diff --git a/README.md b/README.md index e6114b3..3e0990d 100644 --- a/README.md +++ b/README.md @@ -2,12 +2,14 @@ :information_source:  This repo contains questions and exercises on various technical topics, sometimes related to DevOps and SRE -:bar_chart:  There are currently **2292** exercises and questions +:bar_chart:  There are currently **2322** exercises and questions :books:  To learn more about DevOps and SRE, check the resources in [devops-resources](https://github.com/bregman-arie/devops-resources) repository :warning:  You can use these for preparing for an interview but most of the questions and exercises don't represent an actual interview. Please read [FAQ page](faq.md) for more details +:stop_sign:  If you are interested in pursuing a career as DevOps engineer, learning some of the concepts mentioned here would be useful but you should know it's not about learning all the topics and technologies mentioned in this repository + :busts_in_silhouette:  Join our [DevOps community](https://www.facebook.com/groups/538897960007080) where we have discussions and share resources on DevOps :pencil:  You can add more exercises by submitting pull requests :) Read about contribution guidelines [here](CONTRIBUTING.md) @@ -2855,6 +2857,7 @@ The introduction of virtual machines allowed companies to deploy multiple busine
Explain inheritance and how to use it in Python
+
Explain and demonstrate class attributes & instance attributes
@@ -7145,6 +7148,10 @@ In multi-CDN, content is distributed across multiple different CDNs, each might Explain "3-Tier Architecture" (including pros and cons)
+
+Explain Mono-repo vs. Multi-repo. What are the cons and pros of each approach?
+
+
What are the drawbacks of monolithic architecture?
diff --git a/exercises/containers/README.md b/exercises/containers/README.md index b53615e..ac89aa7 100644 --- a/exercises/containers/README.md +++ b/exercises/containers/README.md @@ -4,7 +4,8 @@ |Name|Topic|Objective & Instructions|Solution|Comments| |--------|--------|------|----|----| -|Running Containers|Intro|[Exercise](running_containers.md)|[Solution](solutions/running_containers.md) +|Running Containers|Basics|[Exercise](running_containers.md)|[Solution](solutions/running_containers.md) +|Containerized Web Server|Basics|[Exercise](containerized_web_server.md)|[Solution](solutions/containerized_web_server.md) |Working with Images|Image|[Exercise](working_with_images.md)|[Solution](solutions/working_with_images.md) |My First Dockerfile|Dockerfile|[Exercise](write_dockerfile_run_container.md)| |Run, Forest, Run!|Restart Policies|[Exercise](run_forest_run.md)|[Solution](solutions/run_forest_run.md) @@ -14,6 +15,24 @@ ### Containers Self Assessment +* [Containers 101](#questions-containers-101) +* [OCI](#questions-oci) +* [Images](#questions-images) +* [Basic Commands](#questions-basic-commands) +* [Volume](#questions-volume) +* [Dockerfile](#questions-dockerfile) +* [Architecture](#questions-architecture) +* [Docker Architecture](#questions-docker-architecture) +* [Docker Compose](#questions-docker-compose) +* [Docker Images](#questions-docker-images) +* [Networking](#questions-networking) +* [Docker Networking](#questions-docker-networking) +* [Security](#questions-security) +* [Docker In Production](#questions-docker-in-production) + + +#### Containers 101 +
What is a Container?
@@ -70,6 +89,15 @@ You should choose containers when: 4. Run the container using the image you've built
+
+What are some of the advantages in using containers? you can compare to other options like VMs
+ +* Reusable: container can be used by multiple different users for different usages - production vs. staging, development, testing, etc. +* Lightweight: containers are fairly lightweight which means deployments can be done quickly since you don't need to install a full OS (as in VMs for example) +* Isolation: Containers are isolated environments, usually changes made to the OS won't affect the containers and vice-versa +
+ + #### Containers - OCI
@@ -89,68 +117,7 @@ Specifications published by OCI: Create, Kill, Delete, Start and Query State.
-#### Containers - Basic Commands - -
-How to list all the containers on a given host?
