Container Orchestration

Question 1

What is the ‘lift and shift’ approach in cloud migration?

Answer 1

Moving unchanged infrastructure and software from on-premise to the cloud.

Question 2

Why is the lift and shift approach used?

Answer 2

To reduce Total Cost of Ownership (TCO).

Question 3

What is a major drawback of the lift and shift approach?

Answer 3

It carries forward flaws to cloud hosting.

Question 4

When is the lift and shift approach suitable?

Answer 4

For mission-critical systems with predictable usage patterns.

Internal utilities that won’t require autoscaling.

In emergency situations like data center lease termination.

Question 5

What are cloud-native applications?

Answer 5

Applications redesigned to leverage cloud-specific features.

Question 6

What are examples of cloud-native features?

Answer 6

Elastic computing, CaaS, autoscaling, high availability.

Question 7

What benefits do cloud-native applications provide?

Answer 7

Operational flexibility, resource abstraction, automated replication, and self-healing.

Question 8

What enables automatic application management in the cloud?

Answer 8

Container technology.

Question 9

What is the function of container orchestration?

Answer 9

Connects, replicates, and scales containerized workloads using declarative APIs.

Question 10

How do containers differ from virtual machines in terms of resource requirements?

Answer 10

Containers are lighter on resource requirements.

Question 11

How fast do containers start compared to VMs?

Answer 11

Containers start in milliseconds; VMs in minutes.

Question 12

What is a benefit of container images compared to VM images?

Answer 12

Easier to make, reuse, and update.

Question 13

How do containers and VMs differ in terms of OS?

Answer 13

VMs run their own OS; containers share the host OS kernel.

Question 14

What type of virtualization do containers use?

Answer 14

OS-level virtualization.

Question 15

What isolation level do containers provide?

Answer 15

Process-level isolation.

Question 16

What is a Docker bridge network?

Answer 16

A software bridge allowing communication between containers on the same network, isolated from others.

Question 17

What extra feature does a user-defined Docker bridge network provide?

Answer 17

Automatic service discovery via container name resolution.

Question 18

What underpins most container technology today?

Answer 18

Linux namespaces and cgroups.

Question 19

What do namespaces provide in containers?

Answer 19

Isolated workspace per container.

Question 20

What do cgroups do?

Answer 20

Limit resources (CPU, memory, disk) for containers.

Question 21

What are the types of Windows container isolation?

Answer 21

WSL2 containers, process isolation, Hyper-V isolation.

Question 22

What does treating a container like a VM cause?

Answer 22

Problems with lifecycle control, scaling, and logs.

Question 23

What does container lifecycle management now represent?

Answer 23

Application lifecycle management.

Question 24

What orchestration challenges arise with containers?

Answer 24

Networking, service discovery, persistent storage, failover, scheduling, autoscaling, external exposure.

Question 25

What is Kubernetes?

Answer 25

A container and cluster management platform providing solutions to all orchestration challenges.

Question 26

What is the Kubernetes Control Plane?

Answer 26

Centralized cluster manager accessible via API, includes kube-apiserver, kube-scheduler, controller-manager.

Question 27

What is etcd in Kubernetes?

Answer 27

A highly available key-value store for desired cluster state.

Question 28

What is the role of kube-scheduler?

Answer 28

Schedules workloads onto nodes based on available resources.

Question 29

What does kubelet do?

Answer 29

Manages container runtime and persistent volumes on each node.

Question 30

What is the Container Runtime Interface (CRI)?

Answer 30

The interface through which Kubernetes interacts with container runtimes.

Question 31

How does Kubernetes handle persistent storage?

Answer 31

Through Persistent Volumes (PVs) and Persistent Volume Claims (PVCs).

Question 32

What probes manage failover and recovery?

Answer 32

Liveness and readiness probes.

Question 33

What handles Kubernetes networking between pods?

Answer 33

Network plugins implementing the Container Network Interface (CNI).

Question 34

What does kube-proxy do?

