?

Answer 33

It communicates with the primary container using a shared filesystem or network interface.

Question 34

How can we ensure that certain pods are launched only on specific nodes that are explicitly designated for them?

Answer 34

You can accomplish this using node affinity or nodeSelector.

Question 35

Define Node affinity

Answer 35

Node affinity can be used to ensure that your pods are scheduled on nodes in a specific region or with certain CPU or memory capacity.

Question 36

Define Node Selector

Answer 36

NodeSelector allows you to match the labels on nodes with the labels specified in the pod spec.

Question 37

Define Taints in Kubernetes

Answer 37

taints are used to mark nodes as unsuitable for scheduling pods, unless the pods have tolerations that match the taints.

Question 38

Some scenarios where a taint might be used include: #3

Answer 38

• Reserve nodes for specific workloads/teams.
• Mark nodes as unsuitable for CPU/Memory-intensive workloads.
• Mark nodes as unsuitable for workloads requiring access to sensitive data/resources.

Question 39

How does the Kubernetes scheduler determine which nodes to deploy pods onto? #4

Answer 39

Kubernetes scheduler is responsible for assigning pods to nodes based on

- resource requirements
- node availability
- pod affinity
- & taints

Question 40

The scheduler works by evaluating a set of rules and constraints to determine the most suitable node for each pod. These rules and constraints include:

• Resource requirements:
• Node availability:
• Pod affinity and anti-affinity:
• Taints and tolerations:

Describe each

Answer 40

• Resource requirements: The scheduler checks CPU and memory requirements and ensures the node has enough resources.
• Node availability: The scheduler avoids scheduling pods on nodes that are at capacity or non-ready.
• Pod affinity and anti-affinity: The scheduler can be configured to locate related pods together or apart based on node or pod labels.
• Taints and tolerations: Nodes can be “tainted” and unsuitable for certain pods. Pods can be configured with “tolerations” that match taints.

Question 41

Can you explain the internal workings of the Kubernetes scheduler?

Answer 41

• Pods start in a “Pending” state until they are scheduled.
• The scheduler evaluates rules and constraints for each pod and assigns it to the most suitable node.
• Then the pod moves to the “Running” state.

Question 42

What is the significance of setting pod/node affinity rules?

Answer 42

Setting node affinity rules ensures that your pods run on nodes that meet your requirements.