CKA Reloading

Question 1

What are the components of a control plane?

Answer 1

MASTER:
ETCD (Key-Value store)
kube-scheduler (identify the right node to place the pod on), controllers (node-controller, replication-controller, controller-manager)
kube-apiserver (primary management component - orchestrates all operations within the cluster)

WORKER:
container run-time engine (e.g. docker, rkt, containerd)
kubelet (captain - runs on each node, listens for instructions from kube-apiserver, creates the pod on the node)
kubeproxy (communication between worker nodes are enabled by this service)

Question 2

How does kubernetes support other container run times e.g. rkt, containerd?

Answer 2

CRI (Container Runtime Interface) and should follow OCI standards (Open Container Initiative) - imagespec, runtimespec

dockershim (to still support docker) - REMOVED as containerd (deamon) supports CRI

Question 3

How is the information stored in a key-value store

Answer 3

In form of documents/pages. Each individual entry gets a document. Changes to one file does not affect the others. Dataformats: json or yaml

Question 4

What information is stored in etcd

Answer 4

Nodes
PODS
Configs
Secrets
Accounts
Roles
Bindings
Others

Question 5

How does kubeadm deploy a kubernetes cluster control plane components?

Answer 5

As pods in kube-system namespace. you can check using

kubectl get pods -n kube-system

Question 6

What happens when I type kubectl get nodes. Explain the workflow.

Answer 6

The kube-apiserver authenticates the request and validates it
The data is then retrieved from etcd cluster and responds back

Question 7

Explain the workflow for a pod creation

Answer 7

The kube-apiserver updates the information in etcd cluster
updates user that a pod is created
kube-scheduler continuously monitors the apiserver and realizes there is a pod with no node assigned
scheduler identifies the right node to put the pod on and communicates back to the kube-apiserver
kube-apiserver then updates the information in etcd cluster
apiserver then passes the information to kubelet in the appropriate worker node
kubelet then creates the pod and instructs the container-engine to deploy the application image
Once done, kubelet updates the status back to the apiserver which in turn updates the data back in etcd cluster

kube-apiserver is the only component that interacts directly with the etcd data store

1. Authenticate User
2. Validate Request
3. Retrieve data
4. Update ETCD
5. Scheduler
6. Kubelet

Question 8

What does kube-controller manager do?

Answer 8

Watch status e.g. every 5 secs for nodes
Remediate Situation

e.g. Node controller, replication controller (ensures desired no. of pods are present)

Question 9

Which folder has all the config files for control plane components deployed using kubeadm

Answer 9

cat /etc/kubernetes/manifests/kube-controller-manager.yaml

cat /etc/kubernetes/manifests/kube-scheduler.yaml

Question 10

What does kubelet do?

Answer 10

Registers the node with the kubernetes cluster
Create PODs
Requests container-engine to deploy the application in the POD
Monitor Mode & PODs and reports to kube-apiserver

KUBEADM does not deploy kubelet.. It should be manually installed

Question 11

When is a service created?

Answer 11

To expose an application to other PODs. The other PODs can access the application using the name of the service. The service also gets an IP.

Service does not join the POD network.

Enable loose coupling between microservices application

Question 12

What does kubeproxy do?

Answer 12

Runs on each node in the kubernetes cluster. It looks for new services and creates appropriate rules on each node to forward traffic to the POD using iptables rules

Single POD is always deployed on each node in the cluster (deployed as deamonset - e.g. logging)

Question 13

What is a POD?

Answer 13

A single instance of an application. Containers are encapsulated in PODs

Question 14

How to deploy a POD using kubectl?

Answer 14

kubectl run pod_name –image image_name

This command deploys a docker container by creating a POD

Question 15

How to see a list of pods available?

Answer 15

kubectl get pods

Question 16

How to create a POD using POD definition file?

Answer 16

apiVersion: v1
kind: Pod
metadata:
name: mypod
labels:
type: front_end
spec:
containers:
- name: mycontainer
image: nginx

kubectl create -f 1.yaml or kubectl apply -f 1.yaml

create and apply works the same way if you are creating a new object

Question 17

What is the apiVersion for POD, Service, ReplicaSet & Deployment?

Answer 17

POD: v1
Service: v1
ReplicaSet: apps/v1
Deployment: apps/v1

Question 18

How to see detailed information of the POD

Answer 18

kubectl describe pod pod_name

Question 19

How to create a replicaset using pod definition file

Answer 19

apiVersion: apps/v1
kind: ReplicaSet
metadata:
name: myreplicaset
labels:
type: front_end
spec:
replicas: 2
selector:
matchLabels:
type: front_end
template:
metadata:
labels:
type: front_end
spec:
containers:
- name: mycontainer
image: nginx

Question 20

What is the purpose of selector in replicaset?

