K8S Core¶
157 cards — 🟢 37 easy | 🟡 74 medium | 🔴 31 hard
🟢 Easy (37)¶
1. What is the role of the kube-proxy in Kubernetes networking?
Show answer
Network proxy that runs on each node in the cluster.Maintains network rules on nodes, enabling communication between pods and services.
Implements load balancing for services with multiple pod instances.
kube-proxy plays a key role in Kubernetes networking by managing network connectivity for pods and services. It ensures that communication is correctly routed between pods and facilitates the exposure of services to the external network. Load balancing of service traffic is achieved by kube-proxy distributing requests among the available pod instances.
2. What is etcd and what role does it play in Kubernetes?
Show answer
Kubernetes uses etcd as a distributed key-value store for all of its data, including metadata and configuration data, and allows nodes in Kubernetes clusters to read and write data. Although etcd was purposely built for CoreOS, it also works on a variety of operating systems (e.g., Linux, BSD, and OS X) because it is open-source. Etcd represents the state of a cluster at a specific moment in time and is a canonical hub for state management and cluster coordination of a Kubernetes cluster.3. What are the possible Pod phases?
Show answer
* Running - The Pod bound to a node and at least one container is running* Failed/Error - At least one container in the Pod terminated with a failure
* Succeeded - Every container in the Pod terminated with success
* Unknown - Pod's state could not be obtained
* Pending - Containers are not yet running (Perhaps images are still being downloaded or the pod wasn't scheduled yet)
Remember: Use `kubectl explain
4. What is the Kubernetes controller manager?
Show answer
The controller manager is a daemon that is used for embedding core control loops, garbage collection, and Namespace creation. It enables the running of multiple processes on the master node even though they are compiled to run as a single process. The controller manager watches the shared state of the cluster through the API server and makes changes attempting to move the current state towards the desired state.Remember: Controllers run reconciliation loops: desired state vs actual state → take action.
Example: ReplicaSet controller: 2 running, 3 desired → create 1. That's reconciliation.
5. What is the kubelet and what role does it play on each Kubernetes node?
Show answer
The kubelet is a service agent that controls and maintains a set of pods by watching for pod specs through the Kubernetes API server. It preserves the pod lifecycle by ensuring that a given set of containers are all running as they should. The kubelet runs on each node and enables the communication between the master and slave nodes.Remember: kubelet = node agent. Takes PodSpecs, ensures containers are running and healthy.
Under the hood: kubelet talks to container runtime (containerd, CRI-O) via CRI interface.
6. What are Static Pods?
Show answer
[Kubernetes.io](https://kubernetes.io/docs/tasks/configure-pod-container/static-pod/): "Static Pods are managed directly by the kubelet daemon on a specific node, without the API server observing them. Unlike Pods that are managed by the control plane (for example, a Deployment); instead, the kubelet watches each static Pod (and restarts it if it fails)."Remember: Use `kubectl explain
7. True or False? Once a Pod is assisgned to a worker node, it will only run on that node, even if it fails at some point and spins up a new Pod
Show answer
True. Once the scheduler assigns a Pod to a node, it stays bound to that node for its lifetime. If the Pod fails, the controller (Deployment/ReplicaSet) creates a new Pod, which may be scheduled to a different node.Remember: K8s true/false questions test defaults and edge cases. Verify: `kubectl explain`.
8. What is a Kubernetes Pod and why is it the smallest deployable unit?
Show answer
The smallest deployable unit in Kubernetes.Remember: Pod = smallest deployable unit (not a container!). Multiple containers share network + volumes.
Fun fact: "Pod" from "pod of whales" — a group traveling together, like co-located containers.
Gotcha: Pod IP changes on restart. Never rely on pod IPs — use Services for stable endpoints.
9. True or False? Each Pod, when created, gets its own public IP address
Show answer
False. Each Pod gets an IP address but an internal one and not publicly accessible.To make a Pod externally accessible, we need to use an object called Service in Kubernetes.
Remember: K8s true/false questions test defaults and edge cases. Verify: `kubectl explain`.
10. True or False? When a namespace is deleted all resources in that namespace are not deleted but moved to another default namespace
Show answer
False. When a namespace is deleted, the resources in that namespace are deleted as well.Remember: 4 default namespaces: default, kube-system, kube-public, kube-node-lease. Mnemonic: "DSPL."
Gotcha: Never run production workloads in `default` — no quotas, harder RBAC.
11. What are some use cases for using Static Pods?
Show answer
One clear use case is running Control Plane Pods - running Pods such as kube-apiserver, scheduler, etc. These should run and operate regardless of whether some components of the cluster work or not and they should run on specific nodes of the cluster.Remember: Use `kubectl explain
12. What is kube-proxy and how does it handle Kubernetes networking?
Show answer
Kube-proxy is an implementation of a load balancer and network proxy used to support service abstraction with other networking operations. Kube-proxy is responsible for directing traffic to the right container based on IP and the port number of incoming requests. It runs on each node in the cluster.Remember: `--dry-run=client -o yaml` generates manifests. `kubectl explain` shows field schemas.
