QUESTIONS AND ANSWERS
1.What Is Kubernetes?Kubernetes is an open-source container management (orchestration) tool. It’s container management responsibilities include container deployment, scaling & descaling of containers & container load balancing.
2.What are the features of Kubernetes?
- Kubernetes places control for the user where the server will host the container.
- It will control how to launch. So, Kubernetes automates various manual processes.
- Kubernetes manages various clusters at the same time.
- It provides various additional services like management of containers, security, networking, and storage.
- Kubernetes self-monitors the health of nodes and containers.
- With Kubernetes, users can scale resources not only vertically but also horizontally that too easily and quickly.
3.What are the various things that can be done to increase Kubernetes security?
By default, POD can communicate with any other POD, we can set up network policies to limit this communication between the PODs.
- BAC (Role-based access control) to narrow down the permissions.
- Use namespaces to establish security boundaries.
- Set the admission control policies to avoid running the privileged containers.
- Turn on audit logging.
4.How to monitor the Kubernetes cluster?
Prometheus is used for Kubernetes monitoring. The Prometheus ecosystem consists of multiple components.
- Mainly Prometheus server which scrapes and stores time-series data.
- Client libraries for instrumenting application code.
- Push gateway for supporting short-lived jobs.
- Special-purpose exporters for services like StatsD, HAProxy, Graphite, etc.
- An alert manager to handle alerts on various support tools.
5. How to get the central logs from POD?
This architecture depends upon the application and many other factors. Following are the common logging patterns
· Node level logging agent.
· Streaming sidecar container.
· Sidecar container with the logging agent.
· Export logs directly from the application.
In the setup, journalbeat and filebeat are running as daemonset. Logs collected by these are dumped to the kafka topic which is eventually dumped to the ELK stack
6.What is an Operator?“Operators are software extensions to K8s which make use of custom resources to manage applications and their components. Operators follow Kubernetes principles, notably the control loop.”
7.Why do we need Operators?
The process of managing applications in Kubernetes isn’t as straightforward as managing stateless applications, where reaching the desired status and upgrades are both handled the same way for every replica. In stateful applications, upgrading each replica might require different handling due to the stateful nature of the app, each replica might be in a different status. As a result, we often need a human operator to manage stateful applications. Kubernetes Operator is supposed to assist with this.
This will also help with automating a standard process on multiple Kubernetes clusters
8.How to run Kubernetes locally?
Kubernetes can be set up locally using the Minikube tool. It runs a single-node bunch in a VM on the computer. Therefore, it offers the perfect way for users who have just ongoing learning Kubernetes.
9. What is Kubernetes Load Balancing?
Load Balancing is one of the most common and standard ways of exposing the services. There are two types of load balancing in K8s and they are:
Internal load balancer – This type of balancer automatically balances loads and allocates the pods with the required incoming load.
External Load Balancer – This type of balancer directs the traffic from the external loads to backend pods.
10. What is the difference between Docker Swarm and Kubernetes?
Below are the main difference between Kubernetes and Docker:
· The installation procedure of the K8s is very complicated but if it is once installed then the cluster is robust. On the other hand, the Docker swarm installation process is very simple but the cluster is not at all robust.
· Kubernetes can process the auto-scaling but the Docker swarm cannot process the auto-scaling of the pods based on incoming load.
· Kubernetes is a full-fledged Framework. Since it maintains the cluster states more consistently so autoscaling is not as fast as Docker Swarm.
11. What runs inside the kubernetes worker nodes?
Kubernetes Worker node is a machine where workloads get deployed. The workloads are in the form of containerised applications and because of that, every node in the cluster must run the container run time such as docker in order to run those workloads. You can have multiple masters mapped to multiple worker nodes or a single master having a single worker node. Also, the worker nodes are not gossiping or doing leader election or anything that would lead to odd-quantities. The role of the container run time is to start and managed containers. The kubelet is responsible for running the state of each node and it receives commands and works to do from the master. It also does the health check of the nodes and make sure they are healthy. Kubelet is also responsible for metric collectins of pods as well. The kube-proxy is a component that manages host subnetting and makes services available to other components.
