Add a couple of Kubernetes questions and exercises

Also updated CKA page.
2022-10-16 18:19:39 +03:00
parent 9d018343c0
commit 64e6614680
7 changed files with 358 additions and 81 deletions
--- a/topics/kubernetes/CKA.md
+++ b/topics/kubernetes/CKA.md
@@ -11,6 +11,9 @@
    - [Troubleshooting ReplicaSets](#troubleshooting-replicasets)
  - [Deployments](#deployments)
    - [Troubleshooting Deployments](#troubleshooting-deployments)
  - [Scheduler](#scheduler)
  - [Labels and Selectors](#labels-and-selectors)
  - [Taints](#taints)
 ## Setup
@@ -136,6 +139,14 @@ You can also run `k describe po POD_NAME`
 `k delete po nm`
 </b></details>
 <details>
 <summary>List all the pods with the label "env=prod"</summary><br><b>
 `k get po -l env=prod`
 To count them: `k get po -l env=prod --no-headers | wc -l`
 </b></details>
 ### Troubleshooting Pods
 <details>
@@ -180,6 +191,12 @@ Because there is no such image `sheris`. At least for now :)
 To fix it, run `kubectl edit ohno` and modify the following line `- image: sheris` to `- image: redis` or any other image you prefer.
 </b></details>
 <details>
 <summary>You try to run a Pod but it's in "Pending" state. What might be the reason?</summary><br><b>
 One possible reason is that the scheduler which supposed to schedule Pods on nodes, is not running. To verify it, you can run `kubectl get po -A | grep scheduler` or check directly in `kube-system` namespace.
 </b></details>
 ## Namespaces
 <details>
@@ -194,6 +211,32 @@ To fix it, run `kubectl edit ohno` and modify the following line `- image: sheri
 `k create ns alle`
 </b></details>
 <details>
 <summary>Check how many namespaces are there</summary><br><b>
 `k get ns --no-headers | wc -l`
 </b></details>
 <details>
 <summary>Check how many pods exist in the "dev" namespace</summary><br><b>
 `k get po -n dev`
 </b></details>
 <details>
 <summary>Create a pod called "kartos" in the namespace dev. The pod should be using the "redis" image.</summary><br><b>
 If the namespace doesn't exist already: `k create ns dev`
 `k run kratos --image=redis -n dev`
 </b></details>
 <details>
 <summary>You are looking for a Pod called "atreus". How to check in which namespace it runs?</summary><br><b>
 `k get po -A | grep atreus`
 </b></details>
 ## Nodes
 <details>
@@ -212,10 +255,57 @@ Note: create an alias (`alias k=kubectl`) and get used to `k get no`
 ## Services
 <details>
 <summary>Check how many services are running in the current namespace</summary><br><b>
 `k get svc`
 </b></details>
 <details>
 <summary>Create an internal service called "sevi" to expose the app 'web' on port 1991</summary><br><b>
 </b></details>
 <details>
 <summary>How to reference by name a service called "app-service" within the same namespace?</summary><br><b>
 app-service
 </b></details>
 <details>
 <summary>How to check the TargetPort of a service?</summary><br><b>
 `k describe svc <SERVICE_NAME>`
 </b></details>
 <details>
 <summary>How to check what endpoints the svc has?</summary><br><b>
 `k describe svc <SERVICE_NAME>`
 </b></details>
 <details>
 <summary>How to reference by name a service called "app-service" within a different namespace, called "dev"?</summary><br><b>
 app-service.dev.svc.cluster.local
 </b></details>
 <details>
 <summary>Assume you have a deployment running and you need to create a Service for exposing the pods. This is what is required/known:
 * Deployment name: jabulik
 * Target port: 8080
 * Service type: NodePort
 * Selector: jabulik-app
 * Port: 8080
 </summary><br><b>
 `kubectl expose deployment jabulik --name=jabulik-service --target-port=8080 --type=NodePort --port=8080 --dry-run=client -o yaml -> svc.yaml`
 `vi svc.yaml` (make sure selector is set to `jabulik-app`)
 `k apply -f svc.yaml`
 </b></details>
 ## ReplicaSets
 <details>
@@ -427,3 +517,56 @@ status: {}
 The selector doesn't match the label (dep vs depdep). To solve it, fix depdep so it's dep instead.
