Kubernetes

Question 1

What is CNI w.r.t. AWS EKS

Answer 1

Connection Network Interface
Kubernetes can use this plugin for configurable networking setups.

aws-node daemonset running EKS has two components - LIPAM and CNI Plugin

CNI is responsible for wiring the network interfaces to the pods namespace.

Question 2

What is LIPAM w.r.t. AWS EKS

Answer 2

aws-node is a daemonset running on AWS EKS, that has two components: LIPAM and CNI.

LIPAM is responsible to attach ENI to nodes and maintain warm pool of IPs which can be assigned to Pods. If the pods’ count is more than IPs available, new ENI attachment is triggered, provided the Node Type supports it.

Question 3

What is ArgoCD

Answer 3

Continuous Deployment tool for Kubernetes that relies on GitOps to receive new manifest files and applies them to Kubernetes.
Each deployment of a pod will create a new revision, that can be used to roll back quickly if needed.

Question 4

How to list IP addresses of all the pods on lubernetes cluster?

Answer 4

kubectl get pods -A -o jsonpath=’{range .items[*]}{.status.podIP}{“\n”}{end}’

Question 5

How to check the users/roles that have access to the kubernetes cluster?

Answer 5

kubectl get configmap aws-auth -n kube-system -o yaml

Question 6

What is a Config Map?

Answer 6

In kubernetes we can add multiple environment variables to a single configuration file, which can then be utilized by a deployment to load variables from.

e.g. 
apiVersion: v1
kind: ConfigMap
metadata:
  name: sampleconfigmap
data:
  ACCOUNT: "12345"
  ID: "admin"
  PASSWORD: "amex1234"

Note: remember to add double quotes or else it will be unsuccessful in creation.

Usage in deployment:
      env:
      - name: ACCOUNT
        valueFrom:
          configMapKeyRef:
            name: sampleconfigmap
            key: ACCOUNT
       - name: ID
         valueFrom:
           configMapKeyRef:
             name: sampleconfigmap
             key: ID

Question 7

Force delete a pod`

Answer 7

kubectl delete pod xyz –force

Question 8

Run an one of pod

Answer 8

kubectl run -it –rm –image=”ubuntu” -n aqua linuxtools –command “/bin/bash”

Question 9

How to check the current KUBECONFIG?

Answer 9

kubectl config view

Question 10

How to get the current context?

Answer 10

kubectl config current-context

Question 11

What is orchestrator?

Answer 11

1. deploy application
2. scale it up/down
3. self heal.
4. zero downtime rolling updates

Question 12

Cloud native application

Answer 12

1. Scale up/down without failure
2. self healing
3. rolling updates

Question 13

Container Runtime Interface (CRI)

Answer 13

Abstract layer that standardizes how 3rd party container runtimes interface with Kubernetes.

Question 14

Runtime Classes

Answer 14

Allows different classes of runtime, Kata, gVisor provide better workload isolation.

Question 15

Kubernetes = ?

Answer 15

Masters + Nodes

Multi master clusters are recommended, as 3 masters or 5 masters.

Question 16

Control Plane/Master = ?

Answer 16

API server + Cluster store (etcd) + Controller Manager + Scheduler + Cloud Controller Manager

etcd - follows consistency over availability.

Question 17

Node = ?

Answer 17

Kubelet + CRI + Network Proxy (kube-proxy)

Kubelet does the node registration on cluster. Watches API server for new work assignments.

Question 18

If there are multiple contianer in a pod how can they call each other?

Answer 18

They can communicate using localhost. all containers in a pod share the same IP.

Question 19

How is rolling deployment handled

Answer 19

A Deployment creates a replicaSet for each new manifest applied and then for the replicaSet a pod is created. In case the new pod doesn’t work, then the previous replicaSet is used to create another pod, or retain the older pod which was known to be working.

For statefulsets, controllerrevision is created that generates the pods thereafter.

Question 20

Initialize a new cluster

Answer 20

kubeadm init –apiserver-advertise-address $(hostname -i) –pod-network-cidr

Question 21

Pod ?

Answer 21

Pause container - special type of container, all containres running inside of it will inherit the Network namespace, Hostname, Unix domain sockets.

Question 22

Control groups

Answer 22

Linux kernel tech to limit consumption of individual containers

Question 23

Create secret from command line

Answer 23

kubectl create secret generic mysecret –dry-run=client -o yaml -n cbiswal –from-literal=MYNAME=cbiswal

Question 24

Check if all pods are ready

Answer 24

kubectl wait –for=condition=Ready pods –all -n cbiswal