Answer 34

Sets up forwarding rules (iptables/IPVS) for service discovery.

Question 35

What component provides DNS in Kubernetes?

Answer 35

An add-on DNS service deployed in the data plane.

Question 36

How does Kubernetes expose services externally?

Answer 36

Via NodePort, LoadBalancer, or Ingress.

Question 37

What is a Kubernetes Pod?

Answer 37

A group of tightly coupled containers, smallest unit of replication.

Question 38

How do containers within the same pod communicate?

Answer 38

Through localhost, sharing the same network namespace.

Question 39

How do pods communicate across nodes?

Answer 39

Using Pod IPs and a software network bridge.

Question 40

What is the issue with Pod IPs?

Answer 40

They are dynamic, complicating stable networking.

Question 41

What does a ClusterIP service do?

Answer 41

Assigns a stable virtual IP to a backend set of pods.

Question 42

How does kube-proxy load balance?

Answer 42

Round robin or random fashion to backend pod IPs.

Question 43

What is a NodePort service?

Answer 43

Exposes a service on a static port on each node’s IP.

Question 44

What does a LoadBalancer service do?

Answer 44

Provisions an external load balancer for cluster services.

Question 45

What is Ingress in Kubernetes?

Answer 45

What is a Kubernetes Deployment?

Question 46

What is a Kubernetes Deployment?

Answer 46

A wrapper around a ReplicaSet, handles pod replication and revisions.

Question 47

How does Kubernetes enhance Secret security?

Answer 47

Restricts access to only necessary pods and nodes.

Question 47

What is a Secret in Kubernetes?

Answer 47

A base64-encoded, access-controlled config alternative to ConfigMaps.

Question 47

What is a ConfigMap?

Answer 47

Decouples config data from applications.

Question 48

What is a StatefulSet?

Answer 48

Manages stateful applications, providing unique persistent identities.

Question 49

What service is used with StatefulSets?

Answer 49

Headless Services (no cluster IP, only DNS entries).

Question 50

What is a PersistentVolume?

Answer 50

A provisioned storage resource, separate from containers.

Question 51

What is a PersistentVolumeClaim?

Answer 51

A pod’s request for a PersistentVolume.

Question 52

How are volumes mounted in containers?

Answer 52

Through VolumeMounts, into the container’s filesystem.

Question 53

What are ephemeral volumes?

Answer 53

Temporary storage that disappears with the pod/container.

Question 53

What is the role of an API Gateway?

Answer 53

Controls access to API endpoints at the cluster’s edge.

Question 54

What functions do reverse proxy servers serve in Kubernetes?

Answer 54

HTTP request handling, rate limiting, traffic encryption, and filtering.

Question 54

What is KrakenD?

Answer 54

A community edge security tool offering declarative reverse proxy config.

Question 54

What are commercial alternatives to KrakenD?

Answer 54

Kong, NGINX Plus.

Question 55

Why is edge security important?

Answer 55

Centralizes security, relieving developers of security logic.

Question 56

What is autoscaling in Kubernetes?

Answer 56

Dynamically adjusting the number of pod replicas based on usage metrics.

Question 56

What is the goal of declarative configuration in cloud-native environments?

Answer 56

To describe the desired state, enabling automated convergence to that state.

Question 56

Why is treating containers like VMs discouraged?

Answer 56

Leads to inefficient lifecycle management and scaling limitations.

Question 56

What does the gateway-api do?

Answer 56

Manages routing and access control for external traffic into the Kubernetes cluster.

Question 57

What is the purpose of the cloud controller manager?

Answer 57

Integrates Kubernetes with the underlying cloud provider for services like load balancing.

Question 58

What is a StorageClass in Kubernetes?

Answer 58

Defines how dynamic storage should be provisioned by the cloud/storage provider.

Question 58

What is the smallest schedulable unit in Kubernetes?

Answer 58

A Pod.

Question 58

How are pods grouped for load balancing in Kubernetes?

