Technical - Kubernetes Flashcards
Control Plane Components
Worker Node Components
Kubelet
Service Mesh (w/examples)
CNI (w/examples)
Container Runtime (w/examples)
Headless Service
Service vs Ingress
How do cloud controller managers integrate with cloud providers
Deployment vs ReplicaSet vs StatefullSet
Horizontal Pod Autoscaler vs Horizontal Node Autoscaler
ConfigMap vs Secret (+ how to mount to pod)
How does a namespace provide isolation
How do pods / containers provide isolation
How is networking between pods enabled and restricted
Trace the network path from a cloud services network edge to a pod
Kube-scheduler (+taints, affinity, and tolerations)
Best practices for securing kubernetes clusters
Helm vs Kustomize
Liveness vs Readiness vs Startup Probes
How would you implement a rolling, blue green, and canary deployment in kubernetes
Static pods
Init containers
RBAC in Kubernetes
hostIPC vs hostNetwork vs hostPID vs priveledgedMode
How to use AppArmour to secure clusters
How to secure secrets in kubernetes?
- Sealed Secrets
- External Secret Manager (Vault, AWS Secrets Manager)
How to setup end to end encryption in EKS?
- Terminate traffic within cluster (nginx) with service mesh (istio) handling transparency mTLS
- Terminate traffic at service mesh (istio) ingress gateway
- Terminate traffic at ingress ALB and setup encryption between ALB and ingress gateway (istio)
How to manage DNS in EKS with Kubernetes native objects?
ExternalDNS
Istio Architecture
- Control Plane (istiod): service discovery, configuration, and cert management
- Data Plane (envoy): side car proxies that manages TLS termination, load balancing, health checks, etc.
AWS VPC CNI
Default EKS CNI which integrates EKS cluster into VPC. Limits available IP addresses due to ENI limits.
How to integrate IAM and EKS?
- AWS access entries/policies and k8s RBAC
- IAM Roles for Service Accounts (IRSA)
Node selectors vs node affinity