- -In the case of Docker, use: `docker container ls`
-In the case of Podman, it's not very different: `podman container ls` -
- -
-How to run a container?
- -Docker: `docker container run ubuntu`
-Podman: `podman container run ubuntu` -
- -
-Why after running podman container run ubuntu the output of podman container ls is empty?
- -Because the container immediately exits after running the ubuntu image. This is completely normal and expected as containers designed to run a service or a app and exit when they are done running it.
- -If you want the container to keep running, you can run a command like `sleep 100` which will run for 100 seconds or you can attach to terminal of the container with a command similar: `podman container run -it ubuntu /bin/bash` -
- -
-How to attach your shell to a terminal of a running container?
- -`podman container exec -it [container id/name] bash` - -This can be done in advance while running the container: `podman container run -it [image:tag] /bin/bash` -
- -
-True or False? You can remove a running container if it doesn't running anything
- -False. You have to stop the container before removing it. -
- -
-How to stop and remove a container?
- -`podman container stop && podman container rm ` -
- -
-What happens when you run docker container run ubuntu?
- -1. Docker client posts the command to the API server running as part of the Docker daemon -2. Docker daemon checks if a local image exists - 1. If it exists, it will use it - 2. If doesn't exists, it will go to the remote registry (Docker Hub by default) and pull the image locally -3. containerd and runc are instructed (by the daemon) to create and start the container -
- -
-How to run a container in the background?
- -With the -d flag. It will run in the background and will not attach it to the terminal. - -`docker container run -d httpd` or `podman container run -d httpd` -
- + #### Containers - Images
@@ -168,13 +135,39 @@ With the -d flag. It will run in the background and will not attach it to the te * Containers intended to run specific application in most cases. This means they hold only what the application needs in order to run
+
+You are interested in running a container with snake game application. How can you search for such image and check if it exists?
+ +`podman search snake-game`. Surprisingly, there are a couple of matches :) + +``` +INDEX NAME DESCRIPTION STARS +docker.io docker.io/dyego/snake-game 0 +docker.io docker.io/ainizetap/snake-game 0 +docker.io docker.io/islamifauzi/snake-games 0 +docker.io docker.io/harish1551/snake-game 0 +docker.io docker.io/spkane/snake-game A console based snake game in a container 0 +docker.io docker.io/rahulgadre/snake-game This repository contains all the files to ru... 0 +``` +
+
How to list the container images on certain host?
-`podman image ls`
-`docker image ls` +CONTAINER_BINARY=podman # or docker +$CONTAINER_BINARY images +``` -Depends on which containers engine you use. +Note: you can also use `$CONTAINER_RUNTIME image ls` +
+ +
+How to download/pull a container image without actually running a container?
+ +``` +CONTAINER_BINARY=podman # or docker +$CONTAINER_BINARY pull rhel +```
@@ -203,7 +196,7 @@ Registry: https://index.docker.io/v1
How to retrieve the latest ubuntu image?
-`docker image pull ubuntu:latest` +`podman image pull ubuntu:latest`
@@ -381,6 +374,71 @@ Cons: * Push and pull can take more time (because no matching layers found on target)
+ +#### Containers - Basic Commands + +
+How to list all the containers on a given host?
+ +In the case of Docker, use: `docker container ls`
+Same with Podman: `podman container ls` +
+ +
+How to run a container?
+ +Docker: `docker container run ubuntu`
+Podman: `podman container run ubuntu` +
+ +
+Why after running podman container run ubuntu the output of podman container ls is empty?
+ +Because the container immediately exits after running the ubuntu image. This is completely normal and expected as containers designed to run a service or a app and exit when they are done running it.
+ +If you want the container to keep running, you can run a command like `sleep 100` which will run for 100 seconds or you can attach to terminal of the container with a command similar: `podman container run -it ubuntu /bin/bash` +
+ +
+How to attach your shell to a terminal of a running container?
+ +`podman container exec -it [container id/name] bash` + +This can be done in advance while running the container: `podman container run -it [image:tag] /bin/bash` +
+ +
+True or False? You can remove a running container if it doesn't running anything
+ +False. You have to stop the container before removing it. +
+ +
+How to stop and remove a container?
