Kubernetes

Question 1

What is the “imperative” command to create a config map?

Answer 1

kubectl create configmap {configmap name} –from-literal={key}={value}

ex: kubectl create configmap app-config –from-literal=APP_COLOR=blue
ex: kubectl create configmap app-config –from-file=app_config.properties

Question 2

What is the “declarative” command to create a config map?

Answer 2

kubectl create -f config-map.yaml

Question 3

What is the “imperative” command to create a secret with key-value pairs?

Answer 3

kubectl create secret generic {secriet-name} –from-literal={key}={value}

ex: kubectl create secret generic app-secrect –from-literal=DB_Host=mysql –from-literal=DB_user=root –from-literal=DB_Password=paswr

Question 4

What is the “imperative” command to create a secret in usage with a file?

Answer 4

kubectl create secret generic app-secret –from-file=app_secret.properties

Question 5

What command can be used to view logs on a pod?

Answer 5

kubectl exec -it {pod-name} -n {namespace} cat /log/app.log

Question 6

What are the steps in upgrading the master components to exact version v1.18.0?

Answer 6

1 - Drain the control plane node: kubectl drain {node-name} –ignore daemonsets
2 - apt install kubeadm=1.18.0-00
3 - kubeadm upgrade apply v1.18.0
4 - apt install kubelet=1.18.0-00

Question 7

What is the command used to know what the latest stable version?

Answer 7

kubectl upgrade plan

kubectl upgrade plan | grep -i stable

Question 8

What is the command used to create a snapshot of the etcd database?

Answer 8

ETCDCTL_API=3 etcdctl snapshot save –cacert=/etc/kubernetes/pki/etcd/ca.crt –cert=/etc/kubernetes/pki/etcd/server.crt –key=/etc/kubernetes/pki/etcd/server.key –endpoints=127.0.0.1:2379

Question 9

What is the command used to check the members of the cluster?

Answer 9

ETCDCTL_API=3 etcdctl member list –cacert=/etc/kubernetes/pki/etcd/ca.crt –cert=/etc/kubernetes/pki/etcd/server.crt –key=/etc/kubernetes/pki/etcd/server.key –endpoints=127.0.0.1:2379

Question 10

What are the 4 options needed to take a snapshot of the etcd datastore?

Answer 10

(1) –cacert
(2) –cert
(3) –endpoints
(4) –key

Question 11

When performing a restore of the etcd database what are the options that are needed for the restore?

Answer 11

(1) –cacert
(2) –cert
(3) –endpoints
(4) –key
(5) –data-dir
(6) –initial-cluster
(7) –name
(8) –initial-advertise-peer-urls
(9) –initial-cluster-token

Question 12

What is the CNI plugin configured to be used on this kubernetes cluster?

Answer 12

ls /etc/cni/net.d/

Question 13

What binary executable file will be run by kubelet after a container and its associated namespace are created.

Answer 13

Look at the type field in file /etc/cni/net.d/10-weave.conf

cat /etc/cni/net.d/10-weave.conflist | grep -i type

Question 14

Deploy weave-net networking solution to the cluster

Answer 14

kubectl apply -f “https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d ‘\n’)”

Question 15

What is the Networking Solution used by this cluster?

Answer 15

ls /etc/cni/net.d/

Question 16

What is the POD IP address range configured by weave?

Answer 16

Run the command ‘ip addr show weave’

Question 17

What is the POD IP address range configured by weave?

Answer 17

Run the command ‘ip addr show weave’

Question 18

What is the range of IP addresses configured for PODs on this cluster?

Answer 18

kubectl logs weave -n kube-system
and look for ipalloc-range

kc logs weave-net-brpnv weave -n kube-system | grep -i ipallo

Question 19

What is the IP Range configured for the services within the cluster?

Answer 19

Inspect the setting on kube-api server by running on command cat /etc/kubernetes/manifests/kube-apiserver.yaml | grep cluster-ip-range

Question 20

What type of proxy is the kube-proxy configured to use?

Answer 20

Check the logs of the kube-proxy pods. Command: kubectl logs kube-proxy-ft6n7 -n kube-system

Question 21

Where does CoreDnS store its file?

Answer 21

/etc/coredns/Corefile

./Coredns

Question 22

Identify the DNS solution implemented in this cluster.

