diff --git a/README.md b/README.md index a2417f2..26121f0 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ :information_source:  This repo contains questions and exercises on various technical topics, sometimes related to DevOps and SRE :) -:bar_chart:  There are currently **1500** questions +:bar_chart:  There are currently **1475** questions :books:  To learn more about DevOps and SRE, check the resources in [devops-resources](https://github.com/bregman-arie/devops-resources) repository @@ -4732,6 +4732,10 @@ The master coordinates all the workflows in the cluster: The workers are the nodes which run the applications and workloads. +
+What is kubectl?
+
+
Which command you run to view your nodes?
@@ -4797,6 +4801,23 @@ It means they would eventually die and pods are unable to heal so it is recommen What is a "Deployment" in Kubernetes?
+
+How to create a deployment?
+ +``` +cat << EOF | kubectl create -f - +apiVersion: v1 +kind: Pod +metadata: + name: nginx +spec: + containers: + - name: nginx + image: nginx +EOF +``` +
+
How to edit a deployment?
@@ -4828,9 +4849,20 @@ The pod related to the deployment will terminate and the replicaset will be remo
What is a Service in Kubernetes?
+"An abstract way to expose an application running on a set of Pods as a network service." - more [here](https://kubernetes.io/docs/concepts/services-networking/service) -A permanent IP address that can be attached to a pod. -Even if connected, their lifecycles aren't connected. +Note: Even if connected to a pod, their lifecycles aren't connected. +
+ +
+What Service types are there?
+ +* ClusterIP +* NodePort +* LoadBalancer +* ExternalName + +More on this topic [here](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types)
@@ -4849,10 +4881,49 @@ Run `kubectl describe service` and if the IPs from "Endpoints" match any IPs fro What is the difference between an external and an internal service?
+
+How to turn the following service into an external one? + +``` +spec: + selector: + app: some-app + ports: + - protocol: TCP + port: 8081 + targetPort: 8081 +``` +
+ +Adding `type: LoadBalancer` and `nodePort` + +``` +spec: + selector: + app: some-app + type: LoadBalancer + ports: + - protocol: TCP + port: 8081 + targetPort: 8081 + nodePort: 32412 +``` +
+ +
+What would you use to route traffic from outside the Kubernetes cluster to services within a cluster?
+ +Ingress +
+ #### Kubernetes Ingress
What is Ingress?
+ +From Kubernetes docs: "Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster. Traffic routing is controlled by rules defined on the Ingress resource." + +Read more [here](https://kubernetes.io/docs/concepts/services-networking/ingress/)
#### Kubernetes Configuration File @@ -4878,14 +4949,18 @@ YAML `kubectl get deployment [deployment_name] -o yaml`
-#### Kubernetes etcd -
Where Kubernetes gets the status data (which is added to the configuration file) from?
etcd
+#### Kubernetes etcd + +
+What is etcd?
+
+
True or False? Etcd holds the current status of any kubernetes component
@@ -4898,14 +4973,28 @@ True True
-#### Kubernetes Misc +
+True or False? application data is not stored in etcd
+ +True +
+ +#### Kubernetes Namespaces
-What is kubectl?
+What are namespaces?
+ +Namespaces allow you split your cluster into virtual clusters where you can group your applications in a way that makes sense and is completely separated from the other groups (so you can for example create an app with the same name in two different namespaces)
-What are namespaces? Why would someone use namespaces?
+Why to use namespaces? What is the problem with using one default namespace?
+ +When using the default namespace alone, it becomes hard over time to get an overview of all the applications you manage in your cluster. Namespaces make it easier to organize the applications into groups that makes sense, like a namespace of all the monitoring applications and a namespace for all the security applications, etc. + +Namespaces can also be useful for managing Blue/Green environments where each namespace can include a different version of an app and also share resources that are in other namespaces (namespaces like logging, monitoring, etc.). + +Another use case for namespaces is one cluster, multiple teams. When multiple teams use the same cluster, they might end up stepping on each others toes. For example if they end up creating an app with the same name it means one of the teams overriden the app of the other team because there can't be too apps in Kubernetes with the same name (in the same namespace).
@@ -4915,139 +5004,21 @@ False. When a namespace is deleted, the resources in that namespace are deleted
-What special namespaces are there?