+ +`podman container stop && podman container rm ` +
+ +
+What happens when you run docker container run ubuntu?
+ +1. Docker client posts the command to the API server running as part of the Docker daemon +2. Docker daemon checks if a local image exists + 1. If it exists, it will use it + 2. If doesn't exists, it will go to the remote registry (Docker Hub by default) and pull the image locally +3. containerd and runc are instructed (by the daemon) to create and start the container +
+ +
+How to run a container in the background?
+ +With the -d flag. It will run in the background and will not attach it to the terminal. + +`docker container run -d httpd` or `podman container run -d httpd` +
+ + + #### Containers - Volume
@@ -389,6 +447,7 @@ Cons: `docker volume create some_volume`
+ #### Containers - Dockerfile
@@ -479,6 +538,7 @@ Instructions such as ENTRYPOINT, ENV, EXPOSE, create image metadata and they don Is it possible to identify which instruction create a new layer from the output of docker image history?
+ #### Containers - Architecture
@@ -495,6 +555,18 @@ Through the use of namespaces and cgroups. Linux kernel has several types of nam - Time namespaces: Isolates time machine
+
+What Linux kernel features does containers use?
+ +* cgroups (Control Groups): used for limiting the amount of resources a certain groups of processes (and their children of course) use. This way, a group of processes isn't consuming all host resources and other groups can run and use part of the resources as well + +* namespaces: same as cgroups, namespaces isolate some of the system resources so it's available only for processes in the namespace. Differently from cgroups the focus with namespaces is on resources like mount points, IPC, network, ... and not about memory and CPU as in cgroups + +* SElinux: the access control mechanism used to protect processes. Unfortunately to this date many users don't actually understand SElinux and some turn it off but nontheless, it's a very important security feature of the Linux kernel, used by container as well + +* Seccomp: similarly to SElinux, it's also a security mechanism, but its focus is on limiting the processes in regards to using system calls and file descriptors +
+
Describe in detail what happens when you run `podman/docker run hello-world`?
@@ -505,7 +577,7 @@ Docker/Podman daemon redirects output from container to Docker CLI which redirec
-Describe difference between cgroups and namespaces
+Describe difference between cgroups and namespaces
cgroup: Control Groups provide a mechanism for aggregating/partitioning sets of tasks, and all their future children, into hierarchical groups with specialized behavior. namespace: wraps a global system resource in an abstraction that makes it appear to the processes within the namespace that they have their own isolated instance of the global resource. @@ -526,6 +598,22 @@ Multiple namespaces: pid,net, mnt, uts, ipc, user
+
+Which of the following are Linux features that containers use? + +* cspaces +* namegroups +* namespaces +* cgroups +* ELlinux +* SElinux
+ +* namespaces +* cgroups +* SElinux +
+ + #### Containers - Docker Architecture
@@ -702,6 +790,7 @@ Because each container has its own writable container layer, and all changes are How do you copy files from Docker container to the host and vice versa?
