Kubernetes Exam A Study Notes

Questions and Answers

Which node component is responsible for running workloads?

• The kubelet
• The kube-proxy
• The container runtime (correct)
• The kube-apiserver

Which API object is the recommended way to run a scalable, stateless application on your cluster?

• DaemonSet
• ReplicaSet
• Pod
• Deployment (correct)

When a CronJob is triggered, which sequence of actions occurs in the cluster?

• CronJob controller creates a Job, which then creates a Pod. (correct)
• Kube-scheduler schedules the CronJob.
• CronJob controller creates a Pod and waits for completion.
• Kubelet directly runs the Pod.

What is the primary function of the kubelet within a Kubernetes cluster?

Acts as an agent that ensures containers are running in a Pod. (B)

When RBAC is enabled, what is the default value for authorization-mode in the Kubernetes API server?

--authorization-mode=RBAC (D)

An organization needs to process large amounts of data in bursts, specifically 1000 compute jobs each Monday morning, with completion required by Monday night. Which method is most cost-effective?

Leverage the Kubernetes Cluster Autoscaler. (C)

What is a Kubernetes service called when it is created without a cluster IP address?

Headless Service (D)

What do the letters 'CI/CD' stand for?

Continuous Integration / Continuous Development (D)

By default, how is data protected within Kubernetes Secrets?

Base64 encoded (C)

What is Kube-proxy's primary function?

Forwarding data to the correct endpoints for Services. (D)

After deprecation, what is the minimum length of time that a stable Kubernetes API element should be supported?

12 months (B)

Which Kubernetes distribution is designed for lightweight loT and edge computing?

k3s (D)

Which Kubernetes component enables automatic management of the number of nodes in your cluster to meet demand?

Cluster Autoscaler (D)

Regarding Open Policy Agent (OPA), which statement is accurate?

Kubernetes can use it to validate requests and apply policies. (D)

In the context of cloud-native technologies, what does the abbreviation 'laC' stand for?

Infrastructure as Code (C)

Which framework abstracts away the complexities of capacity, deployments, scaling, fault tolerance, and OS management from developers?

Kubernetes (B)

Which characteristic is primarily associated with container orchestration?

Dynamic Scheduling (C)

Which workload requires a headless service when deploying into a namespace?

StatefulSet (A)

What is Helm?

A package manager for Kubernetes applications (B)

What is the recommended approach for loading and generating required data before a Pod starts up?

Use an init container with shared file storage. (B)

Which kubectl command will display logs in real time?

kubectl logs -f test-container-1 (B)

What is the core functionality of GitOps tools such as Argo CD and Flux?

They continuously compare desired state in Git with actual production state. (B)

Which Kubernetes resource ensures that a copy of a Pod runs on all (or some) nodes?

DaemonSet (A)

The Kubernetes API can be extended using CRDs and the API Aggregation Layer. What does CRD stand for?

Custom Resource Definition (C)

Kubernetes project work is primarily carried out by SIGs. What does SIG stand for?

Special Interest Group (C)

In Cloud Native Security, what is the correct order of the 4Cs, starting with the layer a user has the most control over?

Code -> Container -> Cluster -> Cloud (C)

Which container runtimes provide additional sandboxed isolation and elevated security?

runsc, kata (B)

Which is the common standard for Service Meshes?

Service Mesh Interface (SMI) (B)

Which statement about Ingress is correct?

Ingress exposes routes from outside the cluster to services in the cluster. (B)

What best describes cloud native service discovery?

It's a mechanism for applications and microservices to locate each other on a network. (A)

What components are common in a service mesh?

service proxy and control plane (D)

Which storage operator in Kubernetes can help the system to self-scale, self-heal, etc?

Rook (D)

What fields must exist in any Kubernetes object (e.g. YAML) file?

apiVersion, kind, metadata (D)

Which activity falls under the responsibilities of a Site Reliability Engineer (SRE)?

Creating a monitoring baseline for an application. (C)

What are the initial namespaces that Kubernetes starts with?

default, kube-system, kube-public, kube-node-lease (C)

What is a probe within Kubernetes?

A diagnostic performed periodically by the kubelet on a container. (A)

What Kubernetes feature helps to maintain application availability and guard against split-brain scenarios in a distributed application?

StatefulSet (D)

What feature must a CNI (Container Network Interface) support to control specific traffic flows for workloads running in Kubernetes?

Network Policies (A)

What is the main role of the Kubernetes DNS within a cluster?

Provides consistent DNS Names for Pods and Services for workloads that need to communicate with each other. (D)

Scenario: You have a Kubernetes cluster hosted in a public cloud provider. When trying to create a Service of type LoadBalancer, the external-ip is stuck in the 'Pending' state. Which Kubernetes component is failing in this scenario?