+What special namespaces are there by default when creating a Kubernetes cluster?
* default * kube-system * kube-public +* kube-node-lease
-What Kube Proxy does?
+What can you find in kube-system namespace?
+ +* Master and Kubectl processes +* System processes
-
-What is etcd?
-
- -
-True or False? application data is not stored in etcd
- -True -
- -
-What "Resources Quotas" are used for and how?
-
- -
-Explain ConfigMap
- -Separate configuration from pods. -It's good for cases where you might need to change configuration at some point but you don't want to restart the application or rebuild the image so you create a ConfigMap and connect it to a pod but externally to the pod. -
- -
-How to use ConfigMaps?
- -1. Create it (from key&value, a file or an env file) -2. Attach it. Mount a configmap as a volume -
- -
-Trur or False? Sensitive data, like credentials, should be stored in a ConfigMap
- -False. Use secret. -
- -
-Explain "Horizontal Pod Autoscaler"
- -Scale the number of pods automatically on observed CPU utilization. -
- -
-When you delete a pod, is it deleted instantly? (a moment after running the command)
-
- -
-How to delete a pod instantly?
- -Use "--grace-period=0 --force" -
- -
-Explain the "Service" concept
- -"An abstract way to expose an application running on a set of Pods as a network service." - more [here](https://kubernetes.io/docs/concepts/services-networking/service) -
- -
-What services types are there?
- -* ClusterIP -* NodePort -* LoadBalancer -* ExternalName - -More on this topic [here](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) -
- -
-What services types are there?
-
- -
-Explain Liveness probe
-
- -
-Explain Readiness probe
-
- -
-What does being cloud-native mean?
-
- -
-Explain the pet and cattle approach of infrastructure with respect to kubernetes
-
- -
-Describe how you one proceeds to run a containerised web app in K8s, which should be reachable from a public URL.
-
- -
-How would you troubleshoot your cluster if some applications are not reachable any more?
-
- -
-Describe what CustomResourceDefinitions there are in the Kubernetes world? What they can be used for?
-
- -
-What is RBAC?
-
- -#### Scheduling - -
- How does scheduling work in kubernetes?
- -The control plane component kube-scheduler asks the following questions, -1. What to schedule? It tries to understand the pod-definition specifications -2. Which node to schedule? It tries to determine the best node with available resources to spin a pod -3. Binds the Pod to a given node - -View more [here](https://www.youtube.com/watch?v=rDCWxkvPlAw) -
- -
- How are labels and selectors used?
-
- -#### Kubernetes Commands -
How to list all namespaces?
@@ -5055,52 +5026,158 @@ View more [here](https://www.youtube.com/watch?v=rDCWxkvPlAw)
-What kubectl exec does?
+What kube-public contains?
+ +* A configmap, which contains cluster information +* Publicely accessible data
-How to view the current namespace?
+How to get the name of the current namespace?
kubectl config view | grep namespace
-How to switch to another namespace?
+What kube-node-lease contains?
-kubectl config set-context --current --namespace=some-namespace +It holds information on hearbeats of nodes. Each node gets an object which holds information about its availability.
-How to create a resource quota?
+How to create a namespace?
+ +One way is by running `kubectl create namespace [NAMESPACE_NAME]` + +Another way is by using namespace configuration file: +``` +apiVersion: v1 +kind: ConfigMap +metadata: + name: some-cofngimap + namespace: some-namespace +``` +
+ +
+What default namespace contains?
+ +Any resource you create while using Kubernetes. +
+ +
+True or False? With namespaces you can limit the resources consumed by the users/teams
+ +True. With namespaces you can limit CPU, RAM and storage usage. +
+ +
+How to switch to another namespace? In other words how to change active namespace?
+ +`kubectl config set-context --current --namespace=some-namespace` and validate with `kubectl config view --minify | grep namespace:` + +OR + +`kubens some-namespace` +
+ +
+What is Resource Quota?
+
+ +
+How to create a Resource Quota?
kubectl create quota some-quota --hard-cpu=2,pods=2
-How to create a deployment?
+Which resources are accessible from different namespaces?
-``` -cat << EOF | kubectl create -f - -apiVersion: v1 -kind: Pod -metadata: - name: nginx -spec: - containers: - - name: nginx - image: nginx -EOF -``` +Service.
