Kodekloud CKA class Flashcards
(114 cards)
1
Q
What two Kubernetes services run on worker nodes, and what do they do? consider updating as we learn.
A
kubelet: listens to instructions from the kube-api and manages the nodes containers.
Kube-Proxy: A network proxy that runs on each node that maintains network rules on each nde.
2
Q
What is the CRI?
A
Container Runtime Interface : Container runtimes such as Docker, CRD, RKT. Docker continued to work with dockershim. while the other CRIs followed the standardized spec. Containerd seems to be where everything is going. in 1.24 the dockershim was removed.
3
Q
What is containerd?
A
Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness, and portability. It is designed to manage the complete container lifecycle of its host system, including image transfer and storage, container execution and supervision, and low-level storage and network attachments. Containerd is part of the Cloud Native Computing Foundation and serves as the core container runtime for Kubernetes.
4
Q
what is the containerd ‘ctr’ command?
A
ctr is a command-line interface tool provided by containerd for interacting directly with the containerd daemon, primarily used for debugging and testing. The top three uses include managing container lifecycles (create, start, stop, and delete containers), pulling and pushing images, and directly interacting with the containerd API for low-level operations.
5
Q
how do i pull and run an image with the containerd ctr command?
A
ctr images pull docker.io/library/redis:alpine
ctr run docker.io/library/redis:alpine redis
6
Q
nerdctl is the better alternative to ctr for containerd. why is nerdctl better?
A
Nerdctl supports a wide range of Docker CLI commands, making it easier for users to transition from Docker to containerd without changing their workflows. It includes high-level features such as building images, composing multi-container applications, and managing volumes and networks, which are not directly available or as accessible in ctr.
7
Q
nerdctl replaces the docker command in containerd. How do i create a container with nerdctl? how do expose ports with nerdctl.
A
Docker and nerdctl are pretty much identical. so nerdctl would be.
nerdctl run –name redis redis:alpine
nerdctl run –name webserver -p 80:80 -d nginx
8
Q
what is crictl?
A
crictl is kubernetes command that allows to to control your container runtimes. used to inspect and debug contain runtimes.
9
Q
crictl, which is a kubernetes command, is used to interact with the CRI. what crictl command will view the logs? How would pods be listed?
A
crictl logs LOGID
crictl pods
10
Q
What is ETCD in Kubernetes?
A
etcd is a distributed key-value store that serves as the backbone for storing and managing the critical data of a Kubernetes cluster, ensuring consistency and reliability across the cluster state. It plays a pivotal role in Kubernetes for configuration data, state management, and coordination of distributed system operations, acting as the single source of truth for the cluster.
11
Q
ETCD: what is a key value store?
A
ETCD is a database that stores data as a key:value. Each individual gets a file and there will be a key and a value. In kubernetes the KEY is the file name and the value is the data. it stores the file info in JSON.
12
Q
what port does ETCD operate on?
A
TCP/2379
13
Q
What is etcdctl and how do we retrieve a key value with it?
A
etcdctl is how we interact with etcd. ./etcdctl get key1 - command will return the value of the key1. in the key-value database.
14
Q
what does this do: etcdctl get <key> [--prefix]</key>
A
Description: Retrieves the value of the specified key. If –prefix is used, it fetches all keys with the specified prefix.
15
Q
Command: etcdctl put mykey “this is my key”
A
Description: Sets the value for a specified key. This command is used to create or update the value of a key in etcd.
16
Q
Command: etcdctl del <key> [--prefix]</key>
A
Description: Deletes a specified key or, when used with –prefix, deletes keys with the specified prefix. It’s crucial for managing and cleaning up data in etcd.
17
Q
how: Save a snapshot of the etcd database to a specified filename. This is vital for backing up etcd data.
A
etcdctl snapshot save myEtcd-backup-file.db
18
Q
what is the command to: List all members in the etcd cluster. This command is essential for monitoring and managing the etcd cluster membership.
