Containers, Docker, Kubernetes Flashcards

(131 cards)

1
Q

What are containers and what are their advantages over VMs?

A

A lightweight alternative to VMs that sits on top of the kernel of a host OS
- they start almost immediately
- less resource intensive
- easier to create and manage
- mostly same benefits of VMs but also remove drawbacks of VMs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How do containers provide encapsulation?

A
  • they encapsulate an application and it’s dependencies
  • ‘code running inside a container is really just running on the host OS but shielded from the rest of the OS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Name some popular containerisation tools:

A

Docker, PodMan, Kubernetes, OpenShift

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Describe the tech stack for containers

A

Layers:
Application1 Application2 Application3
Container1 Container2 Container3
Linux Kernel
Hardware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Describe the tech stack for containers + virtualisation

A
  • run containers on the VMs, these have a virtual linux kernel which the containers run on.

Layers:
Application1 Application2 Application3
Container1 Container2 Container3
VM1 VM2
Hypervisor
Hardware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Why would you use containers + virtualisation despite the fact that VMs are resource intensive?

A
  • It means the only permanent piece of hardware is the bare metal server
  • so everything can be completely changed. One day you can run a kubernetes cluster, the next you can run a web server, without having to uninstall the linux kernel from the server.
  • this is a very scalable method (as easier to spin up than VMs)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Docker?

How does it work?

A
  • The most well known solution for containerisation
  • containers are created from images which are specified in Dockerfiles. e.g. an Ubuntu image
  • always start from an existing image
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the command for downloading the latest ubuntu image from the main docker image repository, Docker Hub?

What is the command for running the downloaded image in a container?

A

docker pull ubuntu:latest

docker run -it ubuntu:latest /bin/bash
// this runs a new container and starts a bash shell with an interactive terminal (interactive mode)
// there’s no boot process for containers because they sit on top of the linux kernel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

If the code to load the latest ubuntu image and run it is saved in a file called Dockerfile, what commands are used to build and run the docker container?

A

docker build -t hello - world .
// builds the docker image
// -t specifies to tag a name “hello-world” to the image
// . tells docker to use the current directory, thus docker looks for the dockerfile in this directory to define what goes into the image

docker run hello - world
// runs the docker container

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the key dockerfile elements?

A

*Base image: specifies another image on which the new image is being built
* instructions: defines steps to build the image e.g. installing dependencies, files and the environment configuration
* commands: execute commands within the image during the build process
* exposed ports: specify which ports should be exposed when running a container from the image
*endpoint: define the command to be executed when a container is started from the image

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Describe docker layers:

A
  • docker images are made up of read only layers, each representing a dockerfile instruction
  • Each layer represents a set of file system changes (like adding files or installing software)
  • so a layer contains only differences from the previous layer
  • layers are stacked on top of each other to form a base for a containers file system
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Why does Docker uses a layered architecture?

A

To make image creation efficient and to support caching and reuse.
- If nothing changes in a layer’s instruction or the ones before it, Docker reuses the cached version instead of rebuilding it.
- This speeds up image builds significantly.
- If multiple images share common base layers (like python:3.11), Docker only stores one copy of that layer.
- This saves disk space and improves efficiency.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

List 5 docker CLI commands and explain what they do:

A

docker ps //lists all running containers

docker ps -a //lists all containers, including stopped ones

docker stop [ CONTAINER ID ] //stops a running container

docker rm [ CONTAINER ID ] //removes a stopped container

docker rmi ubuntu:latest // removes an image

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Explain container isolation:

A
  • containers create an illusion of separate OS’ on top of a host OS
  • a container is just a collection of processing running on the host OS
  • the linux kernel isolates the containers processes on the host OS, as well as providing resource management and file system abstraction
  • Each container runs in its own set of namespaces, providing a somewhat isolated environment.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Describe the use of the linux kernel in regard to containerisation:

A

the linux kernel enables:
*Namespaces: that isolate system resources for a collection of processes
* control groups (cgroups): manages resources allocation and usage for containers
*union file systems: allow containers to share a read only base file system, maintaining separate writable layers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Describe linux namespaces:

A

*these isolate process groups, providing each container with it’s own view of system resources such as network, processes and mount points
*ensure each set of processes sees its own isolated instance of a global resource.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are the 6 types of linux namespaces:

A

*PID: isolates the process ID number space: for a running container, shows only processes running in a specific namespace (won’t see processes for other containers with different namespaces)
*NET: the network namespace which virtualises the network stack. provides different network stacks for different containers.
*MNT: manages mount points (file systems)
*UTS: unix time sharing isoles host and domain names
*IPC: isolates inter process communication
*USER: provides privilege isolation and user identification segregation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Describe Control groups (cgroups)

A
  • they manage resource allocation for containers
  • limit/monitor resources (CPU, memory, disk, I/O) that a container uses
  • ensures containers can’t monopolise resources
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Describe union file systems:

A
  • provide a layered file system
  • allows containers to share the kernel and a read-only base file system while maintaining separate writable layers for each container
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Explain how containers are useful for the proliferation of services?