Answer 22

Run the command kubectl get pods -n kube-system and look for the DNS pods

Question 23

What is the IP of the CoreDNS server that should be configured on PODs to resolve services?

Answer 23

Run the command kubectl get service -n kube-system and look for cluster IP value.

Question 24

Where is the configuration file located for configuring the CoreDNS service?

Answer 24

Inspect the Args of the coredns deployment and check the file used, example: kubectl -n kube-system describe deployments.apps coredns | grep -A2 Args | grep Corefile

Question 25

What is the name of the ConfigMap object created for Corefile?

Answer 25

Run the command kubectl get configmap -n kube-system

Question 26

What is the root domain/zone configured for this kubernetes cluster?

Answer 26

Run the command kubectl describe configmap coredns -n kube-system and look for the entry after kubernetes

cluster.local

Question 27

From the hr pod nslookup the mysql service and redirect the output to a file /root/nslookup.out

Answer 27

Run the command kubectl exec -it hr nslookup mysql.payroll > /root/nslookup.out

Question 28

What is the Host configured on the ingress-resource?

Answer 28

Run the command ‘kubectl describe ingress –namespace app-space’ and look at Host under the Rules section.

Question 29

What is the command to create a namespace?

Answer 29

kubectl create namespace ingress-space

Question 30

The NGINX Ingress Controller requires a ConfigMap object. Create a ConfigMap object in the ingress-space.

Answer 30

Run the command ‘kubectl create configmap nginx-configuration –namespace ingress-space’

Question 31

The NGINX Ingress Controller requires a ServiceAccount. Create a ServiceAccount in the ingress-space.

Answer 31

Run the command ‘kubectl create serviceaccount ingress-serviceaccount –namespace ingress-space’

kc create serviceaccount ingress-serviceaccount -n ingress-space

Question 32

We have created the Roles and RoleBindings for the ServiceAccount. Check it out!

Answer 32

Run the command ‘kubectl get roles,rolebindings –namespace ingress-space’

Question 33

Let us now create a service to make Ingress available to external users.

Answer 33

Use the command kubectl expose deployment -n ingress-space ingress-controller –type=NodePort –port=80 –name=ingress –dry-run -o yaml >ingress.yaml

Question 34

(Install a 3 node cluster)

In all three terminal, run the following command to get the Docker gpg key:

Answer 34

(In all three terminals)

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

Question 35

(Install a 3 node cluster)

How would you add the docker gpg key to your repository?

Answer 35

(In all three terminals)

sudo add-apt-repository “deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable”

Question 36

(Install a 3 node cluster)

How would you download the Kubernetes gpg key?

Answer 36

(In all three terminals)

curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -

Question 37

(Install a 3 node cluster)

How would you add the Kubernetes gpg key to your repository?

Answer 37

cat &laquo_space;EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list
deb https://apt.kubernetes.io/ kubernetes-xenial main
EOF

sudo apt update

Question 38

Install Docker, Kubelet, kuceadm, kubectl on all three terminals

Answer 38

sudo apt install -y docker-ce=5:19.03.10~3-0~ubuntu-focal kubelet=1.18.5-00 kubeadm=1.18.5-00 kubectl=1.18.5-00

Question 39

How do you initialize the Kubernetes cluster?

Answer 39

In the Controller server terminal, run the following command to initialize the cluster using kubeadm:

sudo kubeadm init –pod-network-cidr=10.244.0.0/16

Question 40

In what way do you set up local kubeconfig?

Answer 40

In the Controller server terminal, run the following commands to set up local kubeconfig:

sudo mkdir -p $HOME/.kube

sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

sudo chown $(id -u):$(id -g) $HOME/.kube/config

Question 41

In what way do you apply the flannel CNI plugin as a network overlay?

Answer 41

In the Controller server terminal, run the following command to apply flannel:

kubectl apply -f https://docs.projectcalico.org/v3.14/manifests/calico.yaml

Question 42

How would you Join the worker nodes to the cluster, and verify they have joined successfully?

Answer 42

When we ran sudo kubeadm init on the Controller node, there was a kubeadmin join command in the output. You’ll see it right under this text:

You can now join any number of machines by running the following on each node as root:

To join worker nodes to the cluster, we need to run that command, as root (we’ll just preface it with sudo) on each of them. It should look something like this:

sudo kubeadm join

Question 43

How would you create a deployment?