Answer 20

It helps identify what pods fall under it. Replicaset can also manage pods that are not created as part of replicaset creation.

selector:
matchLabels:
type: front_end

Question 21

How to scale a replicaset?

Answer 21

Option 1: Update the definition file and then run k replace -f replicaset-definition.yaml

Option 2: k scale –replicas=6 -f replicaset-definition.yaml (DOES NOT CHANGE THE FILE)

OR

k scale –replicas=6 replicaset replicaset_name

Question 22

If you have an object and want to extract the pod definition file of that object how to do that?

Answer 22

e.g. k get replicaset replica_set_name -o yaml > definition_file.yaml

If the object does not pre-exist
kubectl create replicaset <replicaset-name> --image=<image-name> --dry-run=client -o yaml > replicaset-definition.yaml</image-name></replicaset-name>

Question 23

What is the purpose of deployments?

Answer 23

For managing updates to the infrastructure e..g rollingupdates, or rollback

Question 24

How to create a deployment?

Answer 24

apiVersion: apps/v1
kind: Deployment
metadata:
name: mydeployment
labels:
type: front_end
spec:
replicas: 2
selector:
matchLabels:
type: front_end
template:
metadata:
labels:
type: front_end
spec:
containers:
- name: mycontainer
image: nginx

Question 25

Types of deployment strategies

Answer 25

RollingUpdate (default) Recreate

Question 26

How to see the status of rollout for a deployment?

Answer 26

k rollout status deployment/deployment_name

Question 27

How to see the revisions of rollout for a deployment?

Answer 27

k rollout history deployment/deployment_name

Question 28

How to apply any definition file changes?

Answer 28

k apply -f deployment-definition.yaml If you are changing image then you can do it by using set image command k set image deployment/deployment_name container_name=image_name (FILE NOT CHANGED)

Question 29

How to undo a rollout?

Answer 29

k rollout undo deployment/deployment_name

Question 30

How to record the cause of change in a deployment

Answer 30

k create -f deployment_file.yaml --record

Question 31

What does k edit command do

Answer 31

It will open the definition file and you can make edits to it. Once changes are done, the updates will take place

Question 32

What are the types of services

Answer 32

NodePort (external access) - maps a port on the node to a port on the pod ClusterIP (within the cluster) LoadBalancer

Question 33

What are the different ports in nodePort

Answer 33

TargetPort (pod) Port (service) - mandatory nodePort (node's port) - 30000 - 32767

Question 34

How to create a service?

Answer 34

apiVersion: v1 kind: Service metadata: name: myservice labels: type: front_end spec: ports: - port: 80 targetPort: 80 nodePort: 30008 selector: type: front_end (selects all pods that match this label as endpoints to forward the traffic) type: NodePort

Question 35

What are the 3 namespaces created by default in kubernetes

Answer 35

Default kube-system kube-public

Question 36

How to reach a POD in a different namespace? e.g. database pod

Answer 36

mysql.connect("db-service.dev.svc.cluster.local") When a service is created, a DNS entry is added automatically in this format.

Question 37

How to view pods in different namespace?

Answer 37

k get pods --namespace=namespace_name

Question 38

How to view pods in all namespaces?

Answer 38

k get pods --all-namespaces -o wide

Question 39

How to create a namespace?

Answer 39

k create namespace dev

Question 40

How to switch the context i.e. namespace permanently to something else instead of default?

Answer 40

k config set-context $(k config current-context) --namespace=dev

Question 41

How to limit resources in a namespace?

Answer 41

ResourceQuota apiVersion: v1 kind: ResourceQuota metadata: name: resource_quota namespace: dev spec: hard: pods: "10" requests.cpu: "4" requests.memory: 5Gi limits.cpu: "5" limits.memory: 10Gi

Question 42

In declarative vs imperative approach which command is run?

Answer 42

k apply -f nginx.yaml - Declarative k edit deployment nginx - Imperative

Question 43

what are the imperative command to create pod, create deployment, expose the deployment on a port?

Answer 43

To create objects: k run nginx --image=nginx k create deployment nginx --image=nginx kubectl expose deployment --port= --target-port= --name= --type= kubectl expose deployment my-app --port=80 --target-port=8080 --name=my-app-service --type=ClusterIP To edit properties of the object: k edit deployment nginx is the quickest way

Question 44

How to create a deployment and output that to a yaml file

Answer 44

kubectl create deployment nginx --image=nginx --dry-run=client -o yaml > nginx-deployment.yaml

Question 45

How to Create a Service named nginx of type NodePort to expose pod nginx's port 80 on port 30080 on the nodes:

Answer 45

k expose pod nginx --type=NodePort --port=80 --name=nginx-service --dry-run=client -o yaml > file.yaml Limitation: cannot give nodeport here.. you have to generate the file and enter the nodeport separately. Advantage: Uses pod labels as selectors

Question 46

How to create pod with multiple labels imperatively

Answer 46

kubectl run my-pod --image=nginx --labels="env=production,app=web,version=v1"

Question 47

How to Create a new pod called custom-nginx using the nginx image and run it on container port 8080.