A
  • they’re so lightweight running a single process in a container isn’t inefficient
  • they don’t require a lot of manual config like servers to do run applications on
  • they are a solution for deploying services, so companies with large cloud computing resources can run billions of them
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is Kubernetes?

A

The most popular piece of container orchestration software that manages containers at a scale in the cloud.
- open source, automates deployment, scaling and operation of containers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What are microservices?

A

a style of software architecture that can take advantage of the ability to run large numbers of containers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is orchestration software?

A

Sits on top of data centre hardware providing:
- deployment of applications on the data centre
- scaling of applications resources on demand
- self-healing: restarting applications that have crashes
- zero downtime updates and rollbacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Describe the advantages of kubernetes:

A
  • runs on DC servers abstracting away complexity of underlying hardware to provide a simple interface for running containers, known as OS for DCs
  • Kubernetes does hardware difficulty abstraction for DCs full of servers.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Describe the history of Kubernetes:
- designed by Google, built in response to AWS - Using kubernetes, Google's cloud team aimed to make cloud software more portable between different cloud providers - built using experience of inhouse systems Borg and Omega
26
Describe Borg and Omega:
- Google's in-house cluster management systems, running billions of containers across many DCs - Borg came first then Omega succeeded it - influenced design of kubernetes
27
describe kubernetes and docker:
- kubernetes once used docker as it's container run time - now more flexible and supports other runtimes (even multiple runtimes within one kubernetes cluster) - default container runtime is now Containerd - kubernetes runs anything that adheres to the OCI standard
28
What are CRI and OCI?
Container Runtime interface, allows kubernetes to have plugable container runtimes - this provides better isolation and performance over docker - the Open Container Initiative is a standard for container runtimes
29
What is Containerd?
A stripped down version of docker, full supports docker containers but is more lightweight
30
Describe Microservices as opposed to monoliths
- Kubernetes enables containers to be easy to spin up, and deployed in large volumes. - Instead of deploying a single application in a single container, we can deploy applications as a collection of containers. This is the idea behind microservices. - Each container runs a single service, and the application is made up of many services. - because containers are so easy to deploy, they can provide small (micro) bits of functionality as services (hence the name microservices). - This replaces the old architectures, where applications were often built as monoliths i.e. large codebases which packaged the entire application as a single inter-woven tangle of code (often amounting to millions of lines of code).
31
What are the two types of nodes in a Kubernetes cluster?
Machines known as Control plane nodes and Worker nodes.
32
What type of OS must control plane nodes run on?
Linux.
33
Can control plane nodes run user applications?
Yes, but it's not recommended. The control plane nodes are usually dedicated to control tasks.
34
How many control plane nodes are typical for high availability?
3 or 5.
35
What does HA stand for in Kubernetes?
High Availability. The ensure an agreed level of operational performance.
36
How does Kubernetes achieve High Availability?
By replication and running replicas across multiple Availability Zones (AZs) which are hosted in Datacentres across diverse geographical locations
37
What is the API Server in Kubernetes?
The front end for the Kubernetes control plane. - It exposes a RESTful API over HTTPS - The API Server processes API requests and actions them by updating the cluster store. - You as the user speaks to the API service over https, the API server sits in the control plane in the cloud.
38
What is the Cluster Store in Kubernetes?,
A key-value store used by control plane components to persist the cluster state. - holds info about Kubernetes objects e.g. Pods, Services, and Deployments as well as the current state of these objects.
39
What does the scheduler do?
It watches the API server for new tasks and selects a node for them to run on.
40
What is the role of Controllers in Kubernetes?
They handle routine tasks to ensure the cluster matches the desired state.
41
What is the Controller Manager?
A component that manages the controllers.
42
What protocol does the Kubernetes API use?
HTTPS.
43
What does REST stand for?
Representational State Transfer.
44
What makes a service RESTful?
services that use standard HTTP methods (GET, POST, PUT, DELETE) for CRUD operations - URIs identify resources such as data objects, these are accessed via the HTTP methods - REST is stateless (no data is stored between requests)
45
What is etcd in Kubernetes?