12. If a pod exceeds its memory “limit” what signal is sent to the process?
SIGKILL as immediately terminates the container and spawns a new one with OOM error. The OS, if using a cgroup based containerisation (docker, rkt, etc), will do the OOM killing. Kubernetes simply sets the cgroup limits but is not ultimately responsible for killing the processes.`SIGTERM` is sent to PID 1 and k8s waits for (default of 30 seconds) `terminationGracePeriodSeconds` before sending the `SIGKILL` or you can change that time with terminationGracePeriodSeconds in the pod. As long as your container will eventually exit, it should be fine to have a long grace period. If you want a graceful restart it would have to do it inside the pod. If you don’t want it killed, then you shouldn’t set a memory `limit` on the pod and there’s not a way to disable it for the whole node. Also, when the liveness probe fails, the container will SIGTERM and SIGKILL after some grace period.
13. What are the various K8’s services running on nodes and describe the role of each service?Mainly K8 cluster consists of two types of nodes, executor and master.
Executor node: (This runs on master node)
- Kube-proxy: This service is responsible for the communication of pods within the cluster and to the outside network, which runs on every node. This service is responsible to maintain network protocols when your pod establishes a network communication.
- kubelet: Each node has a running kubelet service that updates the running node accordingly with the configuration(YAML or JSON) file. NOTE: kubelet service is only for containers created by Kubernetes.
- Kube-apiserver: Master API service which acts as an entry point to K8 cluster.
- Kube-scheduler: Schedule PODs according to available resources on executor nodes.
- Kube-controller-manager: is a control loop that watches the shared state of the cluster through the apiserver and makes changes attempting to move the current state towards the desired stable state
14. What is a node in Kubernetes?A node is the smallest fundamental unit of computing hardware. It represents a single machine in a cluster, which could be a physical machine in a data center or a virtual machine from a cloud provider. Each machine can substitute any other machine in a Kubernetes cluster. The master in Kubernetes controls the nodes that have containers.
15. What process runs on Kubernetes Master Node?The Kube-api server process runs on the master node and serves to scale the deployment of more instances.
16. What does the node status contain?The main components of a node status are Address, Condition, Capacity, and Info.
17. What is the job of the kube-scheduler?The kube-scheduler assigns nodes to newly created pods
18. What is a Namespace in Kubernetes?Namespaces are used for dividing cluster resources between multiple users. They are meant for environments where there are many users spread across projects or teams and provide a scope of resources.
19. Name the initial namespaces from which Kubernetes starts?
- Kube – system
- Kube – public
20. What is Minikube?With the help of Minikube, users can Kubernetes locally. This process lets the user run a single-node Kubernetes cluster on your personal computer, including Windows, macOS, and Linus PCs. With this, users can try out Kubernetes also for daily development work.
21. What is Kubelet?The kubelet is a service agent that controls and maintains a set of pods by watching for pod specs through the Kubernetes API server. It preserves the pod lifecycle by ensuring that a given set of containers are all running as they should. The kubelet runs on each node and enables the communication between the master and slave nodes.
22. What is Kubectl?Kubectl is a CLI (command-line interface) that is used to run commands against Kubernetes clusters. As such, it controls the Kubernetes cluster manager through different create and manage commands on the Kubernetes component
23 .How can you get a static IP for a Kubernetes load balancer?A static IP for the Kubernetes load balancer can be achieved by changing DNS records since the Kubernetes Master can assign a new static IP address
24. What is Kube-proxy?Kube-proxy is an implementation of a load balancer and network proxy used to support service abstraction with other networking operations. Kube-proxy is responsible for directing traffic to the right container based on IP and the port number of incoming requests.
25.What is ClusterIP?The ClusterIP is the default Kubernetes service that provides a service inside a cluster (with no external access) that other apps inside your cluster can access.
26. What are the different services within Kubernetes?
Different types of Kubernetes services include:
· Cluster IP service
· Node Port service
· External Name Creation service and
· Load Balancer service
27. What are the main components of Kubernetes architecture?There are two primary components of Kubernetes Architecture: the master node and the worker node. Each of these components has individual components in them.
