Add a couple of containers questions

And answers :)
2021-10-17 23:37:07 +03:00 · 2021-10-17 23:37:07 +03:00 · 8cc94ceb78
commit 8cc94ceb78
parent e30c7aca4f
2 changed files with 223 additions and 40 deletions
--- a/README.md
+++ b/README.md
@ -2,11 +2,11 @@
 :information_source: &nbsp;This repo contains questions and exercises on various technical topics, sometimes related to DevOps and SRE :)
-:bar_chart: &nbsp;There are currently **1800** questions
+:bar_chart: &nbsp;There are currently **1825** questions
 :books: &nbsp;To learn more about DevOps and SRE, check the resources in [devops-resources](https://github.com/bregman-arie/devops-resources) repository
-:warning: &nbsp;You can use these for preparing for an interview but most of the questions and exercises don't represent an actual interview. Please read [Q&A](common-qa.md) for more details
+:warning: &nbsp;You can use these for preparing for an interview but most of the questions and exercises don't represent an actual interview. Please read [FAQ page](common-qa.md) for more details
 :busts_in_silhouette: &nbsp;[Join](https://www.facebook.com/groups/538897960007080) our [DevOps community](https://www.facebook.com/groups/538897960007080) where we have discussions and share resources on DevOps
@ -398,6 +398,10 @@ Reliability, when used in DevOps context, is the ability of a system to recover
 <summary>What "Availability" means? What means are there to track Availability of a service?</summary><br><b>
 </b></details>
 <details>
 <summary>Why 100% availability isn't a target? Why most companies or teams set it to be 99%.X?</summary><br><b>
 </b></details>
 <details>
 <summary>Describe the workflow of setting up some type of web server (Apache, IIS, Tomcat, ...)</summary><br><b>
 </b></details>
@ -2416,6 +2420,10 @@ It stands for Dynamic Host Configuration Protocol, and allocates IP addresses, s
 Read more [here](https://linuxjourney.com/lesson/dhcp-overview)
 </b></details>
 <details>
 <summary>Can you have two DHCP servers in the same network? How it works?</summary><br><b>
 </b></details>
 <details>
 <summary>What is SSL tunneling? How does it works?</summary><br><b>
 </b></details>
@ -2933,6 +2941,10 @@ True
 * No permissions
 </b></details>
 <details>
 <summary>A user accidentally executed the following <code>chmod -x $(which chmod)</code>. How to fix it?</summary><br><b>
 </b></details>
 #### Linux - Shell Scripting
 <details>
@ -5683,6 +5695,10 @@ You can also think about it as containers are for OS-level virtualization while
 * VMs portability considered to be limited when compared to containers
 </b></details>
 <details>
 <summary>Do we need virtual machines in the edge of containers? Are they still relevant?</summary><br><b>
 </b></details>
 <details>
 <summary>In which scenarios would you use containers and in which you would prefer to use VMs?</summary><br><b>
@ -5695,6 +5711,8 @@ You should choose containers when:
  * Running multiple versions or instances of a single application
 </b></details>
 #### Containers - OCI
 <details>
 <summary>What is the OCI?</summary><br><b>
@ -5720,6 +5738,22 @@ Create, Kill, Delete, Start and Query State.
 `podman container ls` or `docker container ls` (depends on which containers technology you are using)
 </b></details>
 <details>
 <summary>How to run a container?</summary><br><b>
 Depends on which containers technology you are using.
 `docker container run ubuntu` or `podman container run ubuntu` for example.
 </b></details>
 <details>
 <summary>Why after running <code>podman container run ubuntu</code> the output of <code>podman container ls</code> is empty?</summary><br><b>
 Because the container immediately exits after running the ubuntu image. This is completely normal and expected as containers designed to run a service or a app and exit when they are done running it.<br>
 If you want the container to keep running, you can run a command like `sleep 100` which will run for 100 seconds or you can attach to terminal of the container with a command similar: `podman container run -it ubuntu /bin/bash`
 </b></details>
 <details>
 <summary>How to attach your shell to a terminal of a running container?</summary><br><b>
@ -5745,8 +5779,16 @@ False. You have to stop the container before removing it.