Answer 58

By Services.

Question 58

What is etcd's fault-tolerance model?

Answer 58

Leader-follower protocol for crash fault tolerance.

Question 58

What is a volumeClaimTemplate?

Answer 58

Used in StatefulSets to dynamically provision storage per pod.

Question 58

What are endpoint slices?

Answer 58

Kubernetes' mechanism to scale service endpoints efficiently.

Question 59

What differentiates Headless Services from ClusterIP services?

Answer 59

Headless Services do not have a virtual IP, enabling direct Pod DNS entries.

Question 59

What ensures the desired state is maintained in Kubernetes?

Answer 59

Controllers continuously reconcile actual state to match desired state.

Question 59

Why do StatefulSets retain storage after deletion?

Answer 59

To preserve state and allow for data recovery.

Question 59

What does CRI stand for?

Answer 59

Container Runtime Interface.

Question 59

What does CNI stand for?

Answer 59

Container Network Interface.

Question 60

Why is observability important in cloud-native applications?

Answer 60

Enables monitoring and debugging by tracking resource usage and behavior.

Question 61

What is the role of a reverse proxy in edge security?

Answer 61

Controls, filters, and monitors incoming HTTP requests to internal services.

Question 61

What is circuit breaking in edge proxies?

Answer 61

Stops trying a failing service temporarily to avoid cascading failures.

Question 61

What is response aggregation in reverse proxies?

Answer 61

Combines responses from multiple services into a single response.

Question 61

How does Kubernetes manage workloads across nodes?

Answer 61

Through the kube-scheduler and node-specific kubelets.

Question 61

What tools allow access to the Kubernetes API server?

Answer 61

CLI tools like kubectl and external controllers.

Question 61

What is the benefit of declarative API usage in Kubernetes?

Answer 61

Simplifies orchestration by defining "what" should happen instead of "how."

Question 61

How are liveness and readiness probes defined?

Answer 61

Through configuration in pod specs to monitor application health.

Question 61

What is the function of the controller manager in Kubernetes?

Answer 61

Runs controllers that regulate cluster state changes.

Question 61

What does high availability in Kubernetes entail?

Answer 61

Workloads are replicated across nodes, with failover and self-healing mechanisms.

Question 61

What are the types of Kubernetes workloads?

Answer 61

Deployments, StatefulSets, Jobs, CronJobs, DaemonSets.

Question 61

What is the 'OS of the cloud'?

Answer 61

Kubernetes, due to its orchestration and automation capabilities.

Question 61

What does Kubernetes use to track the actual vs desired state?

Answer 61

Control loops run by controllers.

Question 62

How does the kubelet contribute to persistent storage?

Answer 62

Manages volume attachment/mounting and CSI communication.

Question 62

How does Kubernetes allow for infrastructure abstraction?

Answer 62

Through interfaces like CRI, CNI, and CSI.

Question 62

How does Kubernetes decouple compute and storage?

Answer 62

Through volume abstractions like PVs and PVCs.

Question 62

What are some additional security measures beyond Kubernetes secrets?

Answer 62

Encryption vaults and identity management systems.

Question 62

What is the value of base64 encoding in secrets?

Answer 62

Obfuscates values for transport, but does not encrypt them.

Question 62

Why are headless services important in StatefulSets?

Answer 62

They provide stable DNS names for pods without virtual IPs.

Question 62

Why are containers considered almost-native performance?

Answer 62

Due to minimal abstraction over the host OS.

Question 62

What makes a network plugin compatible with Kubernetes?

Answer 62

Adherence to the CNI specification.

Question 62

What makes a container runtime compatible with Kubernetes?

Answer 62

Implementation of the CRI.

Question 62

What Kubernetes concept ensures only specific nodes receive secrets?

Answer 62

Secret management and access control via node targeting.

Question 62

What type of storage is required for databases in Kubernetes?

Answer 62

Persistent, non-ephemeral storage with StatefulSet and PVCs.