A highly available key-value store used as the cluster store.
46
What is the function of Kubernetes controllers?
They ensure the current state of the cluster matches the desired state. Some main controllers are: - The Deployment Controller - The StatefulSet Controller - The ReplicaSet Controller Kubernetes also runs a controller manager, which runs the controllers.
47
What does the scheduler consider when assigning tasks?
Resource requirements, available resources, and constraints. - If the scheduler can’t find a node that meets the requirements of a task, the task remains pending until a suitable node is found. - Pending tasks can trigger an automatic increase in the number of nodes in the cluster.
48
What do worker nodes do and what components are found on a worker node?
They handle the execution of containers. - Kubelet (manages container lifecycle) - Container Runtime (docker, containerD run containers) - Kube Proxy (provides networking for the node)
49
What does the Kubelet do?
Manages the lifecycle of containers on its node. Handles control plane's instructions to run containers. Tasks: - watches API sever for new tasks - delegates tasks to container runtimes - reports task status back to API server
50
How do you start a Minikube cluster in a linux shell or windows command prompt:
Use the command: minikube start.
51
How do you check the status of a Minikube cluster?
minikube status
52
What is kubectl?
It's a CLI for running commands against Kubernetes clusters. - allows users to manage applications on the cluster and interact with Kubernetes API
53
How do you SSH into a Minikube VM and exit a session?
Use the command: minikube ssh. $exit
54
How do you list running Docker containers in Minikube?
Use the command: docker ps. This will show us the containers that are running as default on the machine.
55
What are pause containers used for?
To maintain networking when worker containers crash or restart.
56
How do you view Kubernetes namespaces? What are namespaces used for?
Use the command: kubectl get namespaces They are used to divide cluster resources between multiple users.
57
What is a Pod in Kubernetes? What is the command to see the current system pods running in the cluster?
The smallest deployable unit holding one or more containers, IP, and storage. $ kubectl get pods --namespace=kube-system
58
What is the command to run an Nginx pod and see the pod running?
Use the command: $ kubectl run nginx --image=nginx. $ kubectl get pods
59
How do you get more detailed info about a pod and delete a pod?
Use the command: $ kubectl describe pod nginx $ kubectl delete pod nginx.
60
What is a Deployment in Kubernetes?
A higher-level concept that manages Pods.
61
What does a Deployment allow?
Easy updates and roll-backs to your applications, and can ensure a certain number of Pods are always running
62
How do you create an Nginx Deployment? Check it's status: Describe the deployment:
Use the command: kubectl create deployment nginx-deployment --image=nginx. $ kubectl get deployments $ kubectl describe deployment nginx-deployment
63
How do you expose a deployment as a service?
Use: kubectl expose deployment nginx-deployment --port=8085 --target-port=80.
64
What is the function of a Kubernetes Service? Command to view services?
Allow us to create a unique, persistent IP address and domain name for a deployment. Provides a stable IP and DNS name for a set of pods. $ kubectl get services
65
How do you test an exposed service from inside Minikube?
SSH into Minikube and use curl on the service IP and port.
66
Kubectl command to view nodes in a cluster:
kubectl get nodes
67
Why do we need pods?
We can't run bare containers on kubernetes, we must first wrap them in a pod. Then wrap the pod in a deployment. - This allows for scaling, updating, and redundancy measures.
68
What operating system do all nodes in the Kubernetes cluster use?
Rocky Linux (RHEL clone)
69
How many master and worker nodes are in the Kubernetes cluster?
1 master node and 2 worker nodes
70
What are the hardware specs of the master node?
4 vCPUs and 8GB RAM master node is more powerful.
71
What are the hardware specs of the worker nodes?
2 vCPUs and 4GB RAM each
72
How does Ansible connect to the VMs?
Via SSH from the user's local machine
73
How can we get the IP addresses of the VMs?
By running 'ip address' on the VMs
74
What Ansible module is used to test connectivity to the nodes?
ping
75
What response indicates a successful ping in Ansible?
pong
76
What must be disabled before Kubernetes setup?
SELinux and swap
77
Why must SELinux be disabled for Kubernetes?
Kubernetes provides sandboxing in other ways and does not support SELinux
78
Which Ansible module is used to disable SELinux?
ansible.posix.selinux
79
What does 'state: disabled' do in the SELinux task?
Ensures SELinux is turned off / disabled
80
Why is gather_facts turned off in some Ansible tasks?
To speed up playbook execution, since it's a slow process
81
What does it mean that Ansible tasks are declarative?
They describe the desired state of the system. They focus on what the end state should be, not how to achieve it.
82
What does idempotent mean in the context of Ansible tasks?
They can be run multiple times without altering the result after the first application
83
How do we verify that SELinux is disabled?
