Main Flashcards
Imperative Command for Creating a Pod
kubectl run nginx –image=nginx
Imperative Command for Creating a Deployment
kubectl create deployment –image=nginx nginx
How do commands and arguments in Kubernetes overwrite what’s written in the DockerFile?
The attribute, “command:[“sleep2.0”]” inside the containers attribute overwrites the Docker command: ENTRYPOINT[“sleep”]. Same thing with args:[“10”] overwriting CMD[“5”]
Create a command defined in Kubernetes that will execute once a container has launched
containers:
- name: ubuntu
image: ubuntu
command: [“sleep”]
args: [“10”]
How does one use ConfigMaps/Secrets?
- Create ConfigMap Object
2. Attach ConfigMap Object to Pod
How do you define environment variables in a pod (No configmap)?
env:
- name: APP_COLOR
value: PINK
How do you attach a ConfigMap object to a pod?
containers:
- name: simple-webapp
image: simple-webapp
envFrom:
- configMapRef:
name: {NameOfConfigMap}How do you add a pod/deployment/replicaset to a namespace (2 methods)?
- Using imperative command: –namespace={namespace}
2. Adding namespace dictionary value to metadata attribute in yaml config
What has the –dry-run command changed to?
–dry-run=client
How do you format secret object values (2 methods)?
- Imperative commands: kubectl create secret –from-literal=key:value –from-literal=key2:value2
- a. Linux commands: echo -n ‘{secret}’ | base64 –decode
b. kubectl create -f
c.
data:
secret: decodedvalue
How do you attach a Secret object to a container?
containers:
- name: simple-webapp
image: simple-webapp
envFrom:
- secretRef:
name: {nameOfSecretObject}How do you attach a Secret to a pod (in pod definition)?
env:
- name: {secretName}
valueFrom:
secretKeyRef:
name: app-secret
key: {secretValue}How do you attach a Secret to a pod (using volumes)?
volumes:
- name: app-secret-volume
secret:
secretName: app-secret
How do you check who’s listed as the security context for running a particular container?
- kubectl exec ubuntu-sleeper – whoami
2. Do an -o yaml and see security context
How do you format a security context for a pod?
spec:
securityContext:
runAsUser: 1000
runAsGroup: 2000
How do you format a security context object for a container?
spec:
containers:
- name: ubuntu
image: ubuntu
command ["sleep", "23"]
securityContext:
runAsUser: 1000
runAsGroup: 2000Does a security context on a pod or container take precedence?
Pod security contexts overwrite container security contexts.
How do you create a service account?
kubectl create serviceaccount {serviceAccountName}
How do you get a service account token?
- Find the secret ID: kubectl describe serviceaccount {serviceAccountName}
- Describe secret with secret ID: kubectl describe secret {secretID}
How do you make a call to the kubernetes api endpoint using a service account?
- Get Service Account token (see question 20)
2. curl {endpont url} –insecure –header “Authorization: Bearer {token}”
At what level do you set resource requirements in a pod definition file?
The container level. Example:
containers:
- name: simplewebapp
image: simple-webapp
resources:
requests:
memory: "1Gi"
cpu: 1
limits:
memory: "2Gi"
cpu: 2
Can a container use more than its resource limit for cpu and memory?
If a container reaches its limit for cpu, the node will throttle the cpu. If a container reaches its limit for memory, it can go above its limit, but if it keeps doing this, the pod will be destroyed.
How do you taint a node?
kubectl taint nodes {nodeName} key:value:taintEffect
Example: kubectl taint nodes node1 app=blue:NoSchedule
What is the difference between taints and tolerations?
Taints are applied to nodes while tolerations are applied to pods. A pod needs to have x toleration in order to land on x taint.
What is the taint effect, NoSchedule?
Pods will not be scheduled on the node
What is the taint effect, PreferNoSchedule?
Pods will have a preference to not be scheduled on the node.
What is the taint effect, NoExecute?