A
etcdctl member list
19
Q
What is the etcdctl command to get all of the keys in the etcd db?
A
ETCDCTL_API=3 etcdctl get “” –prefix –keys-only
removing the –keys-only will also return values.
20
Q
what does this command do: export ETCDCTL_API=3
A
sets the environment variable to tell etcdctl to use API version 3.
21
Q
What is the process of the Kube-API when sending a request to create a new pod?
Memory hint: A.V.R.U.S.K.
A
- Authenticate User: Verify the identity of the user or service making the request, ensuring they are authorized to perform the action.
- Validate Request: Check the request for correctness and ensure it contains all necessary information for creating a pod.
- Retrieve Data: Fetch necessary data from etcd that might be required for processing the request, such as existing configuration or state.
- Update etcd: Persist the new pod’s specification in etcd to update the cluster’s desired state, ensuring consistency across the system.
- Scheduler: The scheduler detects the new pod creation request from the updated state in etcd and selects an appropriate node for the pod to run on, based on resource requirements, constraints, and policies.
- Kubelet: The kubelet on the chosen node is informed about the new pod and takes responsibility for creating and starting the pod’s containers according to the specified configuration.
22
Q
Question: What is the Kube Controller Manager?
A
Answer: The Kube Controller Manager is a component of Kubernetes that runs various controller processes. . All of the controllers are bundled under this.
23
Q
Question: What does the ReplicaSet Controller do?
A
Answer: Ensures the specified number of replicas for a pod are running at any given time, providing redundancy and scalability.
24
Q
What is the purpose of the Deployment Controller?
A
The deployment controller manages the deployment of ReplicaSets and enables declarative updates of Pods, along with features like rollbacks and scaling.
25
Question: What does the StatefulSet Controller manage?
Answer: Provides unique identities to Pods, manages the deployment and scaling of a set of Pods, and ensures the proper handling of persistent storage.
26
Question: What is the DaemonSet Controller's role?
Answer: Ensures that all (or some) Nodes run a copy of a specified Pod, useful for deploying system-wide daemons on every Node.
27
Question: What does the Job Controller do?
Answer: Manages Jobs that run Pods to completion (i.e., until a specified number of them successfully terminate).
28
Question: What is the function of the CronJob Controller?
Answer: Manages time-based Jobs, similar to cron in Unix-like systems, scheduling tasks to run at specific times.
29
Question: What responsibilities does the Node Controller have?
Answer: Notices and responds to node failures, including evicting pods from the failed nodes to maintain cluster health.
30
Question: What does the Service Controller manage?
Answer: Handles network rules on the cloud provider or local machine to expose services outside the cluster.
31
Question: What is the role of the Endpoints Controller?
Answer: Populates the Endpoints object, effectively joining Services and Pods for network communication.
32
Question: What does the Namespace Controller do?
Answer: Manages the lifecycle of namespaces, ensuring resources are properly cleaned up when a namespace is deleted.
33
Question: What is the purpose of the PersistentVolume Controller?
Answer: Manages the lifecycle, provisioning, and binding of PersistentVolumes and PersistentVolumeClaims for storage management.
34
Question: What does the Horizontal Pod Autoscaler (HPA) Controller manage?
Answer: Automatically scales the number of Pods in a replication controller, deployment, replica set, or stateful set based on observed CPU utilization or custom metrics.
35
what path and file contains the kube controller manager config/YAML file?
/etc/kubernetes/manifests/kube-controller-manager.yaml. This is where you configure your controllers.
36
Question: What does the command ps -aux | grep kube-controller-manager do?
Answer: This command searches for and displays information about the kube-controller-manager process running on a Linux system. ps -aux lists all running processes with detailed information, and grep kube-controller-manager filters this list to show only the processes related to the Kubernetes Controller Manager. It's useful for checking if the kube-controller-manager is running and to see its process details like PID, CPU, and memory usage.
37
Question: What does the Kube Scheduler do and how does it work?
