Week 15: Architecting Cloud Applications Flashcards
(22 cards)
What is Kubernetes, and its advantages?
A platform to orchestrate the deployment, scaling, and management of container‑based applications
Container orchestration: schedules all containers onto physical or virtual machines
Efficient packing of containers for optimal resource use
Self‑healing: automatically replaces dead, unresponsive, or unhealthy containers
Extensible (not a PaaS)—leaves higher‑level workflows and UI to systems like Deis, OpenShift, Eldario
What are the options for local Kubernetes development?
Minikube: lightweight local Kubernetes, ideal for learning and development
Docker Desktop: includes a built‑in local Kubernetes cluster
Kind (“Kubernetes IN Docker”)
K3s: a lightweight Kubernetes distribution
MicroK8s: minimal, production‑grade Kubernetes
What are the cloud providers for Kubernetes?
Google Kubernetes Engine (GKE) on GCP
Elastic Kubernetes Service (EKS) on AWS (with eksctl by Weaveworks)
Azure Kubernetes Service (AKS) on Azure
IBM Cloud Kubernetes Service
Oracle Container Engine for Kubernetes
Plus others such as DigitalOcean, Alibaba Cloud, Rackspace, Tencent, …
Describe the overall architecture.
A hub‑and‑spoke API pattern: all API traffic (from nodes or pods) terminates at the API Server
Control plane (the master) maintains the global state, schedules pods, and handles cluster‑level events
Worker nodes run pods and provide compute, memory, storage, and networking resources
What are the components and responsibilities of the master nodes? worker nodes?
Master node (control plane)
API Server: central entry point for all REST commands
Controller Manager: enforces desired state (e.g., replication)
Scheduler: places pods onto appropriate nodes
etcd: highly‑available key‑value store for cluster state
Worker node
kubelet: node agent that ensures pods are running as specified
kube‑proxy: routes traffic and load‑balances across pods
Container Runtime: (e.g., containerd, Docker, CRI‑O) launches and manages containers
What are clusters and nodes?
Cluster: collection of hosts (nodes) providing compute, memory, storage, and networking for running containerized workloads
Node: a virtual or physical machine managed by the control plane; runs pods and node‑level services
Define etcd, kubelet, kube-proxy, and container-runtime.
etcd: consistent, highly‑available key‑value store holding all cluster state
kubelet: agent on each node; communicates with the control plane and manages pod lifecycles
kube‑proxy: network proxy on each node; routes and load‑balances service traffic to pods
Container Runtime: OCI‑compliant engine (e.g., containerd, Docker, CRI‑O) that pulls images and runs containers
What is the purpose of namespaces and resource quotas?
Namespaces: virtual clusters backed by the same physical cluster; isolate resources so names only need to be unique within each namespace
Resource Quotas: constraints (via the ResourceQuota object) that limit total resource consumption and object counts per namespace to control aggregate usage
What are pods and their advantages?
A Pod is the smallest deployable unit in Kubernetes: a grouping of one or more containers that
Share namespaces (e.g., network)
Communicate via localhost
Advantages:
Co‑schedules tightly coupled containers on the same node
Simplifies inter‑container communication
Enables innovative patterns (sidecar, ambassador, adapter) for extending functionality
What are some common design patterns and their use cases?
Sidecar
Two containers: application + sidecar
Use cases: adding HTTPS to a legacy service; dynamic configuration delivery
Ambassador
Broker container that mediates between the app and external services
Use cases: sharding a service; service discovery; running experiments or request splitting
Adapter
Container that transforms or adapts protocols/interfaces for the main app
Use cases: protocol translation; legacy interface adaptation; log or data format conversion
What are labels and label selectors, and what is their purpose?
Labels are key/value pairs attached to Kubernetes objects (e.g., Pods) to organize and categorize them.
Label selectors let you query and operate on subsets of objects based on those labels.
They enable users to impose their own organizational structure on system objects in a loosely coupled way, with label selectors serving as the core grouping primitive in Kubernetes.
What is the role of a ReplicaSet, and what is its purpose? Explain the fields associated with it.