New pods will not be scheduled on the node, existing pods will be evicted from the node.
How do you label nodes?
kubectl label nodes {nodeName} {labelKey}:{labelValue}
example: kubectl label nodes node-1 size=Large
How do you format a node selector inside a pod definition file?
spec:
nodeSelector:
size: Large
When would you use a node affinity over a node selector?
When the labels require conditional statements. For example, you want pods to go on small OR Large nodes. Or any node that is NOT small.
How do you format a Node Affinity inside a pod definition file?
spec:
affiniity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: size
operator: NotIn | In | Exists
values:
- SmallNode Affinity Types (3)
requiredDuringSchedulingIgnoredDuringExecution
preferredDuringSchedulingIgnoredDuringExecution
requiredDuringSchedulingRequiredDuringExecution
In multi-container pods, there are three design patterns. What are those three main design patterns?
- Sidecar
- Adapter
- Ambassador
What is the difference between Sidecar and Adapter design patterns?
Sidecar extends the functionality of the main container, Adapter transforms/modifies the output of the main container.
Briefly describe the Ambassador design pattern
The ambassador design pattern has a small container that essentially acts as a proxy for the main container. An example of this would be connecting to different databases based on current environment.
At what level do you specify a readiness probe in a configuration file?
The container level. Example:
containers:
- image: nginx-webapp
name: nginx-webapp
readinessProbe:
httpGet: /* | tcpSocket:\n\t port | exec:\n\t command: ["command"]*/
path: /api/ready
port: 8080
initialDelaySeconds: 10*
periodSeconds: 5*
failureThreshold: 8*
* = for httpGet probes only
What is the difference between a readiness probe and a liveness probe?
Readiness probe is executed on creation while liveness probe is executed periodically to see if the website/webservice is healthy
At what level do you specify a liveness probe in a configuration file?
The container level. Example:
containers:
- image: nginx-webapp
name: nginx-webapp
livenessProbe:
httpGet: /* | tcpSocket:\n\t port | exec:\n\t command: ["command"]*/
path: /api/ready
port: 8080
initialDelaySeconds: 10*
periodSeconds: 5*
failureThreshold: 8*
* = for httpGet probes only
How do you view logs for a pod?
kubectl logs -f {podId} {podId2}
What commands do you use to do basic monitoring of nodes and pods?
kubectl top node
kubectl top pod
How do you get all Kubernetes objects with labels x and y under category a and b, respectively?
kubectl get all –selector a=x, b=y
When using a pod selector, how do you mark each pod to label?
metadata:
labels:
category: labelName
What should you watch out for when using labels in ReplicaSets with regard to ReplicaSets having two defined areas for labels?
Because ReplicaSets dynamically generate pods, the pod labels also need to be defined. This can be done in the template attribute under the specs attribute in the configuration file. To define labels for the replicaset specifically, this needs to be done in the metadata: labels section.
What is the difference between the “recreate” and “rolling update” deployment strategies?
Recreate = All pods go down, then all pods go back up. Rolling = One pod goes down, then new pod goes up until all of them have been updated.
How do you create and update a deployment in Kubernetes?
kubectl apply -f deployment-def.yaml
You can also use:
1. kubectl create -f dep-def.yaml
2. kubectl set image deployment/newimage
How do you check the status of a deployment?
kubectl rollout status deployment/myapp-deployment
kubectl rollout history deployment/myapp-deployment
How do you roll back a deployment in Kubernetes?
kubectl rollout undo deployment/myapp-deployment
What is the imperative command to create a deployment with 4 replicas?
kubectl create deployment nginx –image=nginx –replicas=4 -o yaml –dry-run=client
What is the imperative command to scale a deployment to use a different number of replicasets?
kubectl scale deployment nginx –replicasets=4
What is a job object?
