What is Kubernetes?

Question 1

What is Kubernetes?

Answer 1

1. It’s a container orchestration tool. But it’s much more than that.
2. You can run it on your own cloud, on your system or a public cloud
3. Zero downtime updates
4. self healing of clusters
5. you can migrate it from one cloud provider to another provider.
6. K8 can replicate services, scale them and put them on dedicated servers
7. You can use volumes - external storage
8. Load balancing for requests
9. Access logs
10. Secret information like password using secrets
11. There’s service discovery

Question 2

Why is K8 called OS of the cloud?

Answer 2

Coz you just run your application for Kubernetes but don’t care where it’s running. Idc if it’s running on Aws, Gcp or civo

Question 3

The two ways to use kubectl

Answer 3

Declarative way and imperative way.

Declarative: we create yaml manifest files. You write code in the yaml files. You give this file to the control plane via kubectl. This is the recommended way

Imperative: write commands in terminal for every change. Very tedious process and can get lost in those commands

Question 4

Is K8 a cluster or orchestrator?

Answer 4

Both. Cluster is Control plane + worker nodes. Orchestrator means managing all the micro services.

Where are the micro services/ apps running? - On the worker nodes.
Node means server

Question 5

What is a pod?

Answer 5

Pod is the smallest scheduling unit in Kubernetes. Pod is the definition of how to run a container. Inside the pod, you run the containers.

You cannot schedule a container without scheduling a pod, coz pod is the smallest scheduling unit.
You can schedule pods inside a deployment. This will scale your pods, update your pods and all these other things.

Best practice- 1 type of service -1 pod

If someone goes to the pod.yaml file, he can understand everything about the container.

Question 6

How to run application in k8’s?

Answer 6

1. Create micro service
2. Put every micro service in its own container.
3. Put every container in its own pod.
4. Deploy these pods to controllers (such as deployments)

Question 7

What is controller?

Answer 7

Controllers watch the state of your kubernetes cluster.

Each controller tries to make the cluster state closer to the desired state.

What are two types of controllers? A Deployment controller and Job controller. These are built in controllers in kubernetes

I’m telling k8- hey I want you to run 5 pods. You give this information to whom? A controller

Question 8

What is desired state?

Answer 8

It’s the configuration that a user wants their system to achieve. This is achieved through the use of API, where the state of objects such as ReplicatSet, Deployment, etc., is described. Kubernetes, through its controller managers, ensures that the actual state of the system matches the desired state

Question 9

What is Control plane?

Answer 9

A collection of various components that help us in managing the overall health of the cluster.
You want to create new pod, scale pods, destroy something, expose something.

Question 10

Architecture of Control plane

Answer 10

API server - All communication happens via this. Kubectl talks to this. It basically exposes a restful api. (Https://443)

Etcd - database. It stores information about the cluster. If the API wants any info about the server, it communicates to etcd.

Controller manager - Manages the controllers. Has 4 functions - manages Desired state, manages Current state, Differences, Make changes to server if someone is requesting changes

Scheduler - Responsible for scheduling the objects. Scheduler is the one who’s going to schedule it on worker nodes

Question 11

Architecture of Worker Node

Answer 11

Kube-Proxy- Responsible for networking. If your worker node or your cluster wants to communicate with outside network, kubeproxy will help with that. It makes sure that every worker node gets its own unique IP address. So every node has its own IP address

Kubelet- It’s on every worker node. Whenever a new worker node is created and attached to the control plane, a kubelet is attached to it. It listens to the API server from the control plane and allocate those on the worker node

Container runtime- A container runtime, also known as container engine, is a software component that can run containers on a host OS.
K8 used container d. Pulling the image, pushing the image, creating a container, stopping a container, destroying a container.
In K8, there was support for docker, but coz of CRI, (and docker doesn’t support CRI) it’s replaced with container-d.

Question 12

Does K8 have self healing of clusters?

