introduction

Question 1

What is containerization?

Answer 1

• is a software deployment process
• bundles application’s code with libs and binaries
• outputs images, based on layers

Question 2

What is created when a container is created is it Kernel space or user space?

Answer 2

User space is created for isolation. It uses linux utilities called namespace to isolate one container from other.

Question 3

What are the benefits of containerization?

Answer 3

• Portability
  Software developers use containerization to deploy applications in multiple environments without rewriting the program code.
• Scalability
  Containers are lightweight software components that run efficiently. Much lighter than VMs
• Fault tolerance
  Containerized services operate in isolated user spaces, a single faulty container doesn’t affect the other containers.

Question 4

What are containers?

Answer 4

• Containers are lightweight packages of your application code
• Containers are executable units of software
• Container contain application code along with its libraries and dependencies

Question 5

What is docker?

Answer 5

Docker is a container engine that is used to create containers.

Question 6

What things does each container have its own?

Answer 6

• Root file system
• Networking IPs and ports
• hostnames
• Processes
• Devices
• Memory

A container will not show process related to other containers or host machine.You can assign memory and CPU to container. This can be done using docker or by kubernetes. Both have different ways.

Question 7

What is used to map networking from docker container to host machine networking?

Answer 7

There is a bridge called docker0, which takes care of mapping the network interface inside the container to network interface on the host machine.

Question 8

Which linux kernel features does docker use to achieve containerization?

Answer 8

It uses cgroups, namespaces, chroot and others to provide resource isolation.

Question 9

Is the statement “Docker enables containerization” true? And elaborate

Answer 9

No, docker uses kernel to achieve containerization.

Question 10

What does chroot feature provide?

Answer 10

chroot command allows every container to have its own root filesystem, which is completely distinct from root filesystem from host machine.

Question 11

What does cgroup feature provide?

Answer 11

cgroup allows you to give resources, provide CPU, memory to particular containers.

control groups for collection of processes

Question 12

How many types of containers are there?

Answer 12

• Regular containers: NGINX
• Privileged containers: lesser isolation, container can make changes to actual root FS to host file system. Less secure

Question 13

Docker ecosystem

Answer 13

• Docker Engine - primary daemon which helps you in creating containers: Dockerd and docker CLI
• Docker Hub : store images, image registry
• Docker Machine interacts with cloud providers. Creates hosts on cloud providers
• Docker Swarm Very similar to Kubernetes
• Docker Compose Compose can spin up many containers with dependencys

Question 14

What is overlay network?

Answer 14

• Overlay network is a private subnet
• spans across multiple docker hosts.

Question 15

Which are the namespaces available in Linux?

Answer 15

1) PID namespace - a way to isolate processes.The container is only aware of its processes.
2) Network namespace
3) Mount namepsace create mounts inside container
4) IPC namespace - Memory segment - Semaphores - Queues(The two containers are able to create shared memory segments and semaphores with same name)
5) UTS namespace hostname, nis name

Question 16

What does this command provide us >lsns

Answer 16

This gives us list of namespaces

Question 17

Give example of sample Dockerfile that modifies default index.html of NGINX image

Answer 17

FROM nginx:latest
COPY index.html /usr/nginx/html/index.html

Question 18

What is the difference between CMD and ENTRYPOINT in Dockerfile?

Answer 18

• ENTRYPOINT is the App or binary
• CMD is the parameter for the App or binary

ENTRYPOINT [“/usr/bin/my-app”]

CMD [“help”]

Question 19

What is a Hypervisor?

Answer 19

A hypervisor, also known as a virtual machine monitor, is a process that creates and runs virtual machines (VMs). A hypervisor allows one host computer to support multiple guest VMs by virtually sharing its resources, like memory and processing.

Question 20

Different types of Hypervisors?

Answer 20

1) Bare metal run directly on the host’s hardware.
2) Hosted run as a software layer on an operating system, like other computer programs. (VirtualBox)

Question 21

Why use Hypervisors?

