Azure Container and Resource Management

Questions and Answers

What is the purpose of Azure Container Instances?

• To manage Azure resources using a domain-specific language.
• To deploy Docker images to Azure Function Apps.
• To provide full orchestration of multiple containers.
• To run isolated containers for simple applications. (correct)

Which statement accurately describes a Bicep file in Azure?

• It manages the control plane of an AKS cluster.
• It is used solely for deploying Azure Kubernetes Service.
• It is a file format for running Docker images.
• It is a domain-specific language for deploying Azure resources declaratively. (correct)

What are the two main components of an AKS cluster?

• Pods and Docker containers.
• Functions and Applications.
• Virtual machines and Serverless operations.
• Control plane and Node pools. (correct)

What is a key feature of Azure Container Apps?

It is a serverless platform for running containerized applications. (D)

In the context of AKS, what is a pod?

A group of containers that share network and storage resources. (B)

Why might you configure multiple node pools in an AKS cluster?

To isolate deployments for different applications or environments. (B)

Which command is used to run a Bicep file?

az deployment group create --resource-group myResourceGroup --template-file storageAccount.bicep (A)

What does Azure Kubernetes Service (AKS) primarily provide?

Full container orchestration with features like automatic scaling. (A)

What is the primary function of the Azure IP Masq Agent?

To masquerade IP addresses of outgoing traffic for external destinations. (A)

Which of the following components is responsible for configuring iptables rules to forward traffic to pods?

kube-proxy (B)

What should be done to enable auto scaling for nodes in AKS?

Use the cluster autoscaler at the AKS level. (D)

What role does the konnectivity-agent serve in an AKS cluster?

It allows the API server to connect to worker nodes for health checks. (C)

Why should NRGLockdown be used at the node resource group level?

To prevent direct modifications of Azure resources. (C)

Which standard does the Container Storage Interface (CSI) follow?

A standard for providing storage services to containerized applications. (A)

What must be avoided when making changes to outbound rules for an AKS cluster?

Direct modification on the virtual machine scale set. (D)

What is the purpose of the cloud-node-manager in an AKS setup?

To perform health verification of nodes. (C)

What is the primary role of the kube-scheduler in a Kubernetes cluster?

To select a node for new pods that have no assigned node (A)

Which component is responsible for maintaining the overall state of the Kubernetes cluster?

etcd (B)

What does the kubelet do in a Kubernetes environment?

Ensures that containers are running in a pod (B)

Which of the following options is NOT a cost-saving strategy when managing an AKS cluster?

Using Standard_D2s_v3 for node pools (A)

What is the purpose of the cloud-controller-manager in a Kubernetes setup?

To run controllers specific to the cloud provider (B)

What does the term 'Deployment' refer to in the context of Kubernetes?

An object managing similar pods' behavior (B)

Which component serves as a network proxy in a Kubernetes cluster?

kube-proxy (B)

What is a potential benefit of using virtual nodes in AKS?

Burstable scaling backend capabilities (A)

What is the purpose of a ReplicaSet in Kubernetes?

To ensure all nodes have a specific number of pod replicas running. (C)

Which feature of DaemonSet ensures that one pod runs on every node in the cluster?

One Pod per Node (B)

Which command exposes a resource as a Kubernetes service?

kubectl expose deploy/pod/service --name --type LoadBalancer/ClusterIP/NodePort --port 80 (A)

What advantage does a DaemonSet provide when new nodes are added to a cluster?

Automatically schedules the required pods on the new nodes. (D)

Which command retrieves detailed information about resources including system nodes?

kubectl get pod -A (D)

Which Kubernetes service type is used for exposing services externally through a fixed IP address?

LoadBalancer Service (A)

What is the main purpose of the command 'kubectl exec -it -- bash'?

To enter the bash shell of a pod with app access. (B)

How can you access logs specifically from the kube-system namespace?

kubectl logs --namespace kube-system (A)

What feature is represented by the mode=Reconcile label on Kubernetes components?

It ensures that deleted components are automatically recreated. (D)

What command is used to create a local proxy to directly access the Kubernetes API?

kubectl proxy (A)

Flashcards

Azure Container Instances (ACI)

Azure Container Instances (ACI) is a service for running isolated containers in Azure. It's a good choice for simple applications, task automation, and build jobs. For more complex needs like service discovery, automatic scaling, and coordinated upgrades, Azure Kubernetes Service (AKS) is recommended.

Azure Container Apps

Azure Container Apps is a serverless platform that allows you to run containerized applications with minimal infrastructure management. It offers advantages like cost efficiency and reduced maintenance.

Bicep

Bicep is a domain-specific language (DSL) for deploying Azure resources declaratively. It simplifies the creation and management of infrastructure as code (IaC) compared to Azure Resource Manager (ARM) templates.

AKS Cluster

An AKS cluster consists of two components: The control plane, managed by Azure, and worker nodes (virtual machines).

Node Pool in AKS

A node pool is a group of identical virtual machines within an AKS cluster, providing a dedicated and isolated environment for your deployments. You can create multiple node pools for different environments, like development and production.

Pod in Kubernetes

A pod is a fundamental unit of deployment in Kubernetes. It represents a group of one or more containers that share resources and network. Typically, a pod has a 1:1 mapping with a container, but you can run multiple containers within a single pod.

Deploying Docker Images

You can deploy Docker images to both Azure Web Apps and Azure Functions Apps.

What does the kube-apiserver do?

The API server exposes the Kubernetes API, allowing requests to the cluster from within and outside.

What is etcd's role in Kubernetes?

etcd is a highly available key-value store that manages the state and configuration of your Kubernetes cluster.

What is the primary task of the kube-scheduler?

The scheduler is responsible for deciding where pods should run, choosing the best node based on various factors.