Cloud Controller Manager (B)

What are the characteristics for building every cloud-native application?

Resiliency, Agility, Operability, Observability (B)

What does CNCF stand for?

Cloud Native Computing Foundation (A)

Kubernetes supports multiple virtual clusters backed by the same physical cluster. What are these virtual clusters called?

namespaces (D)

What component enables end users, different parts of the Kubernetes cluster, and external components to communicate with one another?

Kubernetes API (A)

Which kubectl command will list the resource types that exist within a cluster?

kubectl api-resources (B)

Which of these components is part of the Kubernetes Control Plane?

cloud-controller-manager (A)

What is a key feature of a container network?

Allowing containers running on separate hosts to communicate. (D)

How can you monitor the progress for an updated Deployment/DaemonSets/StatefulSets?

kubectl rollout status (D)

Flashcards

Container Runtime

The component of the node responsible for running workloads.

Deployment

The recommended API object for running scalable, stateless applications on a cluster.

CronJob Controller

Component that creates a Job, then the Job controller creates a Pod and waits until it finishes.

Kubelet purpose in Kubernetes

Agent that runs on each node; ensures containers are running in a Pod.

--authorization-mode

Default value for authorization-mode in Kubernetes API server is RBAC

Cost-Effective Kubernetes Batch Job

Leveraging the Kubernetes Cluster Autoscaler to automatically start and stop nodes as they're needed is cost-effective.

Headless Service

A Kubernetes service with no cluster IP address.

What CI/CD stands for

Continuous Integration / Continuous Development

Kubernetes Secrets Protection Level

Secrets values are base64 encoded

Kube-proxy Function

Forwards data to the correct endpoints for Services.

Kubernetes API Deprecation Support

A stable API element in Kubernetes should be supported for 12 months at minimum after deprecation.

K3s

Lightweight Kubernetes distribution built for IoT and edge computing.

Cluster Autoscaler

Automatically manages the number of nodes in your cluster to meet demand.

Correct statement concerning Open Policy Agent (OPA)

Kubernetes can use it to validate requests and apply policies.

What laC stands for

Infrastructure as Code

Kubernetes Benefit

Framework where developers don't deal with capacity, deployments, scaling, fault tolerance, and OS.

Characteristic associated with container orchestration?

Associated with container orchestration is Dynamic scheduling

Workload Requires Headless Service

StatefulSet requires a headless service.

Helm

A package manager for Kubernetes applications.

Loading Data Before Pod Startup

Use an init container with shared file storage to load and generate data before Pod startup.

Correct kubectl command to display logs in real time

kubectl logs -f test-container-1 is the correct kubectl command to display logs in real time

Core Functionality of GitOps tools

Continuously compare the desired state in Git with the actual production state and notify or act upon differences.

DaemonSet

Ensures that all (or some) nodes run a copy of a Pod

What is CRD

Custom Resource Definition

What SIG stand for?

Special Interest Group

What is the order of 4C's

Code -> Container -> Cluster -> Cloud

Group of container runtimes that provides additional sandboxed isolation and elevated security

runsc, kata

Common standard for Service Meshes?

Service Mesh Interface (SMI)

Correct statement about Ingress

Ingress exposes routes from outside the cluster to services in the cluster.

Cloud Native Service Discovery

Mechanism for applications and microservices to locate each other on a network.

Components are common in a service mesh?

Service proxy and control plane

Which storage operator can help the system to self-scale, self-heal

Rook

Fields must exist in any Kubernetes object file

apiVersion, kind, metadata

Responsibilities of an SRE?

Creating a monitoring baseline for an application.

Initial namespaces that Kubernetes starts with

default, kube-system, kube-public, kube-node-lease

Probe Within Kubernetes

A diagnostic performed periodically by the kubelet on a container.

Study Notes

Exam A Study Notes

Question 1

• The container runtime is the node component responsible for running workloads.

Question 2

• Deployment API object is the recommended way to run scalable, stateless apps on a cluster.

Question 3

• The CronJob controller creates a Job, which then creates a Pod when it's time for the CronJob to run.

Question 4

• Kubelet is an agent that runs on each node in the cluster and ensures containers are running in a Pod.

Question 5

• The default value for authorization-mode in the Kubernetes API server is RBAC (--authorization-mode=RBAC).

Question 6

• Leveraging the Kubernetes Cluster Autoscaler to automatically start and stop nodes is cost-effective for burst data processing.

Question 7

• A Kubernetes service with no cluster IP address is called a Headless Service.