 </b></details>
 ## Scheduler
 <details>
 <summary>How to schedule a pod on a node called "node1"?</summary><br><b>
 `k run some-pod --image=redix -o yaml --dry-run=client > pod.yaml`
 `vi pod.yaml` and add:
 ```
 spec:
  nodeName: node1
 ```
 `k apply -f pod.yaml`
 Note: if you don't have a node1 in your cluster the Pod will be stuck on "Pending" state.
 </b></details>
 ## Labels and Selectors
 <details>
 <summary>How to list all the Pods with the label "app=web"?</summary><br><b>
 `k get po -l app=web`
 </b></details>
 <details>
 <summary>How to list all objects labeled as "env=staging"?</summary><br><b>
 `k get all -l env=staging`
 </b></details>
 <details>
 <summary>How to list all deployments from "env=prod" and "type=web"?</summary><br><b>
 `k get deploy -l env=prod,type=web`
 </b></details>
 ## Taints
 <details>
 <summary>Check if there are taints on node "master"</summary><br><b>
 `k describe no master | grep -i taints`
 </b></details>
 <details>
 <summary>Create a taint on one of the nodes in your cluster with key of "app" and value of "web" and effect of "NoSchedule"</summary><br><b>
 `k taint node minikube app=web:NoSchedule`
 </b></details>
--- a/topics/kubernetes/README.md
+++ b/topics/kubernetes/README.md
@@ -15,10 +15,14 @@ What's your goal?
    - [Pods](#pods)
    - [Service](#service)
    - [ReplicaSet](#replicaset)
    - [Labels and Selectors](#labels-and-selectors)
    - [Scheduler](#scheduler)
  - [Kubernetes Questions](#kubernetes-questions)
    - [Kubernetes 101](#kubernetes-101)
    - [Cluster and Architecture](#cluster-and-architecture)
    - [Pods](#pods-1)
      - [Pods - Commands](#pods---commands)
      - [Pods - Troubleshooting and Debugging](#pods---troubleshooting-and-debugging)
    - [Deployments](#deployments)
    - [Services](#services)
    - [Ingress](#ingress)
@@ -43,6 +47,8 @@ What's your goal?
    - [Troubleshooting Scenarios](#troubleshooting-scenarios)
    - [Istio](#istio)
    - [Controllers](#controllers)
    - [Scheduler](#scheduler-1)
  - [Taints](#taints)
    - [Scenarios](#scenarios)
 ## Kubernetes Exercises
@@ -68,6 +74,18 @@ What's your goal?
 | Operating ReplicaSets | ReplicaSet | [Exercise](replicaset_02.md) | [Solution](solutions/replicaset_02_solution.md)
 | ReplicaSets Selectors | ReplicaSet | [Exercise](replicaset_03.md) | [Solution](solutions/replicaset_03_solution.md)
 ### Labels and Selectors
 |Name|Topic|Objective & Instructions|Solution|Comments|
 |--------|--------|------|----|----|
 | Labels and Selectors 101 | Labels, Selectors | [Exercise](exercises/labels_and_selectors/exercise.md) | [Solution](exercises/labels_and_selectors/solution.md)
 ### Scheduler
 |Name|Topic|Objective & Instructions|Solution|Comments|
 |--------|--------|------|----|----|
 | Taints 101 | Taints | [Exercise](exercises/taints_101/exercise.md) | [Solution](exercises/taints_101/solution.md)
 ## Kubernetes Questions
 ### Kubernetes 101
@@ -259,9 +277,9 @@ Apply requests and limits, especially on third party applications (where the unc
 </b></details>
 <details>
-<summary>True of False? The scheduler is responsible for both deciding where a Pod will run and actually run it</summary><br><b>
+<summary>What <code>kubectl get componentstatus</code> does?</summary><br><b>
-False. While the scheduler is responsible for choosing the node on which the Pod will run, Kubelet is the one that actually runs the Pod.
+Outputs the status of each of the control plane components.
 </b></details>
 ### Pods
@@ -330,40 +348,16 @@ False. By default, pods are non-isolated = pods accept traffic from any source.
