MORE questions

Never stop being curious
This commit is contained in:
abregman 2022-10-26 21:43:43 +03:00
parent c469c84a26
commit 085ca9b7e8
5 changed files with 155 additions and 31 deletions

View File

@ -2520,30 +2520,6 @@ document_number: 2
[Wikipedia](https://en.wikipedia.org/wiki/Firmware): "In computing, firmware is a specific class of computer software that provides the low-level control for a device's specific hardware. Firmware, such as the BIOS of a personal computer, may contain basic functions of a device, and may provide hardware abstraction services to higher-level software such as operating systems."
</b></details>
#### Customers and Service Providers
<details>
<summary>What is SLO (service-level objective)?</summary><br><b>
</b></details>
<details>
<summary>What is SLA (service-level agreement)?</summary><br><b>
</b></details>
## Jira
<details>
<summary>Explain/Demonstrate the following types in Jira:
* Epic
* Story
* Task</summary><br><b>
</b></details>
<details>
<summary>What is a project in Jira?</summary><br><b>
</b></details>
## Cassandra
<details>

View File

@ -11,12 +11,13 @@
- [Practical ArgoCD 101](#practical-argocd-101)
- [CLI](#cli)
- [ArgoCD Configuration](#argocd-configuration)
- [Multi-Cluster Environment](#multi-cluster-environment)
- [Advanced ArgoCD](#advanced-argocd)
- [ArgoCD Application Health](#argocd-application-health)
- [ArgoCD Syncs](#argocd-syncs)
- [ArgoCD and Helm](#argocd-and-helm)
- [Argo Rollouts Questions](#argo-rollouts-questions)
- [Argo Rollouts 101](#argo-rollouts-101)
- [Argo Advanced Rollouts](#argo-advanced-rollouts)
- [Argo Rollouts Commands](#argo-rollouts-commands)
## ArgoCD Exercises
@ -148,6 +149,12 @@ Ella is right, ArgoCD is an extension of the cluster, that is very different fro
"Application"
</b></details>
<details>
<summary>Explain what is an "Application" in regards to ArgoCD</summary><br><b>
It's a custom resource definitions which responsible for the deployment and synchronization of application resources to a Kubernetes cluster.
</b></details>
<details>
<summary>How ArgoCD makes access management in the cluster easier?</summary><br><b>
@ -206,6 +213,14 @@ False. ArgoCD sync period is 3 minutes as of today (and not hours).
2. If states are equal, the application marked as "synced"
</b></details>
<details>
<summary>You deployed a new application in a namespace called "yay" but when running <code>kubectl get ns yay</code> you see there is no such namespace. What happened?</summary><br><b>
Deploying applications in non-existing namespaces doesn't create the namespace. For that you have to explicitly mark "Auto-create namespace".
To fix it, you can simply run `kubectl create namespace NAMESPACE_NAME` but it's better of course to have it stored in Git rather than running kubectl commands.
</b></details>
#### CLI
<details>
@ -241,6 +256,18 @@ argocd app create some-app \
`argocd app get some-app`
</b></details>
<details>
<summary>How to add an additional (external) cluster for ArgoCD to manage?</summary><br><b>
`argocd cluster add CLUSTER_ADDRESS/NAME`
</b></details>
<details>
<summary>How to list all the clusters ArgoCD manage?</summary><br><b>
`argocd cluster list`
</b></details>
### ArgoCD Configuration
<details>
@ -262,7 +289,25 @@ The value can be any number of seconds you would like to set.
sync functionality will be disabled.
</b></details>
### Multi-Cluster Environment
### Advanced ArgoCD
<details>
<summary>What is the "App of Apps Patterns"?</summary><br><b>
A solution from Argo community in regards to managing multiple similar applications.
Basically a pattern where you have root application that consists of other child applications.
So instead of creating multiple separate applications, you have the root application pointing to a repository with additional applications.
</b></details>
<details>
<summary>Can you provide some use cases for using "App of Apps Patterns"?</summary><br><b>
* Cluster Preparation: You would like to deploy multiple applications at once to bootstrap a Kubernetes cluster
TODO: add more :)
</b></details>
<details>
<summary>True or False? If you have multiple Kubernetes clusters you want to manage sync applications to with ArgoCD then, you must have ArgoCD installed on each one of them</summary><br><b>
@ -277,7 +322,7 @@ You don't usually want to go and update all of your clusters at once, especially
There are multiple ways to deal with it:
1. Branch Drived: Have branches for your GitOps repo where you push first to development, do some testing, merge it then to staging and if everything works fine in staging, you merge it to production.
1. Branch driven: Have branches for your GitOps repo where you push first to development, do some testing, merge it then to staging and if everything works fine in staging, you merge it to production.
2. Use overlays and Kustomize to control the context of where your changes synced based on the CI process/pipeline used.
</b></details>
@ -370,7 +415,56 @@ In addition, it supports A/B tests, automatic rollbacks and integrated metric an
- Argo Rollouts creates a new replicaset (that is the new app version)
- Old version is still alive
- ArgoCD marks the app as out-ofsync
- ArgoCD marks the app as out-of-sync
</b></details>
<details>
<summary>True or False? You need to install ArgoCD in order to use Argo Rollouts</summary><br><b>
False. Quite common misconception today but both cab be used independency even though they work nicely together.
</b></details>
### Argo Advanced Rollouts
<details>
<summary>Scott, an engineer in your team, executes manually some smoke tests and monitors rollouts every time a new version is deployed. This way, if there is an issue he detects, he performs a rollback. What better approach you might suggest him to take?</summary><br><b>
Shift towards fully automated rollbacks. Argo Rollouts supports multiple metric providers (Datadog, NewRelic, etc.) so you can use data and metrics for automating the rollbacks based on different conditions
</b></details>
<details>
<summary>Explain the concept of "Analysis" in regards to Argo Rollouts</summary><br><b>
Analysis is a resource deployed along a Rollout resources and defines the conditions and metrics threshols for performing a rollback
</b></details>
<details>
<summary>Explain the following configuration
```yaml
apiVersion: argoproj.io/v1alpha1
kind: AnalysisTemplate
metadata:
name: success-rate
spec:
args:
- name: service-name
metrics:
- name: success-rate
interval: 4m
count: 3
successCondition: result[0] >= 0.90
provider:
prometheus:
address: http:/some-prometheus-instance:80
query: sum(response_status{app="{{args.service-name}}",role="canary",status=~"2.*"})/sum(response_status{app="{{args.service-name}}",role="canary"}
```
</summary><br><b>
It's an Analysis resource that fetches response status from Prometheus (monitoring instance). If it's more than 0.90 the rollout will continue, if it's less than 0.90 a rollback will be performed meaning the canary deployment failed.
</b></details>
### Argo Rollouts Commands