Answer: The Kube Scheduler is responsible for assigning newly created pods to nodes within the Kubernetes cluster. It works by evaluating the requirements of each pod, such as resource requirements, affinity/anti-affinity specifications, taints and tolerations, and other constraints. The scheduler then finds a suitable node that satisfies these conditions and schedules the pod to run on that node. This process ensures that pods are placed on nodes in a way that respects their scheduling requirements while also balancing the overall load across the cluster. It does not create the pod, the kubelet does that.
38
Where are the kube-scheduler options?
/etc/kubernetes/manifests/kube-scheduler.yaml
39
How do i view the kube-scheduler options, other than looking at the manifest?
ps - aux | grep kube-scheduler
40
Question: What does the Kubelet do?
Answer: The Kubelet is an agent that runs on each node in a Kubernetes cluster. Its primary role is to ensure that containers are running in a Pod as described in the PodSpecs. It takes a set of PodSpecs provided by the kube-apiserver and ensures that the containers described in those PodSpecs are running and healthy. The Kubelet manages the lifecycle of containers, monitors their state, and reports back to the Kubernetes control plane, contributing to the overall health and performance of the cluster.
41
how do i view the kubelet process and running options?
ps -aux | grep kubelet
42
Question: What is kube-proxy?
Answer: kube-proxy is a network proxy and load balancer that runs on each node in a Kubernetes cluster. Its main role is to maintain network rules that allow network communication to Pods from network sessions inside or outside of the cluster. kube-proxy manages the Kubernetes service abstraction by translating virtual IP addresses to Pod IP addresses, enabling service discovery and routing. It supports several modes of operation, including userspace, iptables, and IPVS, each providing different levels of performance and flexibility.
43
what is the kubectl command to launch an nginx pod named mynginx?
kubectl run mynginx --image nginx
44
What are the 4 top level fields for a pod yaml file, and what are the required definitions of those fields.
apiVersion: v1
kind: Pod
metadata:
spec:
45
What are the apiVersions for: Pod, Service, ReplicaSet, Deployment
KIND: VERSION:
Pod. v1
Service v1
ReplicaSet apps/v1
Deployment appls/v1
46
what is the command to list all pods and which node they are running on?
kubectl get pods -o wide
47
kubectl command to make an nginx pod named nginx and have the output display on the screen of the yaml file
kubectl run nginx --image=nginx --dry-run -o yaml
48
Explain the difference between the replication controller and a replicaset controller?
Replication controller is the older technology that is replaced by the replicaset to control replicaset configs. The replicaiton controller directly controlled pods. the replicaset controller, controls pods thru replicSets.
49
what is the apiVersion and kind for the older ReplicationController?
apiVersion: v1, kind: ReplicationController
50
what is the apiVersion and kind of a ReplicaSet?
apiVersion: apps/v1 , kind: ReplicaSet
51
in a ReplicaSet manifest why do we have to define a selector?
This is because the ReplicaSet can control pods that are not created by the ReplicaSet. Replication Controller does not requires a selector, but ReplicaSet does.
52
What is the RepliaSet manifest syntax for the selector?
selection:
matchLabels:
type: front-end ( a label)
53
Confirm memorization of a basic replicaset in following slide.
apiVersion: apps/v1
kind: Replicaset
metadata:
name: myapp-replicaset
labels:
app: myapp
type: front-end
spec:
template:
metadata:
name: myapp-pod
labels:
app: myapp
type: front-end
spec:
contains:
- name: nginx-container
image: nginx
replicas: 3
selector:
matchLabels:
type: front-end
54
what happens if you create a ReplicaSet and define a selector as "front-end" with 3 replicas. But you already have 3 pods running labeled front-end.
The ReplicaSet will not create any new pods. it contriols the exsiting pods with the matching labels.
55
If i change the number of replicas in my ReplicaSet manifest, how do i apply the new manifest to change the number of active replicas? Kubectl command.
kubectl replace -f replicaset-definition.yml
56
What is the command to scale a replicaset, which will not change the manifest file.
kubectl scale --replicas=6 replicaset my-replicaset.
