Kubernetes objects 1
Job
Describe what Job is in Kubernetes context.
What does it create?
Describe a use case when you would need a Job.
A job creates one or more pods and ensures that a specified number of them successfully terminate.
Jobs manage the task as it runs to completion, rather than managing an ongoing desired state.
You can use Job for large computation or batch-oriented tasks - e.g. sending emails at the end of month (if you define a CronJob)
What do containers in a Pod share?
Can containers from a single Pod span multiple Nodes? If yes, what is the kubectl command to run it like that?
Containers in a Pod share:
- storage (Volumes), network (IP address)
Containers in a single Pod are co-located and co-scheduled, and run in a shared context on the same Node, they can't span multiple Nodes.
I want to update my application running in K8S with a new image. This application is used just internally by other applications running in K8S.
How would I update it in a zero downtime fashion?
What object(s) do I need to have defined to be able to update it?
When is zero downtime update not possible?
You need to have a Deployment and a Service defined (app handles an internal traffic).
If you want to perform rolling update, you update Deployment with a new image, via kubectl:
kubectl set image <deployment_name> <new_image>
Zero downtime update is not possible if you run just one replica of your app.
What command line tool can you use to operate Kubernetes cluster?
Name at least 3 different top-level commands of this tool.
kubectl
- create, edit, delete, describe, scale, run, set, rollout,...
What is the difference between a container and an image?
A container is a runtime instance of an image, similarly to how an object is a runtime instance of a class in OOP.
Pod
- describe what Pod is in Kubernetes context and give an example of a simple and a more complex Pod
- where does a Pod run (in K8s architecture)?
A Pod is a group of one or more application containers. A Pod is scheduled to run on a Node.
Simple Pod: git2kube app (one container)
More complex Pod: Portal - PHP container + Nginx with static resources (two containers)
When you are creating a Service, which types you can choose from and which one is the default?
Name and describe at least 2 types.
ClusterIP: exposes the service only internally on a cluster IP (default)
NodePort: Exposes the service on each Node’s IP at a static port. You will be able to reach a service on <Node_IP>:<Node_Port>
LoadBalancer: Exposes the service externally using a cloud provider’s load balancer.
ExternalName: Maps the service to the contents of the externalName field (e.g. foo.bar.example.com), by returning a CNAME record with its value. No proxying of any kind is set up.
- You have an app (think openscoring) that takes 3 minutes to start servicing requests (because it is loading a configuration (model)) although the app process starts right away. How would you configure K8S to start routing traffic only after the app is fully up?
- You have an app that after 2 days ends in a deadlock. How can you instruct Kubernetes to automatically restart this app once it is stuck?
- you configure a readiness probe on your container in Deployment - Kubernetes will start routing traffic to the Pod only when readiness probe is returning success
- you configure a liveness probe on your container in Deployment - Kubernetes will restart the Pod once liveness probe fails
Where does kubelet process run and what is it for (name 2 responsibilities)?
Kubelet process runs on Kubernetes nodes and is responsible for communication of Nodes with Kubernetes Master and it also manages the Pods and the containers running on a machine.
What is a fundamental difference between a VM (Virtual machine) and a Docker container from OS point of view?
Containers are lightweight processes that share the kernel of the OS. Multiple containers can run on a single VM.
Virtual Machines have its own Kernel and are usually virtualized via a hypervisor.
Deployment
Describe what Deployment is in Kubernetes context.
What happens when you create a Deployment in Kubernetes? Why would you use a Deployment instead of a Pod?
What happens if a Kubernetes node running the app goes down (from Deployment PoV)
Deployment allows you to update Pods and ReplicaSets in a declarative way and in a controlled manner.
Purpose of Deployment is to keep a set of identical pods running and upgrade them in a controlled way – performing a rolling update by default. Pod doesn't allow you to control the deployment.
When you create a Deployment, Kubernetes master schedules mentioned application instances onto individual Nodes in the cluster - in fact, it creates Pods with containers in them.
If the Node hosting an instance goes down or is deleted, the Deployment controller replaces it (runs it on a different node) - this provides a self-healing mechanism.
What is a DeamonSet in Kubernetes context?
Mention a use case when DeamonSet can be helpful.
What happens with DeamonSet when you add new Nodes to the cluster?
DaemonSets run continuously on every node in your cluster, even as nodes are added or swapped in. This guarantee is particularly useful for setting up global behavior across your cluster, such as:
My application requires a user and a password to the database in order to work. I want to easily change it anytime.
The application can read user and password from environmental variables.
How would you approach defining such an app in Kubernetes? What Kubernetes objects would you use?
Password must be defined in the Secret object (which is base64 encoded).
There are several approaches to defining a user - either you can use ConfigMap or hardcode it to the Deployment itself - you will then either change ConfigMap or Deployment.
In a Deployment, you need to reference both Secret and ConfigMap in env section of the container as a valueFrom->secretKeyRef or configMapRef.