+ #### Containers - Docker Compose
@@ -720,6 +809,7 @@ In general, it's useful for running applications which composed out of several d * Run `docker-compose up` to run the services
+ #### Containers - Docker Images
@@ -776,6 +866,7 @@ By default, Docker uses everything (all the files and directories) in the direct `.dockerignore` used for excluding files and directories from the build context
+ #### Containers - Networking
@@ -788,6 +879,7 @@ CNI (Container Network Interface): * Network configuration should be in JSON format
+ #### Containers - Docker Networking
@@ -823,6 +915,7 @@ True. An endpoint can connect only to a single network. * network control plane and management plane
+ #### Containers - Security
@@ -843,6 +936,7 @@ True. An endpoint can connect only to a single network. * DO NOT run containers with `--privilged` flag
+ #### Containers - Docker in Production
@@ -879,9 +973,3 @@ Restart Policies. It allows you to automatically restart containers after certai * no: don't restart the container at any point (default policy) * on-failure: restart the container when it exists due to an error (= exit code different than zero)
- -#### Containers - Docker Misc -
-Explain what is Docker Bench
-
- diff --git a/exercises/containers/containerized_web_server.md b/exercises/containers/containerized_web_server.md new file mode 100644 index 0000000..dd8149d --- /dev/null +++ b/exercises/containers/containerized_web_server.md @@ -0,0 +1,5 @@ +# Containerized Web Server + +1. Run a containerized web server in the background and bind its port (8080) to a local port +2. Verify the port (8080) is bound +3. Reach the webserver from your local host diff --git a/exercises/containers/running_containers.md b/exercises/containers/running_containers.md index 0b19790..42f160c 100644 --- a/exercises/containers/running_containers.md +++ b/exercises/containers/running_containers.md @@ -2,7 +2,7 @@ ### Objective -Learn how to run containers +Learn how to run, stop and remove containers ### Requirements diff --git a/exercises/containers/solutions/containerized_web_server.md b/exercises/containers/solutions/containerized_web_server.md new file mode 100644 index 0000000..f596445 --- /dev/null +++ b/exercises/containers/solutions/containerized_web_server.md @@ -0,0 +1,21 @@ +# Containerized Web Server + +1. Run a containerized web server in the background and bind its port (8080) to a local port +2. Verify the port (8080) is bound +3. Reach the webserver from your local host + +## Solution + +``` +$ podman run -d -p 8080 httpd # run the container and bind the port 8080 to a local port +$ podman port -l 8080 # show to which local port the port 8080 on the container, binds to +0.0.0.0:41203 +$ curl http://0.0.0.0:41203 # use the port from the output of the previous command + +!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> + + + + Test Page for the HTTP Server on Red Hat Enterprise Linux + +``` diff --git a/exercises/containers/solutions/running_containers.md b/exercises/containers/solutions/running_containers.md index 34b4b10..36c3ac4 100644 --- a/exercises/containers/solutions/running_containers.md +++ b/exercises/containers/solutions/running_containers.md @@ -2,7 +2,7 @@ ### Objective -Learn how to run containers +Learn how to run, stop and remove containers ### Requirements diff --git a/exercises/kubernetes/README.md b/exercises/kubernetes/README.md index d6b514e..4c9ada7 100644 --- a/exercises/kubernetes/README.md +++ b/exercises/kubernetes/README.md @@ -1,7 +1,5 @@ ## Kubernetes - - ### Kubernetes Exercises #### Developer & "Regular" User Path @@ -17,6 +15,26 @@ ### Kubernetes Self Assessment +* [Kubernetes 101](#kubernetes-101) +* [Kubernetes Hands-On Basics](#kubernetes-hands-on-basiscs) +* [Kubernetes Cluster](#kubernetes-cluster) +* [Kubernetes Pods](#kubernetes-pods) +* [Kubernetes Deployments](#kubernetes-deployments) +* [Kubernetes Services](#kubernetes-services) + + +#### Kubernetes 101 + +
+What is Kubernetes? Why organizations are using it?
+ +Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. + +To understand what Kubernetes is good for, let's look at some examples: + + +#### Kubernetes 101 +
What is Kubernetes? Why organizations are using it?
@@ -32,12 +50,24 @@ To understand what Kubernetes is good for, let's look at some examples:
When or why NOT to use Kubernetes?
- - If you are big team of engineers (e.g. 200) deploying applications using containers and you need to manage scaling, rolling out updates, etc. You probably want to use Kubernetes - - If you manage low level infrastructure or baremetals, Kubernetes is probably not what you need or want - - If you are a small team (e.g. 20-50 engineers) Kubernetes might be an overkill (even if you need scale, rolling out updates, etc.) + - If you are a small team (like less than 20 engineers) running less than a dozen of containers, Kubernetes might be an overkill (even if you need scale, rolling out updates, etc.). You might still enjoy the benefits of using managed Kubernetes, but you definitely want to think about it carefully before making a decision
+
+What are some of Kubernetes features?