57
True or False? A manifest for a deployment looks exactly the same as a manifest for a replicaset, except the kind changes between Deployment and ReplicaSet
True! NOTE: creating a deployment, also creates a replicaset!
58
how do i pipe this to a dry run yaml file on my screen? kubectl run nginx --image=nginx
kubectl run nginx --image=nginx --dry-run=client -o yaml
59
What is a Kubernetes NodePort service?
A NodePort is a configuration option in Kubernetes Services that makes a specific pod accessible on a static port on the node's IP address. When you set a service's type to NodePort, Kubernetes allocates a port from a configured range (default: 30000-32767), and any traffic sent to this port on any node's IP is forwarded to the service. This allows for external access to services without needing an external load balancer. NodePort is often used for development environments or small-scale applications.
60
What is a Kubernetes ClusterIP service?
A ClusterIP is a type of Kubernetes service that provides a single, stable IP address for accessing a set of pods within the cluster. This IP is only reachable within the cluster, making it suitable for internal communications between services. It acts as the default service type, facilitating internal request routing to the appropriate pod instances.
61
What is a Kubernetes LoadBalancer service?
A Kubernetes LoadBalancer service is a type of service that provides external network access to one or more services within a Kubernetes cluster. It automatically assigns a public IP address and routes external traffic to the service, often by integrating with cloud providers' load balancers. This service type effectively distributes incoming network traffic across multiple pods to ensure even load distribution and high availability of the service.
62
What does a NodePort manifest look like?
apiVersion: v1
kind: Service
metadata:
name: myapp-service
spec:
type: NodePort
ports:
- targetPort: 80 (target port on pod)
port: 80
nodePort: 30008 (port on the node, directing to target)
selector: (links service to a pod)
app: myapp
type: front-end
63
In a NodePort what for ports, what is the only mandatory field and what are the ramifications?
port is the only required port. If only port is provided, the target port will use the same port as the port. It no NodePort is provided one will be created in the NodePort range of 30,000 - 32,767
64
If you are using a NodePort service with a selector for multiple pods, what is the behavior?
When the NodePort is created, the selector will find the pods with the labels and distribute the load randomly. Kubernetes creates the NodePort across all of the nodes in the cluster with the same NodePort.
65
What does a Cluster IP service manifest look like? Hint this looks just like a NodePort service except no NodePort is provided.
apiVersion: v1
kind: Service
metadata:
name: back-end
spec:
type: ClusterIP
ports:
- targePort: 80
port: 80
selector:
app: myapp
type: back-end
66
What is the format to address a service across a namespace?
67
kubectl command to list pods in the namespace called MyNamespace
kubectl get pods --namespace=MyNamespace
68
kubectl command to create a pod from a manifest for the namespace called MyNamespace
kubectl create -f pod.yaml --namespace=MyNamespace
69
in a manifest how to define the namespace an object is to be created in?
under metadata would define---> namespace: dev
70
How do i create a namespace?
Create a namespace manifest:
apiVersion: v1
kind: Namespace
metadata
name: Dev
kubectl create -f namespace-defintion.yaml
OR:
kubectl create namesapce dev
71
kubectl command to change namespaces
kubectl config set-context --namespace=dev
72
how to view pods in all name spaces?
kubectle get pods --all-namespaces
73
What does this do: kubectl get pods -A
same things as kubectl get pods --all-namespaces
74
How do you create an NGINX Pod using kubectl?
kubectl run nginx --image=nginx
75
Command to generate a Pod manifest in YAML without creating the Pod.
kubectl run nginx --image=nginx --dry-run=client -o yaml
76
How to create a deployment for NGINX using kubectl?
kubectl create deployment --image=nginx nginx
77
Command to generate a Deployment manifest in YAML without creating the Deployment.
