Kubernetes Fundamentals

Question 1

Name Kubernetes control-plane services

Answer 1

etcd
kube-scheduler
kube-api-server
kube-controller-manager
cloud-controller-manager(optional)

Question 2

Role of the Kubernetes control-plane?

Answer 2

Brains of kubernetes. Manages cluster and control critical functions like deployment, scheduling, self-healing, scaling.
Administrative traffic
Configuration
System control
Management

Question 3

What’s inside every worker node?

Answer 3

kubelet
kube-proxy
container runtime

Question 4

What kubelet is responsible for?

Answer 4

It talks to kube-api-server and container-runtime to handle the final stage of starting containers

Question 5

What kube-proxy is responsible for?

Answer 5

Handles inside and outside communication of your cluster. It tries to rely on os networking capabilities to do so.

Question 6

What container runtime is responsible for?

Answer 6

Responsible for running containers on worker nodes.

Question 7

What’s the most popular container runtime?

Answer 7

containerd

Question 8

Deprecated container runtime, since when?

Answer 8

Docker, since 1.24

Question 9

What happens to worker nodes when control plane is not available?

Answer 9

Apps on worker nodes will keep running but scaling, scheduling new apps and some other functionality will be missing.

Question 10

Is kubernetes namespace suitable for strong isolation?

Answer 10

No

Question 11

How to divide cluster into multiple virtual clusters?

Answer 11

with namespaces

Question 12

A database that holds state of the cluster?

Answer 12

etcd

Question 13

Is etcd an official part of Kubernetes?

Answer 13

No, it is an independent project

Question 14

Centerpiece of kubernetes. All components interact with it.

Answer 14

kube-api-server

Question 15

User access kubernetes cluster through it

Answer 15

kube-api-server

Question 16

Chooses a worker that can fit a new workload based on CPU etc.

Answer 16

kube-scheduler

Question 17

Contain control loops that manage the state of the cluster

Answer 17

kube-controller-manager

Question 18

Optional control plane service that allows to interact with cloud providers API

Answer 18

cloud-controller-manager

Question 19

Server nodes types

Answer 19

Control plane node(s)
Worker nodes

Question 20

Cloud providers with kubernetes

Answer 20

Amazon (EKS)
Google (GKE)
Microsoft (AKS)
DigitalOcean (DOKS)

Question 21

Kubernetes distributions

Answer 21

OpenShift
Rancher
k3s
VMWare Tanzu

Question 22

cluster installers(production grade)

Answer 22

kubeadm
kops
kubespray

Question 23

test “clusters”

Answer 23

minikube
kind
microk8s

Question 24

Communicating with cluster is impossible without it

Answer 24

kube-api-server

Question 25

kube-api is implemented as a ___ interface that is exposed over ___

Answer 25

RESTful, HTTPS

Question 26

Three stages request has to go through before processing

Answer 26

Authentication Authorization Admission Control

Question 27

How kubernetes users are managed

Answer 27

always externally

Question 28

Admission controller can't block it

Answer 28

requests to read objects

Question 29

An ___ is a piece of code that intercepts requests to the Kubernetes API server prior to persistence of the object, but after the request is authenticated and authorized.

Answer 29

admission controller

Question 30

admission controller can be

Answer 30

validating mutating or both

Question 31

Common ways of authentication in kubernetes

Answer 31

digital signed certificate X.509 external identity management system service account for technical users

Question 32

During this stage It is decided what the requester is allowed to do

Answer 32

Authorization

Question 33

One of available Authorization methods in kubernetes

Answer 33

Role-based access control (RBAC)

Question 34

kubernetes wrapper around container

Answer 34

Pod

Question 35

Smallest compute unit in kubernetes

Answer 35

Pod

Question 36

a plugin interface which enables kubelet to use a wide variety of container runtimes, without the need to recompile

Answer 36

Container Runtime Interface(CRI)

Question 37

lightweight and performant implementation to run containers. Arguably the most popular container runtime right now. It is used by all major cloud providers for the Kubernetes As A Service products.

Answer 37

containerd

Question 38

was created by Red Hat and with a similar code base to containerd closely related to podman and buildah.

Answer 38

CRI-O

Question 39

a runtime that only contains the absolutely essentials to run containers

Answer 39

containerd CRI-O

Question 40

container runtime sandboxing tools

Answer 40

gvisor Kata containers

Question 41

A secure runtime that provides a lightweight virtual machine, but behaves like a container.

Answer 41

Kata containers

Question 42

Made by Google, provides an application kernel that sits between the containerized process and the host kernel.

Answer 42

gvisor

Question 43

Four networking problems in kubernetes

Answer 43

Container-to-container communications Pod-to-pod communications Pod-to-service communications External-to-service communications

Question 44

How External-to-Service communications is solved

Answer 44

It is implemented by the kube-proxy and packet filter on the node.

Question 45

How Pod-to-Service communications is solved

Answer 45

It is implemented by the kube-proxy and packet filter on the node.

Question 46

How Pod-to-Pod communications is solved

Answer 46

This can be solved with an overlay network.

Question 47

How Container-to-Container communications is solved

Answer 47

This can be solved by the Pod concept

Question 48

Kubernetes networking requirements

Answer 48

All pods can communicate with each other across nodes. All nodes can communicate with all pods. No Network Address Translation (NAT).

Question 49

container networking and security solutions

Answer 49

Project Calico Weave Cilium

Question 50

DNS server add-on which can provide service discovery and name resolution inside the cluster

Answer 50

core-dns

Question 51

Does pods have ip address?

Answer 51

Yes every pod gets its own ip address

Question 52

What if you create NetworkPolicy without a controller that will implement it?

Answer 52

it will have no effect

Question 53

___ act as cluster internal firewalls

Answer 53

NetworkPolicy

Question 54

how to control the traffic flow at the IP address or port level

Answer 54

use Network Policies

Question 55

scheduling

Answer 55

the process of automatically choosing the right (worker) node to run a containerized workload on.