Question 8

• CI/CD stands for Continuous Integration / Continuous Development.

Question 9

• Secrets in the Kubernetes API use base64 encoding for the default level of data protection.

Question 10

• Kube-proxy forwards data to the correct endpoints for Services within a cluster.

Question 11

• A stable Kubernetes API element should be supported for at least 12 months after deprecation.

Question 12

• k3s is the name of the lightweight Kubernetes distribution built for IoT and edge computing.

Question 13

• Kubernetes Cluster Autoscaler allows automatic management of the number of nodes in a cluster.

Question 14

• Kubernetes can use the Open Policy Agent (OPA) to validate requests and apply policies.

Question 15

• In cloud-native Infrastructure as Code (IaC) is the management and provisioning of infrastructure through code rather than manual processes.

Question 16

• In a Serverless framework developers no longer handle capacity, deployments, scaling, fault tolerance, and OS.

Question 17

• Dynamic scheduling is associated with container orchestration.

Question 18

• StatefulSet workload requires a headless service while deploying into the namespace.

Question 19

• Helm is a package manager for Kubernetes applications.

Question 20

• To load and generate data required before the Pod startup, use an init container with shared file storage.

Question 21

• The correct kubectl command to display logs in real time is: kubectl logs -f test-container-1.

Question 22

• GitOps tools like Argo CD and Flux continuously compare the desired state in Git with the actual production state.

Question 23

• The DaemonSet Kubernetes resource workload ensures that all, or some, nodes run a copy of a Pod.

Question 24

• CRD stands for Custom Resource Definition.

Question 25

• SIG stands for Special Interest Group.

Question 26

• The order of 4C's in Cloud Native Security, starting with the layer that a user has the most control over is Code -> Container -> Cluster -> Cloud.

Question 27

• runsc and kata container runtimes provides additional sandboxed isolation and elevated security

Question 28

• Service Mesh Interface (SMI) is the common standard for Service Meshes.

Question 29

• Ingress exposes routes from outside the cluster to services in the cluster.

Question 30

• Cloud native service discovery is a mechanism for apps and microservices to locate each other on a network.

Question 31

• A service proxy and control plane are common components in a service mesh.

Question 32

• Rook is a storage operator in Kubernetes that can help the system to self-scale and self-heal.

Question 33

• apiVersion, kind, and metadata fields must exist in any Kubernetes object YAML file.

Question 34

• Creating a monitoring baseline for an application is a responsibility of an SRE (Site Reliability Engineer).

Question 35

• The initial namespaces that Kubernetes starts with are default, kube-system, kube-public, and kube-node-lease.

Question 36

• A probe within Kubernetes is a diagnostic performed periodically by the kubelet on a container.

Question 37

• StatefulSet is the Kubernetes feature to guard against split-brain scenarios with your distributed application.

Question 38

• A CNI must support Network Policies to control specific traffic flows for workloads running in Kubernetes.

Question 39

• The main role of the Kubernetes DNS within a cluster is to provide consistent DNS Names for Pods and Services for workloads that need to communicate with each other.

Question 40

• The Cloud Controller Manager Kubernetes component is failing when the external-ip is stuck in the "Pending" state when trying to create a Service of type LoadBalancer.

Question 41

• Every cloud-native application is characterized by Resiliency, Agility, Operability, and Observability.

Question 42

• CNCF stands for Cloud Native Computing Foundation.

Question 43

• Kubernetes supports multiple virtual clusters backed by the same physical cluster. These virtual clusters are called namespaces.

Question 44

• The Kubernetes API enables communication between end-users, different parts of the Kubernetes cluster, and external components.

Question 45

• The command "kubectl api-resources" will list the resource types that exist within a cluster.

Question 46

• The Cloud Controller Manager is part of the Kubernetes Control Plane.

Question 47

• The Cloud Controller Manager is part of the Kubernetes Control Plane.

Question 48

• A key feature of a container network is allowing containers running on separate hosts to communicate.

Question 49

• Progress for an updated Deployment/DaemonSets/StatefulSets can be monitored using kubectl rollout status.

Question 50

• The goal of load balancing is to automatically distribute requests across instances of an application.

Question 51

• Deployments manage ReplicaSets and provide declarative updates to Pods.

Question 52

• Pod memory requests, node taints, and Pod affinity influence the Kubernetes scheduler when it places Pods on nodes.

Question 53

• Gauge is the core metric type in Prometheus used to represent a single numerical value that can go up and down.

Question 54

• Labels are the primary mechanism to identify grouped objects in a Kubernetes cluster.