kubectl create deployment --image=nginx nginx --dry-run=client -o yaml
78
Kubectl How to generate a Deployment with 4 replicas?
kubectl create deployment nginx --image=nginx --replicas=4
79
Command to scale a deployment to 4 replicas.
kubectl scale deployment nginx --replicas=4
80
kubectl Command to create a ClusterIP Service named redis-service to expose Pod redis on port 6379.
kubectl expose pod redis --port=6379 --name redis-service --dry-run=client -o yaml
81
kubectl Command to create a NodePort Service named nginx to expose Pod nginx on node port 30080.
kubectl expose pod nginx --type=NodePort --port=80 --name=nginx-service --dry-run=client -o yaml OR kubectl create service nodeport nginx --tcp=80:80 --node-port=30080 --dry-run=client -o yaml
82
Create a service redis-service to expose the redis application within the cluster on port 6379.
Use imperative commands.
Run the command: kubectl expose pod redis --port=6379 --name redis-service
83
with kubectl: Create a new pod called custom-nginx using the nginx image and expose it on container port 8080.
Run the command: kubectl run custom-nginx --image=nginx --port=8080
84
Create a pod called httpd using the image httpd:alpine in the default namespace. Next, create a service of type ClusterIP by the same name (httpd). The target port for the service should be 80.
THIS IS A TRICK QUESION
Try to do this with as few steps as possible.
kubectl run httpd --image=httpd:alpine --port=80 --expose
85
Using the kubectl expose command will only work for which service type, and not for any other service type
clusterip
for example: kubectl run httpd --image=httpd:alpine --port=80 --expose
86
The is a basic pod manifest, what change is made to manually schedule this pod to node01:
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- image: nginx
name: nginx
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
nodeName: node01 <-----
containers:
- image: nginx
name: nginx
87
what command can you use to "tail" a kubectl get pods command? this way if the pod status changes, we get updated.
kubectl get pods --watch
88
After modifying a POD yaml file, what single command can you run to destroy and recreate the pod?
kubectl replace --force -f myPod.yaml
89
How can I list all pods that have a label of app=frontend
kubectl get pods --selector app=frontend
90
how can i lost all pods with the labels app=frontend bu=finance?
kubectl get pods --selector app=frontend,bu=finance
91
how do i list all pods, but remove the header so it is not counted when we also have it count how many rows came back?
kubectl get pods --no-headers | wc -l
92
kubectl cmd to taint node1 with env=prod
kubectl taint nodes node1 env=prod:taint-effect
93
When tainting nodes there are three taint effects.
kubectl taint nodes -node-name key=value:taint-effect
NoSchedule, PreferNoSchedule, NoExecute
Define these
NoSchedule= do not schedule on node
PreferNoSchedule= try to avoid this pod
NoExecute=new pods will not be scheduled, existing pods will be evicted without toleration
94
What does a pod file look like if a toleration is set to match the node taint of app=blue:NoSchedule. what happens if the pod matches the taint? Matching he pod toleration and the node taint will allow it to schedule.
apiVersion:
kind: pod
metadata:
name: myapp-pod
spec:
containers:
- name: nginx-controller
image: nginx
tolerations:
- key: "app"
operator: "Equal"
value:"blue"
effect:"NoSchedule"
95
What is the difference between node affinity and taints/tolerations?
Node Affinity is a property of pods that attracts them to a set of nodes (either as a preference or a hard requirement). It allows you to specify rules for pod placement based on node labels, ensuring pods are scheduled on nodes that meet specific criteria (e.g., to ensure a pod runs on a node in a particular geographic location).
Taints and Tolerations work together to repel pods from certain nodes. A taint is applied to a node, and any pod that does not tolerate that taint is repelled by the node. Tolerations are applied to pods and allow them (or require them) to schedule onto nodes with matching taints. This mechanism ensures that pods are not scheduled onto inappropriate nodes.