 False. "Pending" is after the Pod was accepted by the cluster, but the container can't run for different reasons like images not yet downloaded.
 </b></details>
 <details>
 <summary>How to list the pods in the current namespace?</summary><br><b>
 `kubectl get po`
 </b></details>
 <details>
 <summary>How view all the pods running in all the namespaces?</summary><br><b>
 `kubectl get pods --all-namespaces`
 </b></details>
 <details>
 <summary>True or False? A single Pod can be split across multiple nodes</summary><br><b>
 False. A single Pod can run on a single node.
 </b></details>
 <details>
 <summary>How to delete a pod?</summary><br><b>
 `kubectl delete pod pod_name`
 </b></details>
 <details>
 <summary>You run a pod and you see the status <code>ContainerCreating</code></summary><br><b>
 </b></details>
 <details>
 <summary>How to find out on which node a certain pod is running?</summary><br><b>
 `kubectl get po -o wide`
 </b></details>
 <details>
 <summary>What are "Static Pods"?</summary><br><b>
@@ -513,12 +507,48 @@ False. Each Pod gets an IP address but an internal one and not publicly accessib
 To make a Pod externally accessible, we need to use an object called Service in Kubernetes.
 </b></details>
 #### Pods - Commands
 <details>
-<summary>How to check to which worker node the pods were scheduled to?</summary><br><b>
+<summary>How to check to which worker node the pods were scheduled to? In other words, how to check on which node a certain Pod is running?</summary><br><b>
 `kubectl get pods -o wide`
 </b></details>
 <details>
 <summary>How to delete a pod?</summary><br><b>
 `kubectl delete pod pod_name`
 </b></details>
 <details>
 <summary>List all the pods with the label "env=prod"</summary><br><b>
 `k get po -l env=prod`
 To count them: `k get po -l env=prod --no-headers | wc -l`
 </b></details>
 <details>
 <summary>How to list the pods in the current namespace?</summary><br><b>
 `kubectl get po`
 </b></details>
 <details>
 <summary>How view all the pods running in all the namespaces?</summary><br><b>
 `kubectl get pods --all-namespaces`
 </b></details>
 #### Pods - Troubleshooting and Debugging
 <details>
 <summary>You try to run a Pod but it's in "Pending" state. What might be the reason?</summary><br><b>
 One possible reason is that the scheduler which supposed to schedule Pods on nodes, is not running. To verify it, you can run `kubectl get po -A | grep scheduler` or check directly in `kube-system` namespace.
 </b></details>
 ### Deployments
 <details>
@@ -700,6 +730,16 @@ The selector doesn't match the label (dep vs depdep). To solve it, fix depdep so
 In simpler words, it allows you to add an internal or external connectivity to a certain application running in a container.
 </b></details>
 <details>
 <summary>Place the components in the right placeholders in regards to Kubernetes service<br>
 <img src="images/service_exercise.png"/>
 </summary><br><b>
 <img src="images/service_solution.png"/>
 </b></details>
 <details>
 <summary>How to create a service for an existing deployment called "alle" on port 8080 so the Pod(s) accessible via a Load Balancer?</summary><br><b>
@@ -708,12 +748,6 @@ The imperative way:
 `kubectl expose deployment alle --type=LoadBalancer --port 8080`
 </b></details>
 <details>
 <summary>An internal load balancer in Kubernetes is called <code>____</code> and an external load balancer is called <code>____</code></summary><br><b>
 An internal load balancer in Kubernetes is called Service and an external load balancer is Ingress
 </b></details>
 <details>
 <summary>True or False? The lifecycle of Pods and Services isn't connected so when a Pod dies, the Service still stays </summary><br><b>
@@ -726,6 +760,12 @@ True
 `kubectl get svc`
 </b></details>
 <details>
 <summary>What's the default Service type?</summary><br><b>
 ClusterIP - used for internal communication.
 </b></details>
 <details>
 <summary>What Service types are there?</summary><br><b>
@@ -926,6 +966,12 @@ Explanation as to who added them:
 You can run `curl <SERIVCE IP>:<SERVICE PORT>` to examine the output.