 <details>
 <summary>What is a container image?</summary><br><b>
-An image of a container contains the application, its dependencies and the operating system where the application is executed.<br>
+* An image of a container contains the application, its dependencies and the operating system where the application is executed.<br>
-TODO: add more details
+* It's a collection of read-only layers. These layers are loosely coupled
  * Each layer is assembled out of one or more files
 </b></details>
 <details>
 <summary>Why container images are relatively small?</summary><br><b>
 * Most of the images don't contain Kernel. They share and access the one used by the host on which they are running
 * Containers intended to run specific application in most cases. This means they hold only what the application needs in order to run
 </b></details>
 <details>
@ -5755,7 +5797,30 @@ TODO: add more details
 `podman image ls`<br>
 `docker image ls`
-Depends on which containers technology you use.
+Depends on which containers engine you use.
 </b></details>
 <details>
 <summary>How the centralized location, where images are stored, is called?</summary><br><b>
 Registry
 </b></details>
 <details>
 <summary>A registry contains one or more <code>____</code> which in turn contain one or more <code>____</code></summary><br><b>
 A registry contains one or more repositories which in turn contain one or more images.
 </b></details>
 <details>
 <summary>How to find out which registry do you use by default from your environment?</summary><br><b>
 Depends on the containers technology you are using. For example, in case of Docker, it can be done with `docker info`
 ```
 > docker info
 Registry: https://index.docker.io/v1
 ```
 </b></details>
 <details>
@ -5764,32 +5829,123 @@ Depends on which containers technology you use.
 `docker image pull ubuntu:latest`
 </b></details>
 <details>
 <summary>True or False? It's not possible to remove an image if a certain container is using it</summary><br><b>
 True. You should stop and remove the container before trying to remove the image it uses.
 </b></details>
 <details>
 <summary>True or False? If a tag isn't specified when pulling an image, the 'latest' tag is being used</summary><br><b>
 True
 </b></details>
 <details>
 <summary>Using the 'latest' tag when pulling an image means, you are pulling the most recently published image</summary><br><b>
 False. While this might be true in some cases, it's not guaranteed that you'll pull the latest published image when using the 'latest' tag.<br>
 For example, in some images, 'edge' tag is used for the most recently published images.
 </b></details>
 <details>
 <summary>Where pulled images are stored?</summary><br><b>
 Depends on the container technology being used. For example, in case of Docker, images are stored in `/var/lib/docker/`
 </b></details>
 <details>
-<summary>Where can you store Docker images?</summary><br><b>
+<summary>Explain container image layers</summary><br><b>
  - The layers of an image is where all the content is stored - code, files, etc.
  - Each layer is independent
  - Each layer has an ID that is an hash based on its content
  - The layers (as the image) are immutable which means a change to one of the layers can be easily identified
 </b></details>
 <details>
-<summary>What is Docker Hub?</summary><br><b>
+<summary>True or False? Changing the content of any of the image layers will cause the hash content of the image to change</summary><br><b>
 True. These hashes are content based and since images (and their layers) are immutable, any change will cause the hashes to change.
 </b></details>
 <details>
-<summary>How to push an image to Docker Hub?</summary><br><b>
+<summary>How to list the layers of an image?</summary><br><b>
-`docker image push [username]/[image name]:[tag]`
+In case of Docker, you can use `docker image inspect <name>`
 For example:
 `docker image mario/web_app:latest`
 </b></details>
 <details>
-<summary>How to view image's layers?</summary><br><b>
+<summary>True or False? In most cases, container images contain their own kernel</summary><br><b>
-`docker image inspect [image name]:[tag]`
+False. They share and access the one used by the host on which they are running.
 </b></details>
 <details>
 <summary>True or False? A single container image can have multiple tags</summary><br><b>
 True. When listing images, you might be able to see two images with the same ID but different tags.
 </b></details>
 <details>
 <summary>What is a dangling image?</summary><br><b>
 It's an image without tags attached to it.
 One way to reach this situation is by building an image with exact same name and tag as another already existing image. It can be still referenced by using its full SHA.
 </b></details>
 <details>
 <summary>How to see changes done to a given image over time?</summary><br><b>
 In the case of Docker, you could use `docker history <name>`
 </b></details>
 <details>
 <summary>True or False? Multiple images can share layers</summary><br><b>
 True.<br>
 One evidence for that can be found in pulling images. Sometimes when you pull an image, you'll see a line similar to the following:<br>
 `fa20momervif17: already exists`
 This is because it recognizes such layer already exists on the host, so there is no need to pull the same layer twice.
