Azure Container and Resource Management

Questions and Answers

What is the purpose of Azure Container Instances?

To manage Azure resources using a domain-specific language.

To deploy Docker images to Azure Function Apps.

To provide full orchestration of multiple containers.

To run isolated containers for simple applications. (correct)

Which statement accurately describes a Bicep file in Azure?

It manages the control plane of an AKS cluster.

It is used solely for deploying Azure Kubernetes Service.

It is a file format for running Docker images.

It is a domain-specific language for deploying Azure resources declaratively. (correct)

What are the two main components of an AKS cluster?

Pods and Docker containers.

Functions and Applications.

Virtual machines and Serverless operations.

Control plane and Node pools. (correct)

What is a key feature of Azure Container Apps?

It is a serverless platform for running containerized applications.

In the context of AKS, what is a pod?

A group of containers that share network and storage resources.

Why might you configure multiple node pools in an AKS cluster?

To isolate deployments for different applications or environments.

Which command is used to run a Bicep file?

az deployment group create --resource-group myResourceGroup --template-file storageAccount.bicep

What does Azure Kubernetes Service (AKS) primarily provide?

Full container orchestration with features like automatic scaling.

What is the primary function of the Azure IP Masq Agent?

To masquerade IP addresses of outgoing traffic for external destinations.

Which of the following components is responsible for configuring iptables rules to forward traffic to pods?

kube-proxy

What should be done to enable auto scaling for nodes in AKS?

Use the cluster autoscaler at the AKS level.

What role does the konnectivity-agent serve in an AKS cluster?

It allows the API server to connect to worker nodes for health checks.

Why should NRGLockdown be used at the node resource group level?

To prevent direct modifications of Azure resources.

Which standard does the Container Storage Interface (CSI) follow?

A standard for providing storage services to containerized applications.

What must be avoided when making changes to outbound rules for an AKS cluster?

Direct modification on the virtual machine scale set.

What is the purpose of the cloud-node-manager in an AKS setup?

To perform health verification of nodes.

What is the primary role of the kube-scheduler in a Kubernetes cluster?

To select a node for new pods that have no assigned node

Which component is responsible for maintaining the overall state of the Kubernetes cluster?

etcd

What does the kubelet do in a Kubernetes environment?

Ensures that containers are running in a pod

Which of the following options is NOT a cost-saving strategy when managing an AKS cluster?

Using Standard_D2s_v3 for node pools

What is the purpose of the cloud-controller-manager in a Kubernetes setup?

To run controllers specific to the cloud provider

What does the term 'Deployment' refer to in the context of Kubernetes?

An object managing similar pods' behavior

Which component serves as a network proxy in a Kubernetes cluster?

kube-proxy

What is a potential benefit of using virtual nodes in AKS?

Burstable scaling backend capabilities

What is the purpose of a ReplicaSet in Kubernetes?

To ensure all nodes have a specific number of pod replicas running.

Which feature of DaemonSet ensures that one pod runs on every node in the cluster?

One Pod per Node

Which command exposes a resource as a Kubernetes service?

kubectl expose deploy/pod/service --name --type LoadBalancer/ClusterIP/NodePort --port 80

What advantage does a DaemonSet provide when new nodes are added to a cluster?

Automatically schedules the required pods on the new nodes.

Which command retrieves detailed information about resources including system nodes?

kubectl get pod -A

Which Kubernetes service type is used for exposing services externally through a fixed IP address?

LoadBalancer Service

What is the main purpose of the command 'kubectl exec -it -- bash'?

To enter the bash shell of a pod with app access.

How can you access logs specifically from the kube-system namespace?

kubectl logs --namespace kube-system

What feature is represented by the mode=Reconcile label on Kubernetes components?

It ensures that deleted components are automatically recreated.

What command is used to create a local proxy to directly access the Kubernetes API?

kubectl proxy

Study Notes

Azure Web Apps and Function Apps

• Web Apps can host Docker containers
• Function Apps can host Docker containers
• These services allow deployment of Docker images directly

Azure Container Instances

• A great solution for simple applications, task automation, and build jobs
• Supports multiple containers on a single host in a container group
• Suitable for logging, monitoring, or other configurations where a service needs a second process

Azure Container Apps

• A serverless platform for containerized applications
• Reduces infrastructure and costs

Bicep File

• A domain-specific language (DSL) for deploying Azure resources declaratively
• Simplifies authoring of Azure Resource Manager (ARM) templates
• Easier to manage infrastructure as code

AKS Cluster

• Divided into control plane and nodes
• Node pools isolate deployments of VMs within the same cluster
• Useful for developing multiple environments

Components of an AKS Cluster

• API server (kube-apiserver): Exposes the Kubernetes API
• Kubelet: Ensures containers are running in a pod
• Kube-proxy: Maintains network rules on nodes
• Container runtime: Manages the execution and lifecycle of containers
• etcd: A highly available key-value store for cluster state
• Kube-scheduler: Schedules pods on nodes
• Kube-controller-manager: Manages controllers for various processes (e.g., nodes going down)
• Cloud controller manager: Contains cloud-specific control logic

Cost Considerations for AKS

• Right-size node pools (e.g., Standard_B2s is cheaper than Standard_D2s_v3)
• Consider using spot VMs or virtual nodes for burstable scaling

Replica Set

• Ensures a specific number of pod replicas are running continuously, creating new pods if necessary

DaemonSet

• Guarantees a specific pod runs on all nodes or a specific subset of nodes
• Useful for tasks requiring direct interaction with nodes (e.g., monitoring, networking agents)

Commands

• kubectl commands (e.g., install-cli, get-credentials, run, describe, exec, top pod/node, create deploy, expose deploy/service) are used to interact with AKS clusters directly or through a proxy
• Using kubectl to build a declarative YAML file is possible
• Connecting directly to the Kubernetes API is feasible

Node-Shell Plugin

• A third-party plugin that allows shell access to Kubernetes nodes

Azure IP Masquerade Agent

• Acts as an IP masquerading agent, improving outgoing traffic for external destinations

CoreDNS and CoreDNS Autoscaler

• Part of the storage system (CSI)
• Improved and standardised container storage
• Aids in storage management

Kubernetes Resource Group Customisations

• To enable auto-scaling of nodes, configuration customizations should be made within the AKS cluster settings, not the virtual machine scale sets
• Outbound rule changes for load balancers should be managed through the AKS cluster.

Description

Explore the key concepts of Azure Web Apps, Function Apps, and Container Instances. Understand Bicep files for deploying Azure resources and the intricate components of an AKS Cluster. This quiz will enhance your knowledge of cloud infrastructure and containerization in Azure.