-What the coomand kubectl get pod does?
+Let's say you have three namespaces: x, y and z. In x namespace you have a ConfigMap referencing service in z namespace. Can you reference the ConfigMap in x namespace from y namespace?
+ +No, you would have to create separate namespace in y namespace. +
+ +
+Which service and in which namespace the following file is referencing? + +``` +apiVersion: v1 +kind: ConfigMap +metadata: + name: some-configmap +data: + some_url: samurai.jack +``` +
+ +It's referencing the service "samurai" in the namespace called "jack". +
+ +
+Which components can't be created within a namespace?
+ +Volume and Node. +
+ +
+How to list all the components that bound to a namespace?
+ +`kubectl api-resources --namespaced=true` +
+ +
+How to create components in a namespace?
+ +One way is by specifying --namespace like this: `kubectl apply -f my_component.yaml --namespace=some-namespace` +Another way is by specifying it in the YAML itself: + +``` +apiVersion: v1 +kind: ConfigMap +metadata: + name: some-configmap + namespace: some-namespace +``` + +and you can verify with: `kubectl get configmap -n some-namespace` +
+ +#### Kubernetes Commands + +
+What kubectl exec does?
+
+ +
+What kubectl get all does?
+
+ +
+What the command kubectl get pod does?
+
+ +
+How to see all the components of a certain application?
+ +`kubectl get all | grep [APP_NAME]`
What kubectl apply -f [file] does?
+
+What the command kubectl api-resources --namespaced=false does?
+ +Lists the components that doesn't bound to a namespace. +
+
How to print information on a specific pod?
@@ -5223,16 +5300,22 @@ False. CPU is a compressible resource while memory is a non compressible resourc Explained [here](https://www.youtube.com/watch?v=i9V4oCa5f9I)
-#### Kubernetes Operators +#### Kubernetes Operator
What is an Operator?
-Explained [here](https://coreos.com/operators) +Explained [here](https://kubernetes.io/docs/concepts/extend-kubernetes/operator) -"An Operator is a method of packaging, deploying and managing a Kubernetes application" +"Operators are software extensions to Kubernetes that make use of custom resources to manage applications and their components. Operators follow Kubernetes principles, notably the control loop." +
-There is also this [video tutorial](https://www.youtube.com/watch?v=KBTXBUVNF2I) +
+Why do we need Operators?
+ +The process of managing stateful applications in Kubernetes isn't as straightforward as managing stateless applications where reaching the desired status and upgrades are both handled the same way for every replica. In stateful applications, upgrading each replica might require different handling due to the stateful nature of the app, each replica might be in a different status. As a result, we often need a human operator to manage stateful applications. Kubernetes Operator is suppose to assist with this. + +This also help with automating a standard process on multiple Kubernetes clusters
@@ -5242,6 +5325,21 @@ There is also this [video tutorial](https://www.youtube.com/watch?v=KBTXBUVNF2I) 2. Controller - Custom control loop which runs against the CRD
+
+How Operator works?
+ +It uses the control loop used by Kubernetes in general. It watches for changes in the application state. The difference is that is uses a custom control loop. +In additions. + +In addition, it also makes use of CRD's (Custom Resources Definitions) so basically it extends Kubernetes API. +
+ +
+True or False? Kubernetes Operator used for stateful applications
+ +True +
+
What is the Operator Framework?
@@ -5249,7 +5347,7 @@ open source toolkit used to manage k8s native applications, called operators, in
-What components the Operator Framework consists of??
+What components the Operator Framework consists of?
1. Operator SDK - allows developers to build operators 2. Operator Lifecycle Manager - helps to install, update and generally manage the lifecycle of all operators @@ -5283,6 +5381,8 @@ It includes: Explain StatefulSet
+#### Kubernetes ReplicaSet +
What is the purpose of ReplicaSet?
@@ -5291,6 +5391,10 @@ It includes: How a ReplicaSet works?
+
+What happens when a replica dies?
+
+ #### Kubernetes Secrets
@@ -5300,17 +5404,69 @@ Secrets let you store and manage sensitive information (passwords, ssh keys, etc
-How to create a secret from a key and value?