Answer 47

kubectl run custom-nginx --image=nginx --port=8080 -- This is the port the application inside the container will be listening to. If you want to expose the pod - kubectl expose pod custom-nginx --port=8080 --target-port=8080 --name=custom-nginx-service

Question 48

How to schedule a pod to a specific node?

Answer 48

use the nodeName attribute in the spec section. nodeName: node01

Question 49

How to select pods with a specific label?

Answer 49

kubectl get pods --selector app=App1 e.g. k get pod --selector env=prod,bu=finance,tier=frontend

Question 50

Why are annotations used?

Answer 50

For informatory purpose. Added in metadata section. name: labels: annotations: buildversion: 1.34

Question 51

On which objects are taints set and tolerations set

Answer 51

Taints - Nodes Tolerations - Pods If Node #1 has taint Blue and Node #2 & 3 dont have any taints A B C D - toleration blue D can be allowed on Node #1. But does not stop from D being placed on #2,3,4

Question 52

How to taint a node?

Answer 52

k taint nodes node_name key=value:taint-effect If the tolerations are not set on the pods: - NoSchedule (new pods will not be scheduled - PreferNoSchedule (will try not to schedule) - NoExecute (new pods will not be scheduled and existing ones will be evicted) e.g. k taint nodes node01 app=blue:NoSchedule

Question 53

How to add tolerations to a pod

Answer 53

Added in pod definition file under spec section tolerations: - key: "app" operator: "Equal" value: "blue" effect: "NoSchedule" Remember: All should be in ""

Question 54

How to check the taint associated to a node?

Answer 54

k describe node kubemaster | grep Taint

Question 55

How to label nodes?

Answer 55

k label nodes node_name label_key=label_value nodeSelector: size: Large Will not work for complex operations - place pod on large or medium nodes

Question 56

How to use nodeAffinity

Answer 56

apiVersion: v1 kind: Pod metadata: name: mypod labels: type: front_end spec: containers: - name: mycontainer image: nginx affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: size operator: In values: - Large There are In, NotIn, Exists operations as well

Question 57

What are the properties of nodeAffinity?

Answer 57

requiredDuringSchedulingIgnoredDuringExecution preferredDuringSchedulingIgnoredDuringExecution requiredDuringSchedulingRequiredDuringExecution

Question 58

How to set resource requests & limits to a POD?

Answer 58

apiVersion: v1 kind: Pod metadata: name: mypod labels: type: front_end spec: containers: - name: mycontainer image: nginx resources: requests: memory: "64Mi" cpu: "250m" limits: memory: "128Mi" cpu: "500m"

Question 59

What is a LimitRange?

Answer 59

To set defaults apiVersion: v1 kind: LimitRange metadata: name: cpu-resource-constraint spec: limits: - default: cpu: 500m defaultRequest: cpu: 500m max: range cpu: "1" min: cpu: 100m type: Container Memory: apiVersion: v1 kind: LimitRange metadata: name: mem-limit-range spec: limits: - default: memory: 512Mi defaultRequest: memory: 256Mi type: Container

Question 60

What all actions can you perform using the command k edit pod pod_name

Answer 60

Only these can be changed: spec.containers[*].image spec.initContainers[*].image spec.activeDeadlineSeconds spec.tolerations

Question 61

What is Deamon Set and its use cases?

Answer 61

Ensures one copy of the POD runs in every node. Use cases? - Monitoring Agent - Log Collector - e.g. Kube-Proxy Deamon set creation is same as replicaset except the apiVersion is apps/v1 and kind: DeamonSet Example: apiVersion: apps/v1 kind: DaemonSet metadata: name: elasticsearch namespace: kube-system labels: k8s-app: fluentd-logging spec: selector: matchLabels: name: elasticsearch template: metadata: labels: name: elasticsearch spec: containers: - name: elasticsearch image: registry.k8s.io/fluentd-elasticsearch:1.20

Question 62

Can kubelet function without master node?

Answer 62

Yes, the pod manifest files can be placed in Option 1: kubelet.service file - configure pod-manifest-path /etc/kubernetes/manifests Option 2: kubelet.service file - config=kubeconfig.yaml within kubeconfig.yaml - define staticPodPath: /etc/kubernetes/manifests These pods are called static pods Note: only pods can be created this way! Use case for static pods: - To deploy control plane components itself (kubeadm does it this way)

Question 63

Can we have multiple schedulers?