 </b></details>
 <details>
 <summary>An internal load balancer in Kubernetes is called <code>____</code> and an external load balancer is called <code>____</code></summary><br><b>
 An internal load balancer in Kubernetes is called Service and an external load balancer is Ingress
 </b></details>
 ### Ingress
 <details>
@@ -1435,7 +1481,6 @@ When chosen as the data store etcd was (and still is of course):
 Namespaces allow you split your cluster into virtual clusters where you can group your applications in a way that makes sense and is completely separated from the other groups (so you can for example create an app with the same name in two different namespaces)
 </b></details>
 <a name="namespaces-use-cases"></a>
 <details>
 <summary>Why to use namespaces? What is the problem with using one default namespace?</summary><br><b>
@@ -1471,20 +1516,58 @@ False. When a namespace is deleted, the resources in that namespace are deleted
 <details>
 <summary>How to list all namespaces?</code></summary><br><b>
-`kubectl get namespaces`
+`kubectl get namespaces` OR `kubectl get ns`
 </b></details>
 <details>
 <summary>Create a namespace called 'alle'</summary><br><b>
 `k create ns alle`
 </b></details>
 <details>
 <summary>Check how many namespaces are there</summary><br><b>
 `k get ns --no-headers | wc -l`
 </b></details>
 <details>
 <summary>Check how many pods exist in the "dev" namespace</summary><br><b>
 `k get po -n dev`
 </b></details>
 <details>
 <summary>Create a pod called "kartos" in the namespace dev. The pod should be using the "redis" image.</summary><br><b>
 If the namespace doesn't exist already: `k create ns dev`
 `k run kratos --image=redis -n dev`
 </b></details>
 <details>
 <summary>You are looking for a Pod called "atreus". How to check in which namespace it runs?</summary><br><b>
 `k get po -A | grep atreus`
 </b></details>
 <details>
 <summary>What kube-public contains?</summary><br><b>
 * A configmap, which contains cluster information
-* Publicely accessible data
+* Publicly accessible data
 </b></details>
 <details>
 <summary>How to get the name of the current namespace?</code></summary><br><b>
-kubectl config view | grep namespace
+`kubectl config view | grep namespace`
 </b></details>
 <details>
@@ -1493,27 +1576,6 @@ kubectl config view | grep namespace
 It holds information on hearbeats of nodes. Each node gets an object which holds information about its availability.
 </b></details>
 <details>
 <summary>How to create a namespace?</summary><br><b>
 One way is by running `kubectl create namespace [NAMESPACE_NAME]`
 Another way is by using namespace configuration file:
 ```
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: some-cofngimap
  namespace: some-namespace
 ```
 </b></details>
 <details>
 <summary>What default namespace contains?</summary><br><b>
 Any resource you create while using Kubernetes.
 </b></details>
 <details>
 <summary>True or False? With namespaces you can limit the resources consumed by the users/teams</summary><br><b>
@@ -1545,13 +1607,7 @@ kubectl create quota some-quota --hard-cpu=2,pods=2
 <details>
 <summary>Which resources are accessible from different namespaces?</code></summary><br><b>
-Service.
+Services.
 </b></details>
 <details>
 <summary>Let's say you have three namespaces: x, y and z. In x namespace you have a ConfigMap referencing service in z namespace. Can you reference the ConfigMap in x namespace from y namespace?</code></summary><br><b>
 No, you would have to create separate namespace in y namespace.
 </b></details>
 <details>
@@ -1653,22 +1709,6 @@ kubectl delete pods --field-selector=status.phase!='Running'
 kubectl top pod
 </b></details>
 <details>
 <summary>What <code>kubectl get componentstatus</code> does?</summary><br><b>
 Outputs the status of each of the control plane components.
 </b></details>
 <details>
 <summary>What is Minikube?</summary><br><b>
 Minikube is a lightweight Kubernetes implementation. It create a local virtual machine and deploys a simple (single node) cluster.
 </b></details>
 <details>
 <summary>How do you monitor your Kubernetes?</summary><br><b>
 </b></details>
 <details>
 <summary>You suspect one of the pods is having issues, what do you do?</summary><br><b>
@@ -2410,6 +2450,53 @@ Explained [here](https://www.youtube.com/watch?v=i9V4oCa5f9I)
 - Act - Bring current cluster state to the desired state (basically reach a state where there is no diff)
 </b></details>
 ### Scheduler
 <details>
 <summary>True of False? The scheduler is responsible for both deciding where a Pod will run and actually running it</summary><br><b>
 False. While the scheduler is responsible for choosing the node on which the Pod will run, Kubelet is the one that actually runs the Pod.