Run 'sestatus' on the master and worker nodes
84
Why is swap memory disabled in Kubernetes?
Kubernetes does not support swap due to memory management issues
85
What is swap space and how is swap disabled in Rocky Linux?
Linux swap space is an area of the hard drive used for RAM overflow. By commenting out the swap line in /etc/fstab
86
What Ansible module is used to modify /etc/fstab (file system table file)?
replace
87
What does the replace module use to match swap lines?
A regular expression (regexp)
88
Why use parentheses in regular expressions?
To capture parts of a pattern for reuse
89
What does '#\1\2\3swap\4' do in the replace module?
Comments out the original line while preserving its content
90
What must be done after disabling SELinux and swap?
Reboot the nodes
91
What Ansible module is used to reboot a machine?
reboot
92
Why do we update firewalls on the master and workers?
To open necessary TCP/UDP ports blocked by default
93
What must be done after opening firewall ports?
Reload the firewall configuration
94
How do we verify the firewall rules?
Check which TCP and UDP ports are open on each node
95
Which kernel modules need to be added to all Kubernetes nodes?
overlay and br_netfilter
96
What does the 'overlay' kernel module support?
Overlay file systems, used by Docker.
97
Why is the 'br_netfilter' module important?
It enables packet masquerading and supports VxLAN for Kubernetes pod communication.
98
Where do we add kernel modules to be loaded at boot?
/etc/modules-load.d/k8s.conf
99
How do we automate adding kernel modules with Ansible?
Use lineinfile module to add lines to k8s.conf with root ownership.
100
Which kernel parameter must be set for Kubernetes networking?
net.ipv4.ip_forward = 1
101
Where is the kernel parameter stored?
/etc/sysctl.d/k8s.conf
102
How can we automate setting kernel parameters with Ansible?
Use lineinfile and a handler to apply configuration.
103
Why do we modify /etc/hosts on each node?
To let nodes resolve each other's hostnames.
104
How do we automate updating /etc/hosts in Ansible?
Use facts to loop over all hosts and dynamically add IP-hostname pairs.
105
What are Ansible facts?
Facts are automatically gathered variables that contain system information such as network interfaces, ip addresses, hostnames, OS details, etc...
106
What Ansible fact retrieves a host's IP address? What Ansible fact retrieves a host's hostname?
hostvars[item]['ansible_facts']['default_ipv4']['address'] hostvars[item]['ansible_facts']['hostname']
107
What container runtime is typically used with Kubernetes?
containerd
108
Why must Docker be removed before installing containerd?
To avoid conflicts and ensure a clean install.
109
How is Docker removed with Ansible?
Set Docker package state to 'absent'.
110
Where is containerd's config file located?
/etc/containerd/config.toml
111
What change is required in containerd's config for Kubernetes?
Set SystemdCgroup = true
112
How do we enable and start containerd with Ansible?
Ensure state is 'started' and 'enabled' using the systemd module.
113
Where do we add the Kubernetes repo configuration?
/etc/yum.repos.d/kubernetes.repo
114
What does the exclude field in the Kubernetes repo do?
Prevents certain packages from being updated or installed. Useful if you want to install a specific version of Kubernetes packages.
115
What module is used to manage services like kubelet in Ansible?
ansible.builtin.systemd
116
Why is a reboot required after kubelet installation?
To apply system changes.
117
What command initialises the Kubernetes control plane?
kubeadm init
118
What command command initialises a Kubernetes worker node and joins it to the cluster?
kubeadm join ...
119
Why does kubelet restart repeatedly before kubeadm runs?
It's waiting in a crash loop for kubeadm configuration.
120
Why do we create a non-root user for Kubernetes?
To avoid using the root (when we don't need to) and follow best practices.
121
What group provides sudo privileges?
wheel Create a user on master called kube and add it to the wheel group: [root@master ~]# useradd -G wheel kube [root@master ~]# id kube uid=1001(kube) gid=1001(kube) groups=1001(kube),10(wheel) The wheel group is used to grant sudo privileges to the user. We can set a password for the user by running the following command: [root@master ~]# passwd kube Changing password for user kube. New password: Retype new password: passwd: all authentication tokens updated successfully.
122
What is the purpose of .kube/config?
To allow kubectl to access the Kubernetes cluster.
123
How do we securely set a user password in Ansible?
Use Ansible Vault with a secrets file.
124
What Ansible module is used to create a user?
ansible.builtin.user
125
When do worker nodes initially show NotReady status?
When Pod networking hasn’t been configured.
126
How do worker nodes join the cluster?
Run kubeadm join command with token and CA hash.
127
How do we automate node joining with Ansible?
Use ansible.builtin.shell module with appropriate tokens.
128
What is the purpose of an overlay network in Kubernetes?
To allow pods to communicate across nodes.
129
Which overlay network plugin is used?
Calico
130
What does Calico provide for pods?
Each pod gets its own IP address and network stack without NAT.
131
How can we test that the cluster is working?
Deploy a simple Nginx pod.