Main

Question 1

Imperative Command for Creating a Pod

Answer 1

kubectl run nginx –image=nginx

Question 2

Imperative Command for Creating a Deployment

Answer 2

kubectl create deployment –image=nginx nginx

Question 3

How do commands and arguments in Kubernetes overwrite what’s written in the DockerFile?

Answer 3

The attribute, “command:[“sleep2.0”]” inside the containers attribute overwrites the Docker command: ENTRYPOINT[“sleep”]. Same thing with args:[“10”] overwriting CMD[“5”]

Question 4

Create a command defined in Kubernetes that will execute once a container has launched

Answer 4

containers:

• name: ubuntu
  image: ubuntu
  command: [“sleep”]
  args: [“10”]

Question 5

How does one use ConfigMaps/Secrets?

Answer 5

1. Create ConfigMap Object

2. Attach ConfigMap Object to Pod

Question 6

How do you define environment variables in a pod (No configmap)?

Answer 6

env:

• name: APP_COLOR
  value: PINK

Question 7

How do you attach a ConfigMap object to a pod?

Answer 7

containers:
-  name: simple-webapp
   image: simple-webapp
   envFrom:
      -  configMapRef:
            name: {NameOfConfigMap}

Question 8

How do you add a pod/deployment/replicaset to a namespace (2 methods)?

Answer 8

1. Using imperative command: –namespace={namespace}

2. Adding namespace dictionary value to metadata attribute in yaml config

Question 9

What has the –dry-run command changed to?

Answer 9

–dry-run=client

Question 10

How do you format secret object values (2 methods)?

Answer 10

1. Imperative commands: kubectl create secret –from-literal=key:value –from-literal=key2:value2
2. a. Linux commands: echo -n ‘{secret}’ | base64 –decode
   b. kubectl create -f
   c.
   data:
   secret: decodedvalue

Question 11

How do you attach a Secret object to a container?

Answer 11

containers:
-  name: simple-webapp
   image: simple-webapp
   envFrom:
      -  secretRef:
            name: {nameOfSecretObject}

Question 12

How do you attach a Secret to a pod (in pod definition)?

Answer 12

env:
  -  name: {secretName}
     valueFrom:
       secretKeyRef:
         name: app-secret
         key: {secretValue}

Question 13

How do you attach a Secret to a pod (using volumes)?

Answer 13

volumes:
- name: app-secret-volume
secret:
secretName: app-secret

Question 14

How do you check who’s listed as the security context for running a particular container?

Answer 14

1. kubectl exec ubuntu-sleeper – whoami

2. Do an -o yaml and see security context

Question 15

How do you format a security context for a pod?

Answer 15

spec:
securityContext:
runAsUser: 1000
runAsGroup: 2000

Question 16

How do you format a security context object for a container?

Answer 16

spec:
  containers:
    - name: ubuntu
      image: ubuntu
      command ["sleep", "23"]
      securityContext:
        runAsUser: 1000
        runAsGroup: 2000

Question 17

Does a security context on a pod or container take precedence?

Answer 17

Pod security contexts overwrite container security contexts.

Question 18

How do you create a service account?

Answer 18

kubectl create serviceaccount {serviceAccountName}

Question 19

How do you get a service account token?

Answer 19

1. Find the secret ID: kubectl describe serviceaccount {serviceAccountName}
2. Describe secret with secret ID: kubectl describe secret {secretID}

Question 20

How do you make a call to the kubernetes api endpoint using a service account?

Answer 20

1. Get Service Account token (see question 20)

2. curl {endpont url} –insecure –header “Authorization: Bearer {token}”

Question 21

At what level do you set resource requirements in a pod definition file?

Answer 21

The container level. Example:

containers:
- name: simplewebapp
  image: simple-webapp
  resources:
    requests:
      memory: "1Gi"
      cpu: 1
    limits: 
      memory: "2Gi"
      cpu: 2

Question 22

Can a container use more than its resource limit for cpu and memory?

Answer 22

If a container reaches its limit for cpu, the node will throttle the cpu. If a container reaches its limit for memory, it can go above its limit, but if it keeps doing this, the pod will be destroyed.

Question 23

How do you taint a node?

Answer 23

kubectl taint nodes {nodeName} key:value:taintEffect

Example: kubectl taint nodes node1 app=blue:NoSchedule

Question 24

What is the difference between taints and tolerations?

Answer 24

Taints are applied to nodes while tolerations are applied to pods. A pod needs to have x toleration in order to land on x taint.

Question 25

What is the taint effect, NoSchedule?

Answer 25

Pods will not be scheduled on the node

Question 26

What is the taint effect, PreferNoSchedule?

Answer 26

Pods will have a preference to not be scheduled on the node.