 </b></details>
 <details>
 <summary>How to schedule a pod on a node called "node1"?</summary><br><b>
 `k run some-pod --image=redix -o yaml --dry-run=client > pod.yaml`
 `vi pod.yaml` and add:
 ```
 spec:
  nodeName: node1
 ```
 `k apply -f pod.yaml`
 Note: if you don't have a node1 in your cluster the Pod will be stuck on "Pending" state.
 </b></details>
 ## Taints
 <details>
 <summary>Check if there are taints on node "master"</summary><br><b>
 `k describe no master | grep -i taints`
 </b></details>
 <details>
 <summary>Create a taint on one of the nodes in your cluster with key of "app" and value of "web" and effect of "NoSchedule"</summary><br><b>
 `k taint node minikube app=web:NoSchedule`
 </b></details>
 <details>
 <summary>What taint effects are there? Explain each one of them</summary><br><b>
 `NoSchedule`: prevents from resources to be scheduled on a certain node
 `PreferNoSchedule`: will prefer to shcedule resources on other nodes before resorting to scheduling the resource on the chosen node (on which the taint was applied)
 `NoExecute`: Appling "NoSchedule" will not evict already running Pods (or other resources) from the node as opposed to "NoExecute" which will evict any already running resource from the Node
 </b></details>
 ### Scenarios
 <details>
@@ -2435,3 +2522,9 @@ Some ways to debug:
   1. This should provide an accurate output of 
   2. For specific container, you can add `-c CONTAINER_NAME`
 </b></details>
 <details>
 <summary>An engineer form your organization asked whether there is a way to prevent from Pods (with cretain label) to be scheduled on one of the nodes in the cluster. Your reply is:</summary><br><b>
 Yes, using taints, we could run the following command and it will prevent from all resources with label "app=web" to be scheduled on node1: `kubectl taint node node1 app=web:NoSchedule`
 </b></details>
--- a/topics/kubernetes/exercises/labels_and_selectors/exercise.md
+++ b/topics/kubernetes/exercises/labels_and_selectors/exercise.md
@@ -0,0 +1,11 @@
 # Labels and Selectors 101
 ## Objectives
 1. How to list all the Pods with the label "app=web"?
 2. How to list all objects labeled as "env=staging"?
 3. How to list all deployments from "env=prod" and "type=web"?
 ## Solution
 Click [here](solution.md) to view the solution.
--- a/topics/kubernetes/exercises/labels_and_selectors/solution.md
+++ b/topics/kubernetes/exercises/labels_and_selectors/solution.md
@@ -0,0 +1,13 @@
 # Labels and Selectors 101
 ## Objectives
 1. How to list all the Pods with the label "app=web"?
 2. How to list all objects labeled as "env=staging"?
 3. How to list all deployments from "env=prod" and "type=web"?
 ## Solution
 `k get po -l app=web`
 `k get all -l env=staging`
 `k get deploy -l env=prod,type=web`
--- a/topics/kubernetes/exercises/taints_101/exercise.md
+++ b/topics/kubernetes/exercises/taints_101/exercise.md
@@ -0,0 +1,17 @@
 # Taints 101
 ## Objectives
 1. Check if one of the nodes in the cluster has taints (doesn't matter which node)
 2. Create a taint on one of the nodes in your cluster with key of "app" and value of "web" and effect of "NoSchedule"
   1. Explain what it does exactly
   2. Verify it was applied
 ## Solution
 Click [here](solution.md) to view the solution.
 1. `kubectl describe no minikube | grep -i taints`
 2. `kubectl taint node minikube app=web:NoSchedule`
   1. Any resource with "app=web" key value will not be scheduled on node `minikube`
   2. `kubectl describe no minikube | grep -i taints`
--- a/topics/kubernetes/images/service_exercise.png
+++ b/topics/kubernetes/images/service_exercise.png
--- a/topics/kubernetes/images/service_solution.png
+++ b/topics/kubernetes/images/service_solution.png