28. How do you package Kubernetes applications?Helm is a package manager which allows users to package, configure, and deploy applications and services to the Kubernetes cluster. helm init # when you execute this command client is going to create a deployment in the cluster and that deployment will install the tiller, the server side of Helm The packages we install through client are called charts. They are bundles of templatized manifests. All the templating work is done by the Tiller helm search redis # searches for a specific application helm install stable/redis # installs the application helm ls # list the applications
29.How to do maintenance activity on the K8 node?Whenever there are security patches available the Kubernetes administrator has to perform the maintenance task to apply the security patch to the running container in order to prevent it from vulnerability, which is often an unavoidable part of the administration. The following two commands are useful to safely drain the K8s node.
- kubectl cordon
- kubectl drain –ignore-daemon set
- kubectl get nodes: to list all the nodes
- kubectl drain <node name>: drain a particular node
30.List various services available in KubernetesVarious services available in Kubernetes are
1) Cluster IP service,
2) Load Balancer service,
3) Node Port service,
4) External Name Creation service.
What are the disadvantages of Kubernetes?
- Kubernetes dashboard is not as helpful as it should be
- Security is not very effective.
- It is very complex and can reduce productivity
32. What is GKE?GKE or Google Container Engine is a management platform that supports clusters and Docker containers that run within public cloud services of Google.
33.Why load balancer is needed?A load balancer is needed because it gives a standard way to distribute network traffic among different services, which runs in the backend.
34. List components of KubernetesThere are three components of Kubernetes, they are:
- Node components
- Master Components
35. List tools for container orchestrationThe tools for container orchestration are 1) Docker swarm, 2) Apache Mesos, and 3) Kubernetes.
List out some important Kubectl commands:
The important Kubectl commands are:
- kubectl annotate
- kubectl cluster-info
- kubectl attach
- kubectl appl
- kubectl confi
- kubectl autoscal
- kubectl config current-context
- kubectl config set.
37. Explain the types of Kubernetes podsThere are two types of pods in Kubernetes:
- Single Container Pod: It can be created with the run command.
- Multicontainer pods: It can be created using the “create” command in Kubernetes.
38. What are Secrets in Kubernetes?
Secrets are sensitive information like login credentials of the user. They are objects in Kubernetes that stores sensitive information like username and password after performing encryption.
K8s (K-eight characters-S) is a term for Kubernetes. It is an open-source orchestration framework for the containerized applications
What are the types of Kubernetes Volume?
The types of Kubernetes Volume are:
- GCE persistent disk
41.What is Kubernetes proxy service?Kubernetes proxy service is a service which runs on the node and helps in making it available to an external host.
42.What is the Kubernetes Network Policy?
Network Policy defines how the pods in the same namespace would communicate with each other and the network endpoint.
43.What is ContainerCreating pod?
A ContainerCreating pod is one that can be scheduled on a node but can’t start up properly.
44. What are the ways to provide API-Security on Kubernetes?The ways to provide API-Security on Kubernetes are:
- Using correct auth mode with API server authentication mode= Node.
- Make kubeless that protects its API via authorization-mode=Webhook.
- Ensure the kube-dashboard uses a restrictive RBAC (Role-Based Access Control) policy
45. What are the important components of node status?The important component of node status are:
46. Mention the types of controller managers
Types of controller managers are:
1) endpoints controller,
2) service accounts controller,
3) node controller,
4) namespace controller,
5) replication controller,
6) token controller.
47. Define Heapster in KubernetesA Heapster is a metrics collection and performance monitoring system for data that are collected by the Kublet.
48. Why use Daemon sets?Daemon sets are used because:
- It enables to runs storage platforms like ceph and glusterd on each node.
- Daemon sets run the logs collection on every node such as filebeat or fluentd.
- It performs node monitoring on each and every node.
49. Mention the uses of GKEThe uses of the GKE (Google Kubernetes Engine) are:
- It can be used to create docker container clusters
- Resize application controllers
- Update and then upgrade the clusters of container
- Debug cluster of the container.
- GKE can be used to creates a replication controller, jobs, services, container pods, or load balancer.