+ + - Self-Healing: Kubernetes uses health checks to monitor containers and run certain actions upon failure or other type of events, like restarting the container + - Load Balancing: Kubernetes can split and/or balance requests to applications running in the cluster, based on the state of the Pods running the application + - Operators: Kubernetes packaged applications that can use the API of the cluster to update its state and trigger actions based on events and application state changes + - Automated Rollout: Gradual updates roll out to applications and support in roll back in case anything goes wrong + - Scaling: Scaling horizontally (down and up) based on different state parameters and custom defined criteria + - Secrets: you have a mechanism for storing user names, passwords and service endpoints in a private way, where not everyone using the cluster are able to view it +
+ + +#### Kubernetes - Hands-On Basics +
What Kubernetes objects are there?
@@ -73,11 +103,12 @@ Kubectl is the Kubernetes command line tool that allows you to run commands agai What Kubernetes objects do you usually use when deploying applications in Kubernetes?
-* Deployment - creates and the Pods and watches them +* Deployment - creates the Pods () and watches them * Service: route traffic to Pods internally * Ingress: route traffic from outside the cluster
+ #### Kubernetes - Cluster
@@ -165,6 +196,7 @@ Apply requests and limits, especially on third party applications (where the unc 5. Create an etcd cluster
+ #### Kubernetes - Pods
@@ -386,6 +418,7 @@ Only containers whose state set to Success will be able to receive requests sent One reason is that it makes it harder to scale, when you need to scale only one of the containers in a given Pod.
+ #### Kubernetes - Deployments
@@ -453,6 +486,7 @@ Using a Service. An internal load balancer in Kubernetes is called Service and an external load balancer is Ingress
+ #### Kubernetes - Services
@@ -1055,6 +1089,7 @@ True Namespaces allow you split your cluster into virtual clusters where you can group your applications in a way that makes sense and is completely separated from the other groups (so you can for example create an app with the same name in two different namespaces)
+
Why to use namespaces? What is the problem with using one default namespace?
@@ -1965,3 +2000,11 @@ You can learn more [here](https://submariner-io.github.io)
What is Istio? What is it used for?
+ +#### Kubernetes - Scenarios + +
+An engineer form your organization told you he is interested only in seeing his team resources in Kubernetes. Instead, in reality, he sees resources of the whole organization, from multiple different teams. What Kubernetes concept can you use in order to deal with it?
+ +Namespaces. See the following [namespaces question and answer](#namespaces-use-cases) for more information. +
diff --git a/exercises/openshift/README.md b/exercises/openshift/README.md index 12683e8..4dbc3ba 100644 --- a/exercises/openshift/README.md +++ b/exercises/openshift/README.md @@ -9,6 +9,14 @@ ### OpenShift Self Assessment +* [OpenShift 101](#Openshift-101) +* [OpenShift Architecture](#Openshift-architecture) +* [OpenShift Hands-On Basics](#Openshift-hands-on-basics) +* [OpenShift Projects](#Openshift-projects) + + +### OpenShift 101 +
What is OpenShift?
@@ -35,18 +43,14 @@ True
-OpenShift supports many resources. How to get a list of all these resources?
+What are some of OpenShift added features on top of Kubernetes?
-`oc api-resources` -
- -
-Explain OpenShift CLIs like oc and odo
- -oc is used for creating applications, but also for administrating OpenShift cluster
-odo is used solely for managing applications on OpenShift (mainly from developers' perspective) and has nothing to do with administrating the cluster +- UI: OpenShift provides unified UI out-of-the-box +- Routes: Simple procedure for exposing services +- Developer Workflow Support: built-in CI/CD (openshift pipelines), built-in container registry and tooling for building artifacts from source to container images
+ ## OpenShift - Architecture
@@ -68,6 +72,23 @@ The Scheduler. Application high availability by spreading pod replicas between worker nodes
+ +## OpenShift - Hands-On Basics + +
+OpenShift supports many resources. How to get a list of all these resources?
+ +`oc api-resources` +
+ +
+Explain OpenShift CLIs like oc and odo
+ +oc is used for creating applications, but also for administrating OpenShift cluster
+odo is used solely for managing applications on OpenShift (mainly from developers' perspective) and has nothing to do with administrating the cluster +
+ + ## OpenShift - Projects