Kubernetes Flashcards
- True or False? In a pod .yaml file, resource limit of cpu: 0.1 is allowed.
True. This can also be written as 100m.
- True or False? A secret can be visible to only one container in a pod.
True. This may be done for security reason, such as this example: https://kubernetes.io/docs/concepts/configuration/secret/#use-case-secret-visible-to-one-container-in-a-pod
- What are four main types of services?
-Cluster IP
(Expose the service on a cluster-internal IP, not exposed to anything external to Kubernetes cluster)
-NodePort
(Expose the service on each Node’s IP at a static port. External callers can call the service)
-LoadBalancer
(Provision an external IP to act as a load balancer for the service. Exposes a service to external callers)
-ExternalName
(Maps a service to a DNS name. The service doesn’t change IP addresses, but it routes traffic to an external service that does have a dynamic IP)
- What kubectl command will give you information such as what node and IP address a pod is on? And any failure events?
kubectl describe pod my-nginx
- What are some of the benefits of Deployments?
Deployments support
zero-downtime updates by creating and destroying replica
provide rollback functionality
- What is the name of the AWS volume type?
awsElasticBlockStore
- What command will create three pod replicas?
kubectl scale deployment my-deployement –replicas=3
- What specifies that data in a storage provider should not be erased if a PVC is deleted?
persistentVolumeReclaimPolicy: Retain
- What does the spec.selector.matchLabels key in a Pod .yaml do?
Queries for a template with the specified label in order to use that pod template
- What command creates a ConfigMap from an env file?
kubectl create configmap [configmap-name] –from-env-file=[path-to-file]
- What is a LimitRange?
A LimitRange specifies min and max limits on cpu and memory for pods in a namespace. This prevents pods from not being given a limit and consuming too much memory, thus causing other pods to fail on a node.
- What access mode allows only one client (i.e. one pod) to write to a PV?
-ReadWriteOnce
- How does Kubernetes accomplish a no downtime deployment?
It spins up new pods and routes traffic to them, then subsequently destroys the old pods that no longer have traffic
- What command can be used to externally expose a port on a clusterIP service?
kubectl port-forward service/[service-name] 8080
- What are some zero-downtime deployment options that kubernetes can facilitate?
Blue-Green and Canary deployments, among others
- What are the two types of Kubernetes probes?
Liveness and readiness
- What is the annotations.last-applied-configuration.key in a .yaml file?
It gives details of the resource’s configurations.
This allows changes to be made to a Pod using kubectl apply
- What is a StatefulSet?
A StatefulSet manages the following of a set of pods
1) deployment and
2) scaling
- What happens to a scheduled pod that cannot have its resource requests met by a node?
It remains in the PENDING state.
- What is a risk of using a hostPath volume?
It is dependent on the host. If the host dies, the data is inaccessible and potentially lost.
- What command will show all running pods, replicasets, and deployments?
kubectl get all
- How are secrets stored on a node?
tmpfs
- Will ‘kubectl delete pod [pod-name]’ remove and recreate a pod, or just remove?
It will remove and recreate if there is an active deployment
- True or False? A pod can have multiple volumes attached to it?
True
- What is gcePersistentDisk fsType?
It is the file system type to use for the volume.
- What does Secret type:Opaque signify?
The secret may contain unstructured data. There are no constraints on the data.
- What is the name of the Azure volume type?
azureFile
- What is the difference between a memory request (spec.containers[].resources.requests.memory) and a memory limit (spec.containers[].resources.limits.memory) in a pod .yaml?
A pod can use more memory than the memory request amount. However, if the memory request amount is higher than the available memory on the node, the pod will throw an Out Of Memory error.
A memory limit is the maximum amount of memory that a pod will be allowed to use, even if the node has more available.
- If a pod has a memory request of 512MiB and a memory limit of 1 GiB, how many pods of this type could be run on a node with 2 GiB of avaiable memory?
- As the docs say: “A Container is guaranteed to have as much memory as it requests, but is not allowed to use more memory than its limit”. https://kubernetes.io/docs/tasks/configure-pod-container/assign-memory-resource/
- What field in a StorageClass .yaml determines what volume plugin is used for creating PVs?
provisioner
- What command will show you the details of the secret with name: pid-acct?
kubectl describe secrets/pid-acct
- What kind of volume is useful for sharing transient data between two containers running on a pod?
emptyDir. This directory will be tied to the lifecycle of the pod.
- What command will show you the details of all ConfigMaps?
kubectl get cm
- What does the command ‘kubectl get deployments -l tier=frontend’ do?
It lists all deployements with label: tier: frontend
- True or False? A ConfigMap can be loaded through a volume?
True. In the pod .yaml file, specify spec.volumes and spec.spec.containers.volumeMounts to point to the appropriate ConfigMap
- True or False? Information stored as a Secret is available to pods on all nodes whether the pod requests it or not.
False. The pod has to specifically request the Secret. This reduces the risk of an attacker getting access to the information contained in a secret.
- Which of the following is a cluster-wide storage unit provisioned by an administrator and has a lifecycle independent of pods?
PersistentVolume. (A pod uses a PersistentVolumeClaim to connect to the persistent volume.)
- What flag in the yaml file will deny a container the ability to write to a volume?
volumeMounts.readOnly: true
- What is the difference between port, targetPort, and nodePort keys in a NodePort service .yaml?
targetPort is the port the container is running on
port is the port the service is exposed on in the cluster
nodePort is the port made avaiable to external consumers of the service.
- What command will show any limits placed on a deployment?
kubectl describe deployment [deployment-name]
- What two commands can be used to create a service from file my.service.yml?
kubectl apply -f my.service.yml
kubectl create -f my.service.yml
- What command will show a pod’s .yaml file?
kubectl get pod [pod-name] -o yaml
- What .yaml key will ensure a pod does NOT get any traffic for X amount of seconds after deployment?
minReadySeconds
- What command will delete a service created from my.service.yml?
kubectl delete -f my.service.yml
- What is the acceptable naming convention for port names?
Port names must only contain lowercase alphanumeric characters and ‘-‘. Port names must also start and end with an alphanumeric character.
- What is a container MountPath?
The directory where the volume storage resides.
- What entity facilitates dynamic provisioning of Persistent Volumes?
Storage Classes. These can be used to provision Persistent Volumes programatically instead of having an administrator create the PV.
- What is the default binding mode for a StorageClass?
Immediate. This means that volume binding and dynamic provisioning occur on creating of the PVC
- What command creates a ConfigMap in Kubernetes from a config file?
kubectl create configmap [configmap-name] –from-file=[path-to-file]
- What flag controls when Kubernetes pulls an image?
imagePullPolicy