Question 27

What is the taint effect, NoExecute?

Answer 27

New pods will not be scheduled on the node, existing pods will be evicted from the node.

Question 28

How do you label nodes?

Answer 28

kubectl label nodes {nodeName} {labelKey}:{labelValue}

example: kubectl label nodes node-1 size=Large

Question 29

How do you format a node selector inside a pod definition file?

Answer 29

spec:
nodeSelector:
size: Large

Question 30

When would you use a node affinity over a node selector?

Answer 30

When the labels require conditional statements. For example, you want pods to go on small OR Large nodes. Or any node that is NOT small.

Question 31

How do you format a Node Affinity inside a pod definition file?

Answer 31

spec:
  affiniity:
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
          - matchExpressions:
            - key: size
              operator: NotIn | In | Exists
              values:
              - Small

Question 32

Node Affinity Types (3)

Answer 32

requiredDuringSchedulingIgnoredDuringExecution
preferredDuringSchedulingIgnoredDuringExecution
requiredDuringSchedulingRequiredDuringExecution

Question 33

In multi-container pods, there are three design patterns. What are those three main design patterns?

Answer 33

1. Sidecar
2. Adapter
3. Ambassador

Question 34

What is the difference between Sidecar and Adapter design patterns?

Answer 34

Sidecar extends the functionality of the main container, Adapter transforms/modifies the output of the main container.

Question 35

Briefly describe the Ambassador design pattern

Answer 35

The ambassador design pattern has a small container that essentially acts as a proxy for the main container. An example of this would be connecting to different databases based on current environment.

Question 36

At what level do you specify a readiness probe in a configuration file?

Answer 36

The container level. Example:

containers:
  -  image: nginx-webapp
     name: nginx-webapp
     readinessProbe:
       httpGet: /* | tcpSocket:\n\t port  | exec:\n\t command: ["command"]*/
         path: /api/ready
         port: 8080
       initialDelaySeconds: 10*
       periodSeconds: 5*
       failureThreshold: 8*
* = for httpGet probes only

Question 37

What is the difference between a readiness probe and a liveness probe?

Answer 37

Readiness probe is executed on creation while liveness probe is executed periodically to see if the website/webservice is healthy

Question 38

At what level do you specify a liveness probe in a configuration file?

Answer 38

The container level. Example:

containers:
  -  image: nginx-webapp
     name: nginx-webapp
     livenessProbe:
       httpGet: /* | tcpSocket:\n\t port  | exec:\n\t command: ["command"]*/
         path: /api/ready
         port: 8080
      initialDelaySeconds: 10*
      periodSeconds: 5*
      failureThreshold: 8*
* = for httpGet probes only

Question 39

How do you view logs for a pod?

Answer 39

kubectl logs -f {podId} {podId2}

Question 40

What commands do you use to do basic monitoring of nodes and pods?

Answer 40

kubectl top node

kubectl top pod

Question 41

How do you get all Kubernetes objects with labels x and y under category a and b, respectively?

Answer 41

kubectl get all –selector a=x, b=y

Question 42

When using a pod selector, how do you mark each pod to label?

Answer 42

metadata:
labels:
category: labelName

Question 43

What should you watch out for when using labels in ReplicaSets with regard to ReplicaSets having two defined areas for labels?

Answer 43

Because ReplicaSets dynamically generate pods, the pod labels also need to be defined. This can be done in the template attribute under the specs attribute in the configuration file. To define labels for the replicaset specifically, this needs to be done in the metadata: labels section.

Question 44

What is the difference between the “recreate” and “rolling update” deployment strategies?

Answer 44

Recreate = All pods go down, then all pods go back up.
Rolling = One pod goes down, then new pod goes up until all of them have been updated.

Question 45

How do you create and update a deployment in Kubernetes?

Answer 45

kubectl apply -f deployment-def.yaml
You can also use:
1. kubectl create -f dep-def.yaml
2. kubectl set image deployment/newimage

Question 46

How do you check the status of a deployment?

Answer 46

kubectl rollout status deployment/myapp-deployment

kubectl rollout history deployment/myapp-deployment

Question 47

How do you roll back a deployment in Kubernetes?

Answer 47

kubectl rollout undo deployment/myapp-deployment

Question 48

What is the imperative command to create a deployment with 4 replicas?

Answer 48

kubectl create deployment nginx –image=nginx –replicas=4 -o yaml –dry-run=client

Question 49

What is the imperative command to scale a deployment to use a different number of replicasets?

Answer 49

kubectl scale deployment nginx –replicasets=4

Question 50

What is a job object?