Answer 12

Kubernetes heals itself when there is a discrepancy and ensures the cluster always matches the desired state.

if a pod goes down, a new one will be deployed to match the desired state.

Kubernetes implements self-healing at the Application Layer. This means that if your app is well containerized and a pod where containers are placed crashes, Kubernetes will work to reschedule it as soon as possible.
Containers are made available for clients only if they are ready to serve.

Question 13

What is service discovery?

Answer 13

Mechanism that allows services to discover each other dynamically without the need for hard-coding IP addresses or endpoints.
In Kubernetes, a Service is an object that exposes a network application running as one or more Pods, and it provides a consistent way to access the set of Pods.

Kubernetes provides service discovery through its endpoints API, which allows client applications to discover the IP addresses and ports of pods in an application. The service discovery mechanism in Kubernetes is essential for enabling communication between microservices without manual configuration, thus supporting the dynamic nature of cloud-native applications

This is particularly useful in a dynamic environment where the IP addresses and ports of Pods are continually changing.

Benefits:
1. Dynamic communication
2. Abstraction and Load Balancing
3. Simplified configuration
4. Support for micro service architecture.

Question 14

Monokle

Answer 14

OSS to write Yaml Manifest files. Sometimes these files can get very complex. It makes your life extremely easy when using Kubernetes

Question 15

How does communication inside cluster happen b/w two nodes?

Answer 15

K8 has its own internal DNS. It has IP addresses for every pod, so they can communicate with each other.

Question 16

What is minikube?

Answer 16

Minikube is used for creating a local cluster to interact with kubectl.
great for testing purposes.
It creates a one node cluster by default.
It will act as both (control plane and worker node.)

Question 17

What is kubeconfig?

Answer 17

It’s a file that has some secret information regarding your cluster.

If someone give you the kubeconfig file of their Kubernetes cluster, you will be able to access their Kubernetes cluster

Question 18

What is datree?

Answer 18

Datree is a CLI solution to combat misconfigurations in K8. Sometimes when you’re creating k8 manifest files, you may violate some rules and policies. In order to avoid this issue, we use dateee.

Datree secures your K8 by blocking the deployment of misconfigured resources.

Question 19

CI/CD

Answer 19

Continuous Integration and Continuous Delivery.

It’s a modern s/w development practice in which incremental code changes are made frequently and reliably.

Question 20

Helm

Answer 20

A package manager for Kubernetes.
It’s a tool that automates the creation, packaging, configuration and deployment of Kubernetes applications by combining your config files into a single reusable package.

Question 21

Kubeadm

Answer 21

Used to setup multi-node Kubernetes cluster. You can have multiple VM’s on your machine and configure k8 master and its node components

Question 22

How to configure multi node cluster with Kubeadmin & Containerd

Answer 22

Repeat this process for Control plane and each worker node separately.
1. SSH into the control plane/node using ssh root@ipaddress
2. Install packages
3. Then we setup system configuration
4. Initialize cluster

Question 23

How do I know if K8 is installed in my system?

Answer 23

From kubectl get nodes.

“Install Kubernetes” means installing the kubectl CLI.
Then connecting to your Kubernetes cluster. It can be minikube cluster in local or any cloud provider.
Final step - verify using ‘kubectl get nodes’

Question 24

OpenShift

Answer 24

An

Question 25

Types of probes?

Answer 25

3 types. Liveness, readiness, startup probe in that order

Question 26

Namespaces

Answer 26

They are for isolation, to separate the different objects in Kubernetes.

Question 27

One pod cannot consume more than 100 millicore. So How can you put a hard limit?

Answer 27

ResourceQuotas and limit range

Question 28

Admission controller is for?

Answer 28

For admission, like Creating a pod

Question 29

Why Kubernetes? What problem does Kubernetes solve?