What does the kube-controller-manager handle?

The controller manager runs various control processes to monitor the cluster's health and respond to events, such as node failures.

What is the purpose of the cloud-controller-manager?

The cloud controller manager runs specialized controllers for cloud providers, managing resources like load balancers.

What does kubelet do on worker nodes?

kubelet is a service running on each worker node responsible for ensuring containers are running within pods.

How does kube-proxy manage network communication?

kube-proxy handles network rules on each node, ensuring pods can communicate with each other and the outside world.

What is the role of the container runtime?

The container runtime manages the lifecycle and execution of containers, controlling how they start, stop, and interact.

What is a ReplicaSet?

A Kubernetes object that ensures a specific number of pod replicas are running at any time, even in the event of failure. It automatically creates a new pod to replace a failed one.

What is a DaemonSet?

A Kubernetes controller that ensures a specific pod runs on all nodes (or a specific subset of nodes) in a cluster. It automatically schedules pods on new nodes.

What is a ClusterIP Service?

A type of Kubernetes Service that exposes a service on a specific cluster IP address. It is only accessible within the cluster.

What is a NodePort Service?

A Kubernetes Service that exposes applications on a specific node port. It allows access from outside the cluster.

What is a LoadBalancer Service?

A Kubernetes service that provides external access to your application. It assigns a public IP address to the service.

What are Secrets in Kubernetes?

A Kubernetes object used to store sensitive information, such as passwords or API keys. It keeps this information secure.

What are ConfigMaps in Kubernetes?

A Kubernetes object used to store configuration data for applications, like database connection strings or API endpoints. It makes it easy to manage configuration across multiple environments.

What is a Namespace in Kubernetes?

A Kubernetes object that provides a logical grouping for resources. It helps to organize and manage resources within a cluster.

What is kubectl?

A command-line tool used to interact with Kubernetes clusters. It allows you to create, manage, and monitor Kubernetes resources.

What is the kubectl run command used for?

A command used to launch a new pod in Kubernetes. It takes an image as input and creates a pod based on that image.

Kube-proxy

A Kubernetes component that configures iptables rules on each node to forward traffic to pods. It ensures that pods, which are ephemeral, can be reached by external services.

Azure IP Masq Agent

A component that acts as an IP masquerading agent, handling outgoing traffic from pods to external destinations. It can be configured to exclude specific IP ranges, allowing traffic within those ranges to retain its original pod IPs.

Container Storage Interface (CSI)

A standard for providing storage services to containerized applications. It simplifies integrating storage with Kubernetes by allowing plugins to be developed and deployed independently.

Infrastructure Resource Group

This Azure resource group, encompassing the Azure resources used in your AKS cluster, should be customized using AKS node pools. Avoid directly modifying its resources, as it can disrupt cluster functionality.

CoreDNS

A DNS service for Kubernetes clusters, offering name resolution for services within the cluster.

Konnectivity agent

A component responsible for establishing network connections between the API server and worker nodes. It handles essential tasks like health checks and managing pod and node status.

Route Table

A mechanism for distributing traffic from pods to nodes. It ensures traffic is routed efficiently based on rules and configurations.

Study Notes

Azure Web Apps and Function Apps

• Web Apps can host Docker containers
• Function Apps can host Docker containers
• These services allow deployment of Docker images directly

Azure Container Instances

• A great solution for simple applications, task automation, and build jobs
• Supports multiple containers on a single host in a container group
• Suitable for logging, monitoring, or other configurations where a service needs a second process

Azure Container Apps

• A serverless platform for containerized applications
• Reduces infrastructure and costs

Bicep File

• A domain-specific language (DSL) for deploying Azure resources declaratively
• Simplifies authoring of Azure Resource Manager (ARM) templates
• Easier to manage infrastructure as code

AKS Cluster

• Divided into control plane and nodes
• Node pools isolate deployments of VMs within the same cluster
• Useful for developing multiple environments

Components of an AKS Cluster

• API server (kube-apiserver): Exposes the Kubernetes API
• Kubelet: Ensures containers are running in a pod
• Kube-proxy: Maintains network rules on nodes
• Container runtime: Manages the execution and lifecycle of containers
• etcd: A highly available key-value store for cluster state
• Kube-scheduler: Schedules pods on nodes
• Kube-controller-manager: Manages controllers for various processes (e.g., nodes going down)
• Cloud controller manager: Contains cloud-specific control logic

Cost Considerations for AKS

• Right-size node pools (e.g., Standard_B2s is cheaper than Standard_D2s_v3)
• Consider using spot VMs or virtual nodes for burstable scaling

Replica Set

• Ensures a specific number of pod replicas are running continuously, creating new pods if necessary

DaemonSet

• Guarantees a specific pod runs on all nodes or a specific subset of nodes
• Useful for tasks requiring direct interaction with nodes (e.g., monitoring, networking agents)

Commands

• kubectl commands (e.g., install-cli, get-credentials, run, describe, exec, top pod/node, create deploy, expose deploy/service) are used to interact with AKS clusters directly or through a proxy
• Using kubectl to build a declarative YAML file is possible
• Connecting directly to the Kubernetes API is feasible

Node-Shell Plugin

• A third-party plugin that allows shell access to Kubernetes nodes

Azure IP Masquerade Agent

• Acts as an IP masquerading agent, improving outgoing traffic for external destinations

CoreDNS and CoreDNS Autoscaler

• Part of the storage system (CSI)
• Improved and standardised container storage
• Aids in storage management

Kubernetes Resource Group Customisations

• To enable auto-scaling of nodes, configuration customizations should be made within the AKS cluster settings, not the virtual machine scale sets
• Outbound rule changes for load balancers should be managed through the AKS cluster.