A ReplicaSet ensures a stable set of identically configured Pods is running at all times, guaranteeing availability.
Fields:
Selector: defines how to identify which Pods belong to this ReplicaSet
Replicas: specifies the desired number of Pod instances
Pod template: blueprint for creating new Pods when scaling up or replacing failed ones
How do Deployments, StatefulSets, and Jobs manage pods? What are their use cases?
Deployment:
Manages ReplicaSets to provide declarative updates and rollouts of Pods at a controlled rate.
Use case: rolling updates, rollbacks, scaling stateless applications.
StatefulSet:
Manages Pods with stable, unique identities and ordered deployment/scale‑up/scale‑down.
Use case: stateful applications requiring persistent identifiers and stable storage (e.g., databases).
Job:
Creates Pods to run to completion, retrying until a specified number succeed.
Use case: batch or one‑off tasks that must reliably complete (e.g., data processing jobs).
What problem does the Kubernetes Service abstraction solve in relation to pod IP volatility and service discovery?
Pods run in a flat, cluster‑wide address space and receive ephemeral IPs that change whenever they’re recreated
Clients would otherwise need to track changing pod IPs to communicate reliably
A Service provides a stable virtual IP (clusterIP) and logical grouping, so consumers can always reach the right pods despite IP churn
How does a Service define access to a group of pods using label selectors, and how does it enable load balancing?
A Service’s spec includes a label selector (e.g., app=MyApp) to identify the target pods and a port mapping (e.g., TCP 9376)
When created, the Service is assigned a clusterIP that remains constant for its lifetime
kube‑proxy on each node watches Services and Endpoints, and uses the clusterIP to route and evenly load‑balance incoming traffic across all matching pods
What is the difference between Kubernetes-native and non-native service discovery?
Kubernetes‑native: applications use the Kubernetes API to watch the Endpoints resource, automatically discovering pod addresses as they change
Non‑native: legacy or external apps can’t call the API, so Kubernetes exposes Services via NodePort or external LoadBalancer ports to bridge traffic without requiring API integration
What role does kube‑proxy play, and what are the three proxy modes?
kube‑proxy runs on every node, watches the API Server for Services and Endpoints, and implements virtual IPs to route and load‑balance service traffic.
Proxy modes:
User‑space proxy mode
iptables proxy mode
IPVS proxy mode
What are the advantages of assigning each Pod a unique IP?
Pods get their own IP in a flat, cluster‑wide network, so:
No manual port mappings between containers and hosts
Containers can address each other directly via localhost within a Pod and via IP across nodes
Simplifies networking and avoids NAT or link objects
What are the disadvantages of Round‑Robin DNS, and what are the limitations related to DNS TTL?
Disadvantages of Round‑Robin DNS: doesn’t adapt instantly to pod churn, so clients may be sent to non‑existent or unhealthy endpoints.
DNS TTL limitations:
Some DNS servers ignore or don’t respect low TTLs
Clients may cache records longer than the specified TTL
Very low or zero TTLs increase query load on DNS servers
What are the two primary service discovery methods, and what are their roles?
Environment variables: kubelet injects a set of env vars for each active Service into Pods at startup, letting apps read service endpoints directly from their environment.
DNS: a cluster‑aware DNS server (e.g., CoreDNS) watches the API for Services and creates DNS records so Pods can resolve service names to IPs.
What are the different Kubernetes service types (4), and how do they expose services?
ClusterIP (Default): exposes the Service on a cluster‑internal IP, only reachable within the cluster.
NodePort: opens a static port on every Node’s IP; external clients use <NodeIP>:<NodePort> which kube‑proxy forwards to the Service.</NodePort></NodeIP>
LoadBalancer: provisions an external cloud load balancer that fronts the Service (automatically creates underlying NodePort and ClusterIP).
ExternalName: returns a CNAME DNS record pointing to an external hostname (no proxying of traffic).
What is the purpose of the Ingress resource?
Defines HTTP/HTTPS routing rules for external traffic into cluster Services.
Exposes hostnames, paths, SSL termination, and load balancing without requiring individual Service Type=LoadBalancer.
Enables name‑based virtual hosting and consolidated edge routing.