Answer 21

Hypervisors make it possible to use more of a system’s available resources and provide greater IT mobility since the guest VMs are independent of the host hardware. This means they can be easily moved between different servers.

Question 22

What is YAML?

Answer 22

• Yet Another Markup Language.
• matches user’s expectations, human friendly !!!
• superset of JSON
• YAML is case sensitive
• no tabs

Question 23

YAML notation basics and what characters are used

Answer 23

flow style

Basics spaces are important!

”#” comment
“—” new document
“- “ Conventional Block Format
Sequence: “[milk, groceries, eggs, juice, fruits]”
Map: “{name: John Smith, age: 33}”

elements in start sequence [e1…
# only block style in start sequence
- e1
- e2
# Sequence, flow s.
- [x, x2]
# Sequence with map, flow s.
- [x, x3: h]
# Map block and flow mixed
~~~
- map:
map2: {e1: x, e2: x2}
map3:
- a
- a: x
~~~

Question 24

Datatypes in YAML

Answer 24

• Scalars - strings and numbers
• Sequences - aka arrays or lists
• Mapping - aka hashes / dictionaries

Question 25

Why container orchestration?

Answer 25

When it comes to cluster container management,
* monitoring
* scaling
* managing cluster, it is very difficult

Question 26

What are responsibilities of container orchestrator?

Answer 26

• scalability
• availability redundancy
• networking
• timing of container creation and deletion
• monitoring the cluster
• container communication, port exposing.
• Provisioning and deployment of containers
• load evenly across host infrastructure
• Movement of containers from one host to another if a host dies
• Allocation of resources between containers
• Load balancing
• Configuration of an application in relation to the containers running it

Question 27

Which are available container orchestrators?

Answer 27

• Docker Swarm
• Kubernetes (K8s)
• Apache Mesos

Question 28

Layer diagram of Container Orchestration

Answer 28

From top to bottom
1. Web apps and services
2. Orchestration
3. Service Management
4. Scheduling
5. Resource Management
6. Container Runtime (multiple)
7. Machine and OS (multiple)- Machine infrastructure

Question 29

What does service management layer of orchestration do?

Answer 29

• expose containers (to inside outside of the cluster)
• manages routing

Question 30

What does the scheduling layer of container orchestration do?

Answer 30

Pods are matched to a nodes that fits requirements

Question 31

What does the resource management layer of container orchestration do?

Answer 31

It manages the assignment of CPUs and Memory to the containers.

Question 32

Can a pod have multiple containers?

Answer 32

Yes pod is an abstraction over 1..n containers.

Question 33

What is k8s?

Answer 33

K8s is an open source, portable platform for
* automating container deployments,
* scaling and management of containerized workloads and applications.

Question 34

What are namespaces

Answer 34

• Namespaces are a feature of the Linux kernel
• that partitions kernel resources such that one set of processes sees one set of resources while another set of processes sees a different set of resources

Question 35

Types of Linux namespaces

Answer 35

• (user) A user namespace has its own set of user IDs and group IDs
• (pid) A process ID namespace assigns a set of PIDs to processes
• (net) A network namespace has an independent network stack: own routing table, set of IP addresses…
• (mnt) A mount namespace has an independent list of mount points
• (ipc) An interprocess communication namespace has its own IPC resource
• (uts) A UNIX Time‑Sharing namespace allows a single system to appear to have different host and domain names to different processes.

A user namespace has its own set of user IDs and group IDs for assignmen

Question 36

What are container images

Answer 36

• A container image is a file used to execute code in a container
• images act as a set of instructions to build a container, like a template

Question 37

parent image

Answer 37

A parent image is the image that your image is based on.

Question 38

base image

Answer 38

A base image has no parent image specified in its Dockerfile.
It is created using a Dockerfile with the FROM Scratch directive.