View File

@ -1247,6 +1247,13 @@ If using the private key from the previous question then the command would be:
`openssl req -new -x509 -days 730 -key ca-private-key.pem -sha256 -out ca.pem`
</b></details>
<details>
<summary>Demonstrate one way to encode and decode data in Linux</summary><br><b>
Encode: `echo -n "some password" | base64`
Decode: `echo -n "allE19remO91" | base64`
</b></details>
<a name="questions-linux-networking"></a>
### Networking

View File

@ -1,4 +1,4 @@
## Security
# Security
<details>
<summary>What is DevSecOps? What its core principals?</summary><br><b>
@ -18,6 +18,10 @@ A couple of quotations from chosen companies:
[Codefresh definition](https://codefresh.io/security-testing/codefresh-runner-overview): "Zero trust is a security concept that is centered around the idea that organizations should never trust anyone or anything that does not originate from their domains. Organizations seeking zero trust automatically assume that any external services it commissions have security breaches and may leak sensitive information"
</b></details>
<details>
<summary>Explain the principle of least privilege</summary><br><b>
</b></details>
<details>
<summary>What it means to be "FIPS compliant"?</summary><br><b>
</b></details>
@ -549,3 +553,35 @@ You cant. You will always be exposed to security risk once you start using op
[Fred Cohen (permission needed)](https://reader.elsevier.com/reader/sd/pii/0167404887900319?token=D5339ABC064AD9A2B50B74D8CE890B0E22A302A0BC461A50078D407BEA01052737DC6AAEF95A854E72A73B6D0C67E260&originRegion=eu-west-1&originCreation=20220502180611): Checksum is a way to verify the integrity of information in systems with no built-in protection. In other words, it provides a way of validating that the content of a file or a package / library is intact. This is useful since attacks or errors may occur during transmission of files. However, it requires that the package author has run a checksum function for the file / package which creates a specific hash for that version of the file. A minor change of the file content will result in a different checksum. If you have access to the original checksum of the file, you may run checksum on your own. In case the resulting checksum matches the original one, no changes have been made in the file. You can now conclude that no error or malicious injection was done during transmission of the file.
</b></details>
## Microsegmentation
<details>
<summary>What is Microsegmentation?</summary><br><b>
- Security method
- Managing network access between endpoints (processes, devices, instances)
- A method in which security policies are applied to limit traffic
- based on concepts such as "Zero Trust" and "Least Privileged"
- The result of Microsegmentation should be:
- Reduced attack ability
- Better breach containment
</b></details>
<details>
<summary>Why do we need Microsegmentation solutions? Why using something such as firewalls isn't enough?</summary><br><b>
- Firewalls focused on north-south traffic. Basically traffic that is outside of the company perimeter
- Traffic that is considered west-east, internal workflows and communication, is usually left untreated
</b></details>
<details>
<summary>How Microsegmentation is applied?</summary><br><b>
There are different ways to apply Microsegmentation:
- Cloud Native: Using cloud embedded capabilities such as security groups, firewalls, etc.
- Agent: Agents running on the different endpoints (instances, services, etc.)
- Network: Modify network devices and their configuration to create microsegmentation
</b></details>

11
topics/sre/README.md Normal file
View File

@ -0,0 +1,11 @@
# Site Reliability Engineering
## SRE Questions
<details>
<summary>What is SLO (service-level objective)?</summary><br><b>
</b></details>
<details>
<summary>What is SLA (service-level agreement)?</summary><br><b>
</b></details>