Answer 43

In the Controller server terminal, run the following command to run a deployment of ngnix:

kubectl create deployment nginx –image=nginx

Question 44

What is the command to check the release version of the OS in linux?

Answer 44

cat /etc/os-release

Question 45

What ways are there to check to see if there is a container runtime installed on the linux machine?

Answer 45

check /var/run/ directory

ex: /var/run/docker.sock
/var/run/crio/crio.sock

Question 46

What is the command to check the version of kubeadm on the master node?

Answer 46

kubeadm version -o short

Question 47

How do you get to another node prompt from the master or other nodes?

Answer 47

ssh

Question 48

What is the command to see the version of the kubelet?

Answer 48

kubelet –version

Question 49

if you have lost the kubeadmin join command you can have another one created by using the following command?

Answer 49

kubeadmin token create –print-join-command

Question 50

What is the command to show all components within a namespace?

Answer 50

kubectl -n alpha get all

Question 51

When a pod is appened by the node that it is running on what does this mean?

Ex: kube-scheduler-master

Answer 51

That it is a static pod. Because it is appended by the name of where it is running. In the example in the question you see that it is running on the master node becuase of the -master. It is a control pane component.

Another way to confirm this is to check to see if there is a directory created for a static pod in the kubelet service.

cat /etc/systemd/system/kubelet.service.d/

Question 52

What is the directly where the static pods are located?

Answer 52

/etc/kubernetes/manifests/

Question 53

What is the component responsible for managing deployments and replicasets?

Answer 53

Check the kube-controller-manager configuratin at /etc/kubernetes/manifests/kube-controller-manager.yaml

Question 54

Create a new pod with the name ‘redis’ and with the image ‘redis123’

Answer 54

kubectl run redis –image=redis123

Question 55

What does kubeadm do?

Answer 55

Simplifies the process of building Kubernetes clusters.

Question 56

Which Kubernetes component manages containers on an individual node?

Answer 56

kubelet is the agent that manages containers on each node

Question 57

What is a Namespace?

Answer 57

Namespaces are virtual clusters running on the same physical cluster.

Question 58

What is the Kubernetes control plane?

Answer 58

The control plane consists of multiple components that manage the cluster itself

Question 59

What is the primary feature of Kubernetes?

Answer 59

Kubernetes provides tools and functionality around orchestrating container workloads.

Question 60

Which flag can you use with kubeadm to supply a custom configuration file?

Answer 60

–config This flag allows you to pass in your own config file

Question 61

What is Draining?

Answer 61

When performing maintenance, you may sometimes need to remove a Kubernetes node from service.

Containers running on the node will be gracefully terminated (and potentially rescheduled on another node).

Question 62

What is the official etcd ports?

Answer 62

The official etcd ports are 2379 for client requests and 2380 for peer communication.

Question 63

What software does Kubernetes use to store data about the state of the cluster?

Answer 63

Etcd

Question 64

What command can you use to allow Pods to be scheduled on a previously-drained node after Node maintenance is complete?

Answer 64

kubectl uncordon

Question 65

Which command allows you to upgrade control plane components?

Answer 65

kubeadm upgrade apply (This command will upgrade the control plane.)

Question 66

.

Which tool can help you perform a Kubernetes upgrade?

Answer 66

kubeadm includes functionality to help you upgrade Kubernetes clusters.

Question 67

How can you make Kubernetes highly available?

Answer 67

An HA setup for Kubernetes involved multiple control plane nodes

Question 68

Which tool provides a command-line interface for Kubernetes?

Answer 68

kubectl provides a command-line interface to the Kubernetes API.

Question 69

Which of the following are options for a highly-available Etcd architecture?

Answer 69

Why is this correct?
Stacked etcd, or managing Etcd alongside other control plane components, is one option for an HA setup.

Why is this correct?
External etcd, or managing Etcd separately from other control plane components, is one option for an HA setup.

Question 70

Which tool(s) allow you to create Kubernetes clusters?

Answer 70

Why is this correct?
kubeadm allows you to build Kubernetes clusters.

Correct Answer: C
Why is this correct?
Minikube allows you to easily create single-node clusters.

Question 71

Which command-line tool allows you to interact with Etcd and perform backups?

Answer 71

etcdctl is the command-line tool for Etcd.