Answer 29

Problem 1: Single host nature of docker container. Because it’s only one single host, the containers that are there impact each other. You only have one host. On top of it you’ve installed Docker. You’ve created 100 containers. One container is dying because of other container.

Problem 2: containers don’t have Autohealing. A devops engineer in an organization deals with 10000’s of containers. So he can’t do docker ps and monitor which commands are in running state. So there has to be a mechanism like autohealing.

Problem 3: Autoscaling.

Problem 4: Docker doesn’t provide any enterprise level support, like load balancer, firewall, api gateways, healing, scaling, whitelisting, blacklisting someone who tries to do DOS attack.
Docker is never used in production as it does not have enterprise level support.

How does Kubernetes solve these problems?
Single host solution - By default, k8s is a cluster. Cluster means group of nodes. K8s is installed in a master worker node architecture. Since k8s has multi node architecture, if container 99 is being affected by container 1, k8s puts that container 99 in a different node, so that container 99 is not affected, because of which we have a cluster like architecture.

Solves Autoscaling - K8s has something called replica sets. Just like you can consider version 1 and v2. K8s is dependent on yaml files. Everything in K8s is all about yaml files. So in replicaSet.yaml file or deployment.yaml file, you can say, increase my replicas from 1 to 10, coz my traffic is increasing. This is the manual way. K8s also supports HPA - Horizontal Pods Autoscaler, using which you can directly say - If one of my containers reaches 80%threshold, just spin up one more container. So in such cases, it will help spinning new containers if the load keeps increasing.

Solves auto healing - Whenever there’s a container going down, even before it goes down, k8s will start a new container. Whenever k8s api server receives a signal that a container is going down, immediately it will soon up a new container.

K8s offers enterprise level support that is lacking in docker like load balancing, advanced networking, security.

Kubernetes by itself does not provide a lot of capabilities. But Kubernetes has concepts like custom resources, custom resource definitions using which you can extend k8s to any level. For eg, by default k8s does not support advanced load balancing capabilities. By default K8s has services and kubeproxy which will give you some basic load balancing like round robin. This is one of the major problems. And how did K8s solve this problem? K8s introduced custom resources and custom resource definitions and they told applications like fi, nginx that - ok you create a K8s controller using which people can use your load balancer even in K8s. And this concept is called Ingress Controllers. So k8s is advancing everyday.

Question 30

Lifecycle of Kubernetes

Answer 30

Installation, Updation, modification, deletion of clusters. This is called lifecycle of Kubernetes, which is managed by kops. Kops is the most widely used tool for installing k8s. So you can say that you’re using kops to manage Kubernetes on your systems.

Other k8s distributions like Openshift, Rancher, Tanzu have their own set of installations.
Let’s say you want to project yourself as an engineer who works on openshift. You can use Ansible playbooks to install openshift platform. But we need to have Redhat subscription. You cannot use centos machines and use openshift directly on top of it. You have to create Redhat VM’s on top of Amazon Linux. On top of that, you can download the Ansible playbooks that are present in the openshift documentation.

Question 31

What is kubeshark?

Answer 31

Realtime API traffic analyzer for Kubernetes. Tool to view how traffic is flowing within the Kubernetes. Like how one component is talking to the other component. How services are able to do load balancing, how services discover the pods.

Question 32

What is ingress and why is it used/ what problem does it solve?

Answer 32

Ingress is a load balancer. It solves two problems.
1. Enterprise and TLS (i.e secure) Load Balancing.
Kubernetes provides a simple round robin load balancer. It does not have enterprise level features like:
Ratio based load balancing.
Sticky sessions
Path based LB
Domain or host based LB
Whitelisting, Blacklisting
Web Application Firewall (WAF)
Add more security using TLS

2. Other problem is - you can expose your application to the external world by creating your service using LoadBalancer mode. A company like Amazon might have 1000’s of services. For each of the svc when you create the service as type load balancer mode, the cloud provider was charging them for each and every IP address(coz these are static public ip addresses). So if there are thousands of services, you will be charged for thousands of load balancers static IP addresses. So the cloud costs were very heavy.