96
kubectl command to remove the taint from node controlplane for key/value:effect of node-role.lubernetes.io/control-plane:NoSchedule
kubectl taint nodes controlplane node-role.kubernetes.io/control-plane:NoSchedule- NOTE the - at the end removes the taint
97
What is a Node Selector?
A Node Selector is a Kubernetes feature that schedules pods on nodes with specific labels. For example, using nodeSelector: {disktype: ssd} in a pod spec ensures the pod runs on nodes labeled with disktype=ssd. This mechanism helps in placing pods on suitable nodes based on predefined criteria.
98
What does a basic nodeSelector pod manifest file look like, and what do you do to the node to accept it? example size: large
the node must have a label of size:large for this pod manifest to mesh.
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
nodeSelector:
size: large
containers:
- name: nginx
image: nginx
99
provide a node affinity pod manifest to place a pod on a node where a label key is size and the values are large or small
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: nginx
image:nginx
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: size
operator: In (NotIn for reverse)
values:
- Large
- Medium
100
For Node Affinity types we have:
requiredDuringSchedulingIgnoreDuringExexcution. What does this mean and what is the other type?
requiredDuringSchedulingIgnoredDuringExecution: This affinity type mandates that the scheduler must place a pod on a node that matches the specified criteria at scheduling time. Once the pod is placed, subsequent changes to node labels do not affect the pod.
preferredDuringSchedulingIgnoredDuringExecution: This type suggests preferences for node selection. The scheduler attempts to place a pod on nodes that match the specified criteria, but it will still schedule the pod even if no matching nodes are found, prioritizing the preferences as much as possible.
101
Confirm understanding of the 4 node affinity types in the following table -->
102
Apply a label color=blue to node node01 with kubectl
kubectl label node node01 color=blue
103
When setting node affinity values in a pod manifest, what is the key value used to check if a label exists on the node, but not check it's value
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnordDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: myLabel
operator: Exists
104
Create a basic pod manifest that includes a resource request for 1 cpus and 1 gigs of ram. Also set a limited to 2 cpus and 2 gigs ram.
apiVersion: v1
kind: Pod
metadata:
name: myApp
label: myApp
spec:
containers:
- name: myApp
image: myImage
resources:
requests:
memory: "1Gi"<- Mi for Megs
cpu: 1
limits:
memory: "2Gi"
cpu: 2
105
If you set a pod resource limits to 2 cpus, but do not set a request, what does Kubernetes set the request to?
If there is a limit, but no request, then the request is set to the same as the limit
106
Why is setting resource limits of pods sometimes a bad idea?
you don't want to limit CPU usage, if the node has CPU free. So setting a request, with no limits may be the best scenario
107
What is a Daemonset that is installed by default in a kubernetes cluster?
Kube-proxy is a daemonset.
108
Command to list all daemonsets in all namespaces
kubectl get daemonset --all-namespaces OR
kubectl get daemonset -A
109
Command to create a deployment named blue with nginx image and 3 replicas
kubectl create deployment blue --image=nginx --replicas=3
110
What is the difference between a resource request and a resource limit? what happens if memory limit hits?
A request is the minimum amount of resources that kubernetes will guarantee for a container. the limit is the maximum amount of resources a container is allowed to use. If it tries to use more memory than the limit, a pod will OOM kill.
111
what is a LimitRange?
This is set at the namespace level kind: LimitRange. In this file you can set defaults for pods in the namespace. Can not be overridden by invidual pod or namespace. it will no affect exiting pods.
112
What is a ResourceQuota?
Provide a maximum resource usage for the entire namespace, the sum of all pods:
apiVersion: v1
kind: ResourceQuota
metadata:
name: my-resource-quota
spec:
hard:
requests.cpu: 4
requests.memory: 4Gi
limits. cpu: 10
limits.memory: 10Gi
113
114
What is the difference between a ResourceQuota and a LimitRange?
The LimitRange defines the resource limits per pod inside of a namespace. the ResourceQuota provide a limit for the total resources used by all pods in the namespace.