Answer 63

Yes e..g default-scheduler, my-scheduler-1, my-scheduler-2 https://kubernetes.io/docs/tasks/extend-kubernetes/configure-multiple-schedulers/ In pod definition file schedulerName: my-scheduler-1 k get events -o wide to view which scheduler picked the pod

Question 64

How does POD's scheduling happen?

Answer 64

1. Scheduling Queue (Priority) 2. Filtering (Nodes that cannot run the pod are filtered out) 3. Scoring (Nodes are scored by calculating the free space left after) 4. Binding (Pods are bind to the node finally)

Question 65

What are scheduler profiles?

Answer 65

Multiple schedulers can be added in the profiles section

Question 66

What are some of the monitoring solutions for kubernetes?

Answer 66

Opensource (few examples): - Prometheus - Elastic Stack - DataDog - Dynatrace

Question 67

What receives the metrics from nodes & pods?

Answer 67

Metrics Server (one per cluster) - In Memory (NO HISTORY). Need to rely on open source tools cAdvisor in kubelet sends the metrics to metrics server kubectl top node (CPU & memory details) kubectl top pod

Question 68

How to view kubernetes logs?

Answer 68

kubectl logs -f event-simulator-pod event-simulator kubectl logs -f pod_name container_name

Question 69

How to specify commands in a docker build file?

Answer 69

CMD sleep 5 CMD ["sleep", "5"] Dynamically change the parameter of the seconds ENTRYPOINT ["sleep"] Now you can give docker run ubuntu-sleeper 10 You can give default value: ENTRYPOINT["sleep'] CMD ["5"] If you want to change the command during execution docker run --entrypoint sleep2.0 ubuntu-sleeper

Question 70

How to pass commands and arguments to pod definition file?

Answer 70

apiVersion: v1 kind: Pod metadata: name: mypod labels: type: front_end spec: containers: - name: mycontainer image: nginx command: ["sleep"] args: ["10000"] docker file already has: FROM Ubuntu ENTRYPOINT ["sleep"] CMD ["5"] command corresponds to entrypoint in the dockerfile (command overrides) args corresponds to CMD in the dockerfile (args overrides) k run webapp-green --image=kodekloud/webapp-color -- command -- python app2.py --color green IMPORTANT: If you set both command and args in Kubernetes, it directly controls the command and arguments your container will run. If you only set command, Kubernetes will use the Dockerfile’s CMD. If you only set args, Kubernetes will use the Dockerfile’s ENTRYPOINT.

Question 71

How to create environment variables in pods for a specific container

Answer 71

env: - name: APP_COLOR value: pink You can also set environment variables using configmaps and secrets env: - name: APP_COLOR valueFrom: configMapKeyRef: env: - name: APP_COLOR valueFrom: secretKeyRef:

Question 72

How to use configmap within the pod

Answer 72

apiVersion: v1 kind: Pod metadata: name: dapi-test-pod spec: containers: - name: test-container image: registry.k8s.io/busybox command: [ "/bin/sh", "-c", "env" ] envFrom: - configMapRef: name: special-config restartPolicy: Never

Question 73

How to create configmap imperatively

Answer 73

kubectl create configmap config_map_name \ --from-literal=APP_COLOR=blue \ --from-literal=APP_MOD=prod less complex option: kubectl create configmap config_map_name \ --from-file=./username.txt \ --from-file=./password.txt Components of ./username.txt .: This represents the current directory. /: This is the separator between the current directory and the file name. username.txt: This is the name of the file you're referencing.

Question 74

How to create configmap declaratively

Answer 74

apiVersion: v1 kind: ConfigMap metadata: name: game-demo data: # property-like keys; each key maps to a simple value player_initial_lives: "3" ui_properties_file_name: "user-interface.properties" # file-like keys game.properties: | enemy.types=aliens,monsters player.maximum-lives=5 user-interface.properties: | color.good=purple color.bad=yellow allow.textmode=true

Question 75

How to view config maps

Answer 75

k get configmaps k describe configmaps

Question 76

How to create secret & inject to pod

Answer 76

kubectl create secret generic db-user-pass \ --from-literal=username=admin \ --from-literal=password='S!B\*d$zDsb='

Question 77

What is drain and cordon

Answer 77

k drain node1 kubectl cordon node1 kubectl uncordon node1 drain - move the pods to an existing node cordon - just makes the node unschedulable

Question 78

Explain how versioning happens in kubernetes

Answer 78

v1.11.3 1 - major 11 - minor (features/functionalities) 3 - patch (bug fixes)

Question 79

How to know the version of kubernetes cluster components?

Answer 79

kubeadm upgrade plan