To solve these problems, Kubernetes implemented something called ingress. It allows the Kubernetes user to create a resource called ingress resource. Now all the load balancers like nginx, F5, HA proxy created something called as Ingress controller.
Let’s say you need Path based routing for your application, you created an ingress resource on your Kubernetes cluster. You create a yaml file and inside the file, say that you need path based routing. But who will implement this? If we want to use nginx load balancer, nginx will create a nginx ingress controller, and as a Kubernetes user, on this Kubernetes cluster, you will deploy the ingress controller using helm charts or yaml manifests. And once you deploy, the devops engineers will create the Ingress yaml resource for their k8s services. So this ingress controller will watch for the ingress resource and it will provide you the path based routing.

So what is ingress controller at the end of the day? It’s just a load balancer.
Sometimes it can be a load balancer + API gateway.
So if we want to use nginx, we will go to nginx github page and we will deploy the nginx ingress controller onto the Kubernetes cluster. After that you will create Ingress resource depending upon the capabilities that you need. If you need Path based routing, you will create one type of ingress. If you need TLS based ingress, you will create one type of ingress. If you need host based, you will create one type of ingress. This is a one time activity. This one time activity for devops engineers is to decide which ingress controller they want to use. Once they decide which load balancer to deploy, whether it’s 1, 2 or 100 services, they will only write the ingress resource. The ingress does not have to be one-to-one mapping. You can create one ingress and you can handle 100’s of services as well, using Paths. You can say - If Path is A, go to service 1, if Path is B, go to service 2.

Question 33

How will you debug an issue in Kubernetes?

Answer 33

Use the
kubectl describe pod podName
Kubectl logs podName

Question 34

What is K8s RBAC and why is it important?

Answer 34

Role Based Access Control. The two responsibilities of RBAC is user access management and managing the access of services that are running on the cluster.

RBAC is simple but complicated.
RBAC is simple to understand, but if it’s not implemented correctly, it becomes very complicated to debug the issue, coz RBAC is related to security, so it is very important.

It can be broadly divided into Users and Service Accounts (applications that you’re running in k8s).
1.Depending upon the role, you would define access.
2. You created a pod. What access does this pod need to have on the Kubernetes cluster. Should this pod have access to config maps? Should this pod have access to secrets?

Question 35

Kubectl commands

Answer 35

create a deployment directly without any yaml file - kubectl create deployment nginx - -image=nginx

Question 36

What is kOps?

Answer 36

kOps is a tool designed for creating, upgrading and managing Kubernetes clusters.
kOps supports AWS, GCP, Openstack, DigitalOcean and Azure(in alpha)

Question 37

eBPF

Answer 37

eBPF - Extended Berkeley Packet Filter is a powerful Linux kernel technology that allows developers to run custom programs within the kernel space without modifying the kernel source code or loading kernel modules.

Use cases - Networking, Security, Observability

TLDR - eBPF significantly enhances kernel level observability by allowing detailed monitoring of low level system activities. It enables real time data collection and analysis with minimal performance overhead. This granular visibility is crucial for modern application delivery especially in cloud native environments.

Question 38

Open source tools for k8s

Answer 38

Trivy - security
Kube-bench - for benchmarking
Kustomize - for customization
K9s - dashboard
Falco, OPA - Security
Tetragon - eBPA based security tool
Envoy, Istio - service mesh
Flux - Gitops tool
Flagger - Feature rollout
Rook - Storage
Terrascan - Terraform module scan
Open cost - cost optimization
Keda- Resource Management
Kyverno- Same like OPA but little diff.
Cert-Manager - Certification
Jaeger, Prometheus - Monitoring

Question 39

What is gRPC and what are the advantages of using it?

Answer 39

gRPC is a high-performance, open-source remote procedure call (RPC) framework developed by Google.