A short term pod. Runs and terminates. Example:
apiVersion: batch/v1
kind: Job
metadata:
name: math-add-job
spec:
template:
spec:
containers:
- name: math-add
image: ubuntu
command: ["sleep", "5"]
restartPolicy: Never
How to create 3 of the exact same jobs with the same object?
Specify the “completions” attribute. Specify the parallelism attribute to have these jobs run at the same time.
What is a cron job?
A reoccurring job on a schedule.
What is the cronjob time format? (* for each time slot)
“minute(0-60)* hour(0-60)* day of the month(0-31)* month(1-12)* day of the week(0-6)*”
What is the difference between persistent volume and persistent volume claims?
Persistent volume claim is essentially, “What do you want?” while persistent volume is essentially, “How do you want it implemented?”. For example PVC will NOT have any information regarding HOW the storage will be stored, it just goes through the list of requirements and tries to best match to the PV defined.
What 3 things need to be defined in a persistent volume?
Access type, capacity, and location. Example file:
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-voll
spec:
accessModes:
- ReadWriteOnce
capacity:
storage: 1Gi
hostPath: /* This can vary between AWS, Azure, etc, look it up for the appropriate settings */
path: /tm
How is storage referenced from Pod to PV? (High-level)
The pod has a volume ‘dns’ that directly references a PVC which references a Persistent Volume.
In a pod/replicaset/deployment config file, how do you reference a PVC?
spec:
volumes:
- name: persistent-storage-name
persistentVolumeClaim:
claimName: {PVCName}What 2 things should you specify in a persistent volume claim configuration file?
Access type and storage requirements.
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: myclaim
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 500Mi
NodePort IP Address Range
30000-32767
What 4 things need to be specified in a service configuration object file?
Type (NodePort or ClusterIp), port, target port, and selector (for which object the service will communicate with)
apiVersion: v1
kind: Service
metadata:
name: myapp-service
spec:
type: NodePort | ClusterIP *default*
ports:
- port: 80
targetPort: 80 /* optional, by default it's same as 'port' */
nodePort: 30008 /* optional, by default it's randomly assigned */
selector:
app: myapp
type: front-end
Differentiate Port, Target Port, and Node Port
Port is the port of the Service, target port is the port of the object(s) the service is communicating with, and Node Port is the port exposed outside of the network
True or False: When running Kubernetes on multiple nodes, when you create a service, this same service can automatically be applied to all the nodes.
True
What are the major components of setting up ingress networking (High-Level)?
You need two items:
- Ingress Controller (essentially a separate Pod/Deployment along with a Service that can be used to utilize routing and proxying. Based on nginx container for example);
- Ingress rules(a separate Kubernetes resourse with kind: Ingress. Will only take effect if Ingress Controller is already deployed)
What 3 critical things do ingress rule objects need using a configuration file?
Annotations, what will be re-routed (path, host), and where should it go (ie selectors)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
name: ingress-pay
namespace: critical-space
spec:
rules:
- http:
paths:
- host: *
path: /pay
pathType: Prefix
backend:
service:
name: pay-service
port:
number: 8282
Imperative command to create a service
kubectl create service nodeport {serviceName} –tcp=80
kubectl create service clusterip my-svc –clusterip=”None”
Imperative command to create a configmap
kubectl create configmap {name} –from-literal=key1=config1 –from-literal=key2=config2
Imperative command to create a namespace
kubectl create namespace {name}
Ingress vs Egress traffic
Ingress is incoming, Egress is outgoing traffic. This excludes responses (i.e. 200 response with content)
What major thing is specified in a networking policy object?
What Egress/ingress rules need specification.
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: db-policy
spec:
podSelector:
matchLabels:
role: db
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector:
matchLabels:
name: app
ports:
- protocol: TCP
port: 3306
egress:
- to:
- ipBlock:
cidr: 192.168.5.10/32
ports:
- protocol: TCP
port: 80
What is ingress traffic?
Traffic that originates outside the network that is heading inside the network.
What is egress networking?
Traffic heading from inside the network to outside the network.