Question 55

• The Kubernetes resource used to expose an application is called a Service.

Question 56

• A DaemonSet ensures a specific set of nodes run a copy of a Pod.

Question 57

• Traces is the telemetry component representing related distributed events encoding the end-to-end request flow.

Question 58

• CRI-O is responsible for running containers in the Kubernetes platform.

Question 59

• Services and Pods in Kubernetes are YAML objects.

Question 60

• Kube-proxy handles network communications inside and outside of a cluster, using OS packet filtering.

Question 61

• Kube-apiserver exposes the programmatic interface used to create, manage, and interact with Kubernetes objects.

Question 62

• Services without selectors require manual creation of Endpoints.

Question 63

• The command "kubectl explain" retrieves documentation and field definitions for a Kubernetes resource

Question 64

• Linkerd is a lightweight tool for managing traffic flow between services, enforcing access policies and aggregate telemetry data.

Question 65

• ConfigMap Kubernetes resource uses immutable: true boolean field.

Question 66

• Pods can communicate with all other Pods without NAT.

Question 67

• Pod is the resource type used to package sets of containers for scheduling in a cluster.

Question 68

• Kubernetes Service can expose multiple ports where you must specify an unambiguous name for each port.

Question 69

• Site Reliability Engineers are typically responsible for defining, testing, and running an incident management process.

Question 70

• Rolling update is the default deployment strategy in Kubernetes.

Question 71

• The command "kubectl explain deployment.spec.replicas" provides information about the field replicas within the spec resource of a deployment object.

Question 72

• Outlining the project's "terms of engagement" is a responsibility of the governance board of an open-source project.

Question 73

• A NetworkPolicy in Kubernetes classifies Pods as isolated and non-isolated.

Question 74

• Network throughput and disk I/O are the most important resources to guarantee the performance of an etcd cluster.

Question 75

• To deploy a workload to Kubernetes without additional tools, create a manifest and apply it with kubectl.

Question 76

• "kubectl exec" is how you perform a command in a running container.

Question 77

• A headless service is created by specifying '.spec.clusterIP: None'

Question 78

• To use dynamic storage provisioning, a user has to include an existing storage class in their PersistentVolumeClaim.

Question 79

• Scheduling, scaling, and manage the health of containers, are tasks performed by a container orchestration tool.

Question 80

• Hybrid cloud a cloud native architecture that uses a combination of services running in different public and private clouds, including on-premises data centers.

Question 81

• A Kubernetes Service Endpoint is an object that gets IP addresses of individual Pods assigned to it.

Question 82

• Cloud Native Architecture is important because it removes constraints to rapid innovation.

Question 83

• A Pod is the smallest deployable unit of computing in Kubernetes.

Question 84

• Answer not provided

Question 85

• Environment variables and DNS are the two primary modes for Service discovery within a Kubernetes cluster.

Question 86

• NET_BIND_SERVICE is an option to add to a container using the Restricted policy.

Question 87

• Methods that can be used to scale a deployment are: kubectl scale deployment and kubectl edit deployment.

Question 88

• Answer not provided

Question 89

• Containerd is the industry-standard container runtime with an emphasis on simplicity, robustness, and portability.

Question 90

• Vertical scaling an application deployment is best described as the act of adding/removing resources to applications to meet demand.

Question 91

• Answer not provided

Question 92

• Serverless computing is a computing method of providing backend services on an as-used basis.

Question 93

• The purpose of the CRI (Container Runtime Interface) is to provide an interface allowing Kubernetes to support pluggable container runtimes.

Question 94

• Answer not provided

Question 95

• Open Container Initiative (OCI) in CNCF develops specifications for industry standards around container formats and runtimes.

Question 96

• v1alpha1, v2beta3, v2 includes valid API versions.

Question 97

• To view the snapshot of previously terminated ruby container logs from Pod web-1, run the following command: kubectl logs -p -c ruby web-1

Question 98

• Service in Kubernetes is an abstraction that defines a logical set of Pods and a policy by which to access them.

Question 99

• Six hosts are required to set up a highly available Kubernetes cluster when using an external etcd topology.

Question 100

• When a new Pod is created and has no assigned node, the kube-scheduler will assign the Pod to a node.

Question 101

• Answer not provided

Question 102

• PersistentVolumeClaim is the resource you use to attach a volume in a Pod.

Question 103

• etcd is the key-value store used to persist Kubernetes cluster data.

Question 104

• Answer not provided

Question 105

• Answer not provided

Question 106

• Answer not provided

Question 107

• Answer not provided

Question 108

• Answer not provided

Question 109

• Answer not provided

Question 110

• Answer not provided