 </b></details>
 <details>
 <summary>What is the digest of an image? What problem does it solves?</summary><br><b>
 Tags are mutable. This is mean that we can have two different images with the same name and the same tag. It can be very confusing to see two images with the same name and the same tag in your environment. How would you know if they are truly the same or are they different?<br>
 This is where "digests` come handy. A digest is a content-addressable identifier. It isn't mutable as tags. Its value is predictable and this is how you can tell if two images are the same content wise and not merely by looking at the name and the tag of the images.
 </b></details>
 <details>
 <summary>True or False? A single image can support multiple architectures (Linux x64, Windows x64, ...)</summary><br><b>
 True.
 </b></details>
 <details>
 <summary>What is a distribution hash in regards to layers?</summary><br><b>
  - Layers are compressed when pushed or pulled
  - distribution hash is the hash of the compressed layer
  - the distribution hash used when pulling or pushing images for verification (making sure no one tempered with image or layers)
  - It's also used for avoiding ID collisions (a case where two images have exactly the same generated ID)
 </b></details>
 <details>
 <summary>How multi-architecture images work? Explain by describing what happens when an image is pulled</summary><br><b>
 1. A client makes a call to the registry to use a specific image (using an image name and optionally a tag)
 2. A manifest list is parsed (assuming it exists) to check if the architecture of the client is supported and available as a manifest
 3. If it is supported (a manifest for the architecture is available) the relevant manifest is parsed to obtain the IDs of the layers
 4. Each layer is then pulled using the obtained IDs from the previous step
 </b></details>
 <details>
 <summary>How to check which architectures a certain container image supports?</summary><br><b>
 `docker manifest inspect <name>`
 </b></details>
 #### Containers - Volume
@ -5891,7 +6047,7 @@ Multiple namespaces: pid,net, mnt, uts, ipc, user
 <summary>Which components/layers compose the Docker technology?</summary><br><b>
 1. Runtime - responsible for starting and stopping containers
-2. Daemon - manages images (including build), authentication, security, networking (part of it)
+2. Daemon - implements the Docker API and takes care of managing images (including builds), authentication, security, networking, etc.
 3. Orchestrator
 </b></details>
@ -6047,17 +6203,6 @@ For example, you can use it to set up ELK stack where the services are: elastics
 <summary>Explain Docker interlock</summary><br><b>
 </b></details>
 <details>
 <summary>What is the difference between Docker Hub and Docker cloud?</summary><br><b>
 Docker Hub is a native Docker registry service which allows you to run pull
 and push commands to install and deploy Docker images from the Docker Hub.
 Docker Cloud is built on top of the Docker Hub so Docker Cloud provides
 you with more options/features compared to Docker Hub. One example is
 Swarm management which means you can create new swarms in Docker Cloud.
 </b></details>
 <details>
 <summary>What is Docker Repository?</summary><br><b>
 </b></details>
@ -6087,6 +6232,35 @@ Because each container has its own writable container layer, and all changes are
 <summary>How do you copy files from Docker container to the host and vice versa?</summary><br><b>
 </b></details>
 #### Containers - Docker Images
 <details>
 <summary>What is Docker Hub?</summary><br><b>
 One of the most common registries for retrieving images.
 </b></details>
 <details>
 <summary>How to push an image to Docker Hub?</summary><br><b>
 `docker image push [username]/[image name]:[tag]`
 For example:
 `docker image mario/web_app:latest`
 </b></details>
 <details>
 <summary>What is the difference between Docker Hub and Docker cloud?</summary><br><b>
 Docker Hub is a native Docker registry service which allows you to run pull
 and push commands to install and deploy Docker images from the Docker Hub.
 Docker Cloud is built on top of the Docker Hub so Docker Cloud provides
 you with more options/features compared to Docker Hub. One example is
 Swarm management which means you can create new swarms in Docker Cloud.
 </b></details>
 #### Containers - Docker in Production
 <details>
@ -11983,6 +12157,14 @@ Access control based on user roles (i.e., a collection of access authorizations
 <summary>What is Nonce?</summary><br><b>
 </b></details>
 <details>
 <summary>What is SSRF?</summary><br><b>
 SSRF (Server-side request forgery) it's a vulnerability where you can make a server make arbitrary requests to anywhere you want.