Answer 50

A short term pod. Runs and terminates. Example:

apiVersion: batch/v1
kind: Job
metadata:
  name: math-add-job
spec:
  template:
    spec:
      containers:
        - name: math-add
          image: ubuntu
          command: ["sleep", "5"]
      restartPolicy: Never

Question 51

How to create 3 of the exact same jobs with the same object?

Answer 51

Specify the “completions” attribute. Specify the parallelism attribute to have these jobs run at the same time.

Question 52

What is a cron job?

Answer 52

A reoccurring job on a schedule.

Question 53

What is the cronjob time format? (* for each time slot)

Answer 53

“minute(0-60)* hour(0-60)* day of the month(0-31)* month(1-12)* day of the week(0-6)*”

Question 54

What is the difference between persistent volume and persistent volume claims?

Answer 54

Persistent volume claim is essentially, “What do you want?” while persistent volume is essentially, “How do you want it implemented?”. For example PVC will NOT have any information regarding HOW the storage will be stored, it just goes through the list of requirements and tries to best match to the PV defined.

Question 55

What 3 things need to be defined in a persistent volume?

Answer 55

Access type, capacity, and location. Example file:

apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv-voll
spec:
  accessModes:
    - ReadWriteOnce
  capacity:
    storage: 1Gi
  hostPath: /* This can vary between AWS, Azure, etc, look it up for the appropriate settings */
    path: /tm

Question 56

How is storage referenced from Pod to PV? (High-level)

Answer 56

The pod has a volume ‘dns’ that directly references a PVC which references a Persistent Volume.

Question 57

In a pod/replicaset/deployment config file, how do you reference a PVC?

Answer 57

spec:
  volumes:
    - name: persistent-storage-name
      persistentVolumeClaim:
        claimName: {PVCName}

Question 58

What 2 things should you specify in a persistent volume claim configuration file?

Answer 58

Access type and storage requirements.

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: myclaim
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 500Mi

Question 59

NodePort IP Address Range

Answer 59

30000-32767

Question 60

What 4 things need to be specified in a service configuration object file?

Answer 60

Type (NodePort or ClusterIp), port, target port, and selector (for which object the service will communicate with)

apiVersion: v1
kind: Service
metadata:
  name: myapp-service
spec:
  type: NodePort | ClusterIP *default*
  ports:
    - port: 80
      targetPort: 80 /* optional, by default it's same as 'port' */
      nodePort: 30008 /* optional, by default it's randomly assigned */
    selector:
      app: myapp
      type: front-end

Question 61

Differentiate Port, Target Port, and Node Port

Answer 61

Port is the port of the Service, target port is the port of the object(s) the service is communicating with, and Node Port is the port exposed outside of the network

Question 62

True or False: When running Kubernetes on multiple nodes, when you create a service, this same service can automatically be applied to all the nodes.

Answer 62

True

Question 63

What are the major components of setting up ingress networking (High-Level)?

Answer 63

You need two items:

1. Ingress Controller (essentially a separate Pod/Deployment along with a Service that can be used to utilize routing and proxying. Based on nginx container for example);
2. Ingress rules(a separate Kubernetes resourse with kind: Ingress. Will only take effect if Ingress Controller is already deployed)

Question 64

What 3 critical things do ingress rule objects need using a configuration file?

Answer 64

Annotations, what will be re-routed (path, host), and where should it go (ie selectors)

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
  name: ingress-pay
  namespace: critical-space
spec:
  rules:
  - http:
      paths:
      - host: *
        path: /pay
        pathType: Prefix
        backend:
          service:
            name: pay-service
            port:
              number: 8282

Question 65

Imperative command to create a service

Answer 65

kubectl create service nodeport {serviceName} –tcp=80

kubectl create service clusterip my-svc –clusterip=”None”

Question 66

Imperative command to create a configmap

Answer 66

kubectl create configmap {name} –from-literal=key1=config1 –from-literal=key2=config2

Question 67

Imperative command to create a namespace

Answer 67

kubectl create namespace {name}

Question 68

Ingress vs Egress traffic

Answer 68

Ingress is incoming, Egress is outgoing traffic. This excludes responses (i.e. 200 response with content)

Question 69

What major thing is specified in a networking policy object?

Answer 69

What Egress/ingress rules need specification.

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: db-policy
spec:
  podSelector:
    matchLabels:
      role: db
  policyTypes:
  - Ingress
  - Egress
  ingress:
  - from:
    - podSelector:
      matchLabels:
        name: app
    ports:
    - protocol: TCP
      port: 3306
   egress:
   - to:
      - ipBlock:
          cidr: 192.168.5.10/32
     ports:
      -  protocol: TCP
         port: 80

Question 70

What is ingress traffic?

Answer 70

Traffic that originates outside the network that is heading inside the network.

Question 71

What is egress networking?

Answer 71

Traffic heading from inside the network to outside the network.