Kubernetes Architecture

Question 1

How does a Kubernetes cluster operate?

Answer 1

API calls to operators. Most things run in containers.

Question 2

What should you do to make sure that a Kubernetes upgrade will work?

Answer 2

Make sure that all components will work together

Question 3

How do you make sure all versions will work together?

Answer 3

Run kubeadm upgrade plan

Question 4

What does the control plane do?

Answer 4

Run server and management processes.

Question 5

What did the cloud-controller-manager replace?

Answer 5

kube-controller-manager

Question 6

What’s an example of an essential Kubernetes add-on?

Answer 6

DNS services

Question 7

What are some optional Kubernetes add-ons?

Answer 7

Cluster logging and resource monitoring

Question 8

What usually manages the kubelet process?

Answer 8

systemd, when the cluster is built using kubeadm

Question 9

Which pods get started when a cluster starts?

Answer 9

Those in /etc/kubernetes/manifests/

Question 10

What does kube-apiserver do?

Answer 10

Handle and validate API calls, and connect to the etcd cluster

Question 11

What does the Konnectivity service do?

Answer 11

Allows the separation of user and server initiated traffic.

Question 12

What’s the advantage of segregating user and server initiated traffic?

Answer 12

Reduced performance, capacity and security concerns

Question 13

What does kube-scheduler do?

Answer 13

Uses an algorithm to decide which node will host a pod

Question 14

In order, what does kube-scheduler evaluate to decide where to place a pod?

Answer 14

Quota restrictions
Taints and tolerations
Labels and metadata

Question 15

What does the etcd database store?

Answer 15

Cluster state, networking and persistent information

Question 16

How do values get updated in etcd?

Answer 16

Values get appended to the end of the database, and old values are removed when compaction runs

Question 17

What happens if there are simultaneous requests to update a value in etcd?

Answer 17

The first one will succeed, but the others will fail with a 409 error.

Question 18

What happens when you get a 409 error?

Answer 18

Nothing, the client has to make another request.

Question 19

What do you have to do before doing an etcd update?

Answer 19

Back up the cluster’s etcd state

Question 20

How do you back up an etcd state?

Answer 20

Run etcdctl snapshot save or etcdctl snapshot restore

Question 21

What does the kube-controller-manager agent do?

Answer 21

Keep track of the state of the cluster, and use controllers to get the states to match

Question 22

What does CCM do?

Answer 22

Interact with agents outside of the cloud, like public cloud providers, to create things like load balancers.

Question 23

What processes do all Kube nodes run?

Answer 23

kubelet, kube-proxy and a container engine

Question 24

What does the kubelet do?

Answer 24

Interact with the container engine on the nodes and make sure all required containers are running

Question 25

How does the kubelet work (slightly more detail)

Answer 25

Takes in API calls for pod specifications and configures the node until the spec has been met. Includes provisioning access to storage, Secrets or ConfigMaps.

Question 26

What is the Topology Manager?

Answer 26

A component that allocates containers according to NUMA assignments.

Question 27

What does supervisord do?

Answer 27

In a non-systemd cluster, makes sure the kubelet and docker processes are running

Question 28

What does kube-proxy do?

Answer 28

Manages the network connectivity to all containers using iptables entries.

Question 29

What do you use for cluster wide logging?

Answer 29

Kube doesn't have it built in, so use Fluentd

Question 30

How can you get cluster wide metrics?

Answer 30

SIG provides some basic node and pod CPU & memory stats, but Prometheus can provide more metrics.

Question 31

What are operators also known as?

Answer 31

Controllers or watch-loops

Question 32

What do Deployments manage?

Answer 32

replicaSets

Question 33

What are replicaSets?

Answer 33

Copies of pods running the same podSpec

Question 34

What does a service operator do?

Answer 34

Connects all the decoupled components

Question 35

What does a service operator do? (more detail)

Answer 35

Sends messages through the kube-apiserver, which forwards settings to kube-proxy on every node

Question 36

What does a service do?

Answer 36

Connect pods together Expose pods to the internet Decouples settings Defines pod access policies

Question 37

What is the usual makeup of a pod?

Answer 37

One application container, and anciliary components

Question 38

What are common names for these ancilliary containers?

Answer 38

Sidecar, ambassador or adapter

Question 39

How can you choose the resources a container can consume?

Answer 39

The resources section of the PodSpec, or a ResourceQuota object

Question 40

What order do containers start in?

Answer 40

There is no order - they start in parallel

Question 41

How does an init container differ from a normal container?

Answer 41

They must be running before standard containers will start They can contain code or utilities that aren't in an app (like a shell command). They have independent security from app containers.