 Read more about it at [portswigger.net](https://portswigger.net/web-security/ssrf)
 </b></details>
 #### Security - SSH
 <details>
--- a/common-qa.md
+++ b/common-qa.md
@ -1,24 +1,24 @@
-## Q&A
+## FAQ
-The questions I've been asked at least once.
+Most frequently asked questions.
 ### What is the purpose of repository?
-Learning
+Learning, of course.
-### My goal is to prepare for a DevOps interview. How to do that?
+### My goal is to prepare for a DevOps interviews. How to do that?
 I've added a couple of suggestions [here](prepare_for_interview.md)<br>
-Overall, this repository should help you learn some concepts but don't assume at any point that your interview will consist of questions included in this repository.
+Overall, this repository should help you learn some concepts but, don't assume at any point that your interview will include similar questions to those that included in this repository.
 ### How do I become a better DevOps Engineer?
 That's a great question.<br>
 I don't have a definitive answer for this question, but try the following:
-  * Practice - doing DevOps tasks/work should be the primary way to become a DevOps engineer (obvisouly)
+  * Practice - Practicing DevOps practically should be the primary way used to become a DevOps engineer
-  * Read - Read blogs, books, ... anything that can enrich you about DevOps
+  * Read - Read blogs, books, ... anything that can enrich your knowledge about DevOps or related DevOps topics
-  * Participate - there are great DevOps communities. I especially like [Reddit DevOps](https://www.reddit.com/r/devops). Visiting there, I learn quite a lot on different topics.
+  * Participate - there are great DevOps communities. I personally like [Reddit DevOps community](https://www.reddit.com/r/devops). Visiting there, I learn quite a lot on different topics.
  * Share - This is one of the reasons I created this project. Primary goal was to help others but a secondary goal quickly became to learn more. By asking questions, you actually learn better a certain topic. Try it out, take a certain subject and try to come up with questions you would ask someone to test his/her skills.
 ### Why most of the questions don't have answers?
@ -33,7 +33,8 @@ Because we need more contributors ;)
 ### Where the questions and answers are coming from?
-Well, from everywhere - past experience, colleagues, contributors, ... but please note we do not allow copying interview questions from interview questions sites to here. There are people who worked hard on adding those to their sites and we respect that.
+Well, from everywhere - past experience, colleagues, contributors, ... but please note we do not allow copying interview questions from interview questions sites to here. There are people who worked hard on adding those to their sites and we respect that.<br>
 As an evidence, we did deny pull requests with copied content from other sites.
 ### What are the top DevOps skills required for being a DevOps Engineer?
@ -46,12 +47,12 @@ It's a hard question and the reason is that if you'll ask 20 different people, y
 ### I feel like there are some questions that shouldn't be included in this project
-Is that a question? :)
+Is that a question? :)<br>
 If you don't like some of the questions or think that some questions should be removed you can open an issue or submit a PR and we can discuss it there. We don't have rules against deleting questions (for now :P)
 ### Can I copy the questions from here to my site?
-You can but:
+You can (although I have no idea why would you want to), but:
 * Not without attribution. Many people worked hard on adding these questions and they deserve a proper credit for their work
 * Not if you plan to make money out of it. Directly or indirectly (e.g. ADS) as this is a free content and we would like it to stay this way :)
@ -64,8 +65,8 @@ I'll simply imagine you didn't ask that on an open source project... :)
 ### Why can't I add installation questions?
-In most cases, I prefer questions added to this repository will have certain educational value for the user. Either regarding a certain concept or even a very general question, but one that will make you research on a certain topic and will make you more familiar with it.
+In general, I prefer questions added to this repository will have certain educational value for the user. Either regarding a certain concept or even a very general question, but one that will make the user research on a certain topic and will make him eventually more familiar with some of its core concepts.<br>
-I see little to none value in what is known as "Installation Questions". Let's say I ask you "how to install Jenkins?". Should I conclude from your answer that you are familiar with Jenkins? Is there a value in knowing how to install Jenkins? In my opinion, no.
+I see little to none value in what is known as "Installation Questions". Let's say I ask you "how to install Jenkins?". Should I conclude from your answer that you are familiar with what is Jenkins and/or how it works? In other words, is there a value in knowing how to install Jenkins? In my opinion, no.
 ### Where can I practice coding?