- What is Kubernetes?
Ans. Kubernetes is an open-source container orchestration platform written in the Go programming language. Also known as K8, Kubernetes was originally designed by google and is now maintained by the Cloud Native Computing Foundation. It automates the tasks of management, monitoring, deploying, scaling, and load-balancing of applications. It also helps in managing several containers which provide for logical units that can be discovered and managed.
- What are the features/benefits of Kubernetes?
Ans. Below are some of the features of Kubernetes:
- Automatic scheduling – Advanced scheduler to launch containers on cluster nodes.
- Automated rollouts & rollback – Supports rollouts and rollbacks.
- Horizontal scaling – Scale applications up or down as per requirements.
- Storage orchestration – Automatically mount the storage system of your choice.
- Self-healing capabilities – Reschedule, replace, and restart containers that have died or failed.
- Load balancing – Offers Pods their own IP addresses and a single DNS name for a set of Pods, and can load-balance across them.
- Secret and configuration management – Lets you store and manage sensitive information
- Allows you to create predictable infrastructure.
- Explain the Kubernetes architecture.
Ans. Kubernetes follows a client-server architecture. Its architecture components include the Kubernetes control plane and the nodes in the cluster:
Kubernetes Master (Control Plane) Architecture
- etcd cluster – It is a distributed key-value storage that stores the Kubernetes cluster data, API objects, and service discovery details.
- kube-apiserver – It is the central management entity that receives all REST requests for modifications, serving as a frontend to the cluster.
- kube-controller-manager – It runs distinct controller processes in the background to regulate the shared state of the cluster and perform routine tasks.
- cloud-controller-manager – Manages controller processes with dependencies on the underlying cloud provider (if applicable).
- kube-scheduler – Schedules the pods on the various nodes based on resource utilization. It reads the service’s operational requirements and schedules it on the best fit node.
Node (Worker) Components
- kubelet – It is the main service on a node that takes new or modified pod specifications and ensures that pods and their containers are running in the desired state
- kube-proxy – It is a network proxy that runs on each worker node to deal with individual host subnetting and expose services to the external world. It sends requests for work to the appropriate containers.
- container runtime – Responsible for running the containerized applications.
Kubernetes Concepts
- Pods – They are the smallest units that Kubernetes administers. It constitutes a set of containers. A pod can have a single container when the service or application is a single process.
- Deployments – Deployments determine the scale at which one wants to run an application.
- Services – It is the interface that the application consumers deal with. It represents a logical set of pods and acts as a gateway, enabling pods to send requests to the service.
- Nodes – It is a single host capable of running on a virtual machine. It runs both Kube-proxy and Kubelet, which are a part of the cluster. A Kubernetes node collects, runs, and manages pods that function together.
- What is the difference between Kubernetes and Docker Swarm?
Ans. Below are the differences between Kubernetes and Docker Swarm:
Kubernetes | Docker Swarm |
Applications can be deployed using microservices, deployments, and pods. | Applications can be used only as microservices. |
Provides an auto-scaling feature. | Does not provide an auto-scaling feature. |
Manually configures load balancing. | It does auto load balancing. |
Installation is long, complicated, and time-consuming. | Installation is easy and fast. |
GUI is available. | GUI not available. |
Has built-in tools for managing logging and monitoring processes. | Does not require using any tools for logging and monitoring |
Cluster strength is strong. | Cluster strength is weak compared to Kubernetes. |
- List some recommended security measures for Kubernetes.
Ans. Below are some recommended security measures for Kubernetes:
- Enable Role-Based Access Control (RBAC)
- Keep Kubernetes up to date
- Use API authentication
- Restrict SSH access
- Protect ETCD with TLS and Firewall
- Isolate Kubernetes Nodes
- Implementing a pod security policy
- Turn on Audit Logging
- Implement Network Segmentation
- Ensure that the kube-dashboard applies a restrictive RBAC policy
- Use images from repositories that are authorized
- Conduct security and vulnerability scanning regularly
- What is the role of the Kubernetes Controller Manager (kube-controller-manager)?
Ans. A Kubernetes Controller Manager is a Kubernetes control plane component that runs controller processes. It ensures the desired state of the cluster matches the observed state. It is a daemon that embeds the core control loops shipped with Kubernetes. Some types of these controllers are:
- Node controller
- Job controller
- Replication controller
- Endpoints controller
- Service Account & Token controller
- Name different types of Kubernetes Volume.
Ans. Below are some types of Kubernetes Volume are:
- emptyDir
- hostPath
- nfs
- awsElasticBlockStore
- rbd
- glusterfs
- persistentVolumeClaim
- azureDiskVolume
- cephfs
- downwardAPI
- Which three namespaces are available on new clusters?
Ans. The following are the three namespaces available on new clusters
- default: It is the default namespace for objects with no other namespace. This namespace acts as the main target for new user-added resources until alternative namespaces are created.
- kube-system: It is the namespace for objects created by the Kubernetes system.
- kube-public: It is globally readable by all users with or without authentication. It helps in exposing any cluster information necessary to bootstrap components. Its public aspect is only a convention and not a requirement.
- Name the different types of Kubernetes services?
Ans. The following are the different types of Kubernetes services:
- ClusterIP (Default type) – It exposes a service on an internal IP in the cluster.
- NodePort – It exposes the service on the IP of each node at a static port.
- LoadBalancer – It creates an external load balancer in the current cloud (if supported) and assigns a fixed, external IP to the Service.
- ExternalName – It maps the service to a predefined externalName field by returning a value for the CNAME record.
- What is Kubectl?
Ans. Kubectl is a command-line interface (CLI) that that allows you to run commands against Kubernetes clusters. It authenticates the Master Node of your cluster and makes API calls to do a variety of management actions. It controls the Kubernetes cluster manager through different create and manage commands on the Kubernetes component. Kubectl allows users to deploy applications, inspect and manage cluster resources, and view logs.
Syntax:
Below is the syntax to run kubectl commands from terminal window:
kubectl [command] [TYPE] [NAME] [flags]