How can be a ConfigMap consumed in Kubernetes? Name at least 2 options.
ConfigMap can be consumed through:
- environment variables
- mounted as a volume
- as command line arguments
You need to persist some data throughout container restarts. How would you do it? Mention 2 options.
(connecting from the container to a remote DB doesn't count)
- mount a directory from host to the container (bind mount)
- use docker volumes (volume containers)
Service
Describe what is a Service in Kubernetes context?
What is the primary use case of a Service?
What role do labels and label selectors play in a Service?
A Kubernetes Service is an abstraction layer which defines a logical set of Pods and enables external traffic exposure, load balancing and service discovery for those Pods.
You usually define a Service to expose your application to a traffic (internal or external one)
With labels and label selectors, you define which pods should be part of the Service.
What is a difference between PersistentVolume and PersistentVolumeClaim?
Explain both concepts and when would you use each.
A PersistentVolume (PV) is a piece of storage in the cluster that has been provisioned by an administrator.
A PersistentVolumeClaim (PVC) is a request for storage by a user. Claims can request specific size and access modes (e.g., can be mounted once read/write or many times read-only).
A twist: cluster can be configured so that it automatically provisions PersistentVolume according to PersistentVolumeClaim.
I have a Pod in 2 replicas running in K8S, the application A running in a container in that Pod can be called on port 4500, the Pod is labeled with "app: coolApp" and running in a namespace "test".
Now I want to call this application A from a different application B running in K8S, but only inside the cluster - how would I do that? What do I need to define to make it work?
I need to first define a Service named "service-a" with selector "app: coolApp" and type ClusterIp to expose a service running on port 4500.
Then from the different app B I can call the application as:
service-a.test.svc:4500
and Kubernetes takes care of routing and service discovery.
In Kubernetes, through objects you define a desired state of the cluster.
Do you know what (kubernetes abstraction) ensures that the desired state is met? Give at least one specific example.
The desired state of the cluster is managed by Controllers.
Controller is a control loop that watches the shared state of the cluster through the apiserver and makes changes attempting to move the current state towards the desired state.
An example of a controller is ReplicationController that ensures that a given number of replicas are running.
Describe in detail what happens when you run docker build and your Dockerfile contains:
FROM ubuntu:xenial
RUN groupadd -r mongodb && useradd -r -g mongodb mongodb
RUN mkdir /docker-entrypoint-initdb.d
ENV GOSU_VERSION 1.10
ARG MONGO_PACKAGE=mongodb-org-unstable
EXPOSE 27017
CMD ["mongod"]
What would happen if you run it twice? How many layers will the resulting image have?
It downloads ubuntu image from Dockerhub and on top of that runs every command specified in Dockerfile (RUN groupadd && useradd, RUN mkdir, ENV..)
If you run it twice, the build will be really quick, because all layers have been cached during the first build.
Only RUN, COPY and ADD create layers, so the resulting image will have ubuntu:xenial_layers+2
StatefulSet
Describe what StatefulSet is in Kubernetes context. When would you need a StatefulSet?
How does it differ from a Deployment?
Describe persistence aspects of a StatefulSet in relation to pod rescheduling.
StatefulSet manages the deployment and scaling of a set of Pods. (=like Deployment).
StatefulSet is useful when you want (among others) a stable, persistent storage - stable through Pod reschedules.
Differences from Deployment:
- StatefulSet provides guarantees about the ordering and uniqueness of these Pods.
- StatefulSet maintains a sticky identity for each of their Pods - they are always rescheduled to the same Node
Ingress
Describe what ingress is in Kubernetes context.
What capabilities does it usually have (name at least 2)?
What is a difference between Ingress and a Service with type LoadBalancer?
An API object that manages external access to the services in a cluster, typically HTTP.
Ingress can provide load balancing, SSL termination and name-based virtual hosting (and more).
The difference between Ingress and Service with type LoadBalancer is that Ingress can route to multiple services (based on name/path) whereas Service exposes just one service (itself)
You want to run 2 different applications - AppA and AppB on one domain (which is not yet registered), but with different paths:
AppA: https://bestapp.com/appA
AppB: https://bestapp.com/appB
How would you define and expose them in Kubernetes with no more than 5 Kubernetes objects (provided that there are just simple apps with no need of secrets or persistence)?
First, you need to define a Deployment for both apps - DeploymentA and DeploymentB.
Then, you need to define a Service for both apps - ServiceA and ServiceB, type ClusterIP (which is the default).
Since you need to expose both services on a domain, which is not yet created, you need to define an Ingress - which registers the domain and if connected to cert manager handles creating SSL certificates for you.
This Ingress will route /appA to ServiceA and /appB to ServiceB.
Describe what is a privileged mode option when you run containers and mention a use case when you would need it.
Container running in privileged mode can access host resources directly (network, cpu metrics).
Use cases:
- running docker in docker - Jenkins slave in docker building docker images
- container in K8S scraping metrics about K8S nodes (CPU, memory,..)