+How to create a Secret from a key and value?
kubectl create secret generic some-secret --from-literal=password='donttellmypassword'
-How to create a secret from a file?
+How to create a Secret from a file?
kubectl create secret generic some-secret --from-file=/some/file.txt
+
+What type: Opaque in a secret file means? What other types are there?
+ +Opaque is the default type used for key-value pairs. +
+ +
+True or False? storing data in a Secret component makes it automatically secured
+ +False. Some known security mechanisms like "encryption" aren't enabled by default. +
+ +
+What is the problem with the following Secret file: + +``` +apiVersion: v1 +kind: Secret +metadata: + name: some-secret +type: Opaque +data: + password: mySecretPassword +``` +
+Password isn't encrypted. +You should run something like this: `echo -n 'mySecretPassword' | base64` and paste the result to the file instead of using plain-text. +
+ +
+How to create a Secret from a configuration file?
+ +`kubectl apply -f some-secret.yaml` +
+ +
+What the following in Deployment configuration file means? + +``` +spec: + containers: + - name: USER_PASSWORD + valueFrom: + secretKeyRef: + name: some-secret + key: password +``` +
+USER_PASSWORD environment variable will store the value from password key in the secret called "some-secret" +In other words, you reference a value from a Kubernetes Secret. +
+ #### Kubernetes Storage
@@ -5362,6 +5518,108 @@ False #### Kubernetes Misc +
+You have one Kubernetes cluster and multiple teams that would like to use it. You would like to limit the resources each team consumes in the cluster. Which Kubernetes concept would you use for that?
+ +Namespaces will allow to limit resources and also make sure there are no collisions between teams when working in the cluster (like creating an app with the same name). +
+ +
+What Kube Proxy does?
+
+ +
+What "Resources Quotas" are used for and how?
+
+ +
+Explain ConfigMap
+ +Separate configuration from pods. +It's good for cases where you might need to change configuration at some point but you don't want to restart the application or rebuild the image so you create a ConfigMap and connect it to a pod but externally to the pod. + +Overall it's good for: +* Sharing the same configuration between different pods +* Storing external to the pod configuration +
+ +
+How to use ConfigMaps?
+ +1. Create it (from key&value, a file or an env file) +2. Attach it. Mount a configmap as a volume +
+ +
+Trur or False? Sensitive data, like credentials, should be stored in a ConfigMap
+ +False. Use secret. +
+ +
+Explain "Horizontal Pod Autoscaler"
+ +Scale the number of pods automatically on observed CPU utilization. +
+ +
+When you delete a pod, is it deleted instantly? (a moment after running the command)
+
+ +
+How to delete a pod instantly?
+ +Use "--grace-period=0 --force" +
+ +
+Explain Liveness probe
+
+ +
+Explain Readiness probe
+
+ +
+What does being cloud-native mean?
+
+ +
+Explain the pet and cattle approach of infrastructure with respect to kubernetes
+
+ +
+Describe how you one proceeds to run a containerised web app in K8s, which should be reachable from a public URL.
+
+ +
+How would you troubleshoot your cluster if some applications are not reachable any more?
+
+ +
+Describe what CustomResourceDefinitions there are in the Kubernetes world? What they can be used for?
+
+ +
+What is RBAC?
+
+ +
+ How does scheduling work in kubernetes?
+ +The control plane component kube-scheduler asks the following questions, +1. What to schedule? It tries to understand the pod-definition specifications +2. Which node to schedule? It tries to determine the best node with available resources to spin a pod +3. Binds the Pod to a given node + +View more [here](https://www.youtube.com/watch?v=rDCWxkvPlAw) +
+ +
+ How are labels and selectors used?
+
+ +
Explain what is CronJob and what is it used for
@@ -5374,12 +5632,6 @@ False * BestEffort
-
-Are there any Kuberenets tools you are using?
- -Kubectx, Kubens, ... -
-
Explain Labels. What are they and why would one use them?
@@ -7160,10 +7412,6 @@ Logging
Describe Prometheus architecture and components
-
-Have you set up Prometheus? How did you do it? Describe the process
-
-
Can you compare Prometheus to other solutions like InfluxDB for example?
@@ -7208,7 +7456,6 @@ Alert manager is responsible for alerts ;) What HA in Prometheus means?
-
How do you join two metrics?