13. What are controllers?
Show answer
[Kubernetes.io](https://kubernetes.io/docs/concepts/architecture/controller): "In Kubernetes, controllers are control loops that watch the state of your cluster, then make or request changes where needed. Each controller tries to move the current cluster state closer to the desired state."Remember: Use `kubectl explain
14. True or False? By default, pods are isolated. This means they are unable to receive traffic from any source
Show answer
False. By default, pods are non-isolated = pods accept traffic from any source.Remember: K8s true/false questions test defaults and edge cases. Verify: `kubectl explain`.
15. True or False? The "Pending" phase means the Pod was not yet accepted by the Kubernetes cluster so the scheduler can't run it unless it's accepted
Show answer
False. "Pending" is after the Pod was accepted by the cluster, but the container can't run for different reasons like images not yet downloaded.Under the hood: Scheduler: filter (which nodes CAN?) then score (which is BEST?). "Filter then Score."
Remember: Scheduler watches for unassigned pods (no nodeName). It does NOT move running pods.
16. What is a pod in Kubernetes?
Show answer
Pods are high-level structures that wrap one or more containers. This is because containers are not run directly in Kubernetes. Containers in the same pod share a local network and the same resources, allowing them to easily communicate with other containers in the same pod as if they were on the same machine while at the same time maintaining a degree of isolation.Remember: Pod = smallest deployable unit (not a container!). Multiple containers share network + volumes.
Fun fact: "Pod" from "pod of whales" — a group traveling together, like co-located containers.
17. What are the types of controller managers?
Show answer
The primary controller managers that can run on the master node are:* Node controller - Responsible for noticing and responding when nodes go down
* Replication controller - Responsible for maintaining the correct number of pods
* Endpoints controller - Populates the Endpoints object
* Service accounts controller - Creates default accounts for new namespaces
* Token controller - Creates tokens for the service accounts
* Namespace controller - Manages the lifecycle of namespaces
Remember: Controllers run reconciliation loops: desired state vs actual state → take action.
Example: ReplicaSet controller: 2 running, 3 desired → create 1. That's reconciliation.
18. What is a Kubernetes cluster and what are its components?
Show answer
A Kubernetes cluster is a group of nodes (machines) managed by the Kubernetes control plane. It consists of: control plane components (API server, etcd, scheduler, controller-manager) and worker nodes running kubelet, kube-proxy, and a container runtime. Use `kubectl cluster-info` to view endpoints.19. True or False? Every cluster must have 0 or more master nodes and at least 1 worker
Show answer
False. A Kubernetes cluster consists of at least 1 master and can have 0 workers (although that wouldn't be very useful...)Remember: K8s true/false questions test defaults and edge cases. Verify: `kubectl explain`.
20. What are the main components of Kubernetes architecture?
Show answer
There are two primary components of Kubernetes Architecture: the master node and the worker node. Each of these components has individual components in them.The master node contains:
* API Server
* Controller Manager
* Scheduler
* etcd
The worker node contains:
* Kubelet
* Kube-proxy
* Container runtime
Remember: Use `kubectl explain
21. What is the "Control Plane"?
Show answer
Components that manage the overall state of the cluster.Remember: Use `kubectl explain
22. True or False? Using the node affinity type "preferredDuringSchedulingIgnoredDuringExecution" means the scheduler can't schedule unless the rule is met
Show answer
False. The scheduler tries to find a node that meets the requirements/rules and if it doesn't it will schedule the Pod anyway.Under the hood: Scheduler: filter (which nodes CAN?) then score (which is BEST?). "Filter then Score."
Remember: Scheduler watches for unassigned pods (no nodeName). It does NOT move running pods.
23. What is a "Namespace"?
Show answer
A way to divide cluster resources between users or teams.Example: `kubectl create ns staging && kubectl config set-context --current --namespace=staging`
Remember: Namespaces = logical isolation. Combine with ResourceQuotas, NetworkPolicies, RBAC.
24. What is the "Kubelet"?
Show answer
An agent on each node that ensures containers are running.Remember: kubelet = node agent. Takes PodSpecs, ensures containers are running and healthy.
Under the hood: kubelet talks to container runtime (containerd, CRI-O) via CRI interface.
25. What is the role of Kube-apiserver?
Show answer
The kube-apiserver validates and provides configuration data for the API objects. It includes pods, services, replication controllers. Also, it provides REST operations and also the frontend of the cluster. This frontend cluster state is shared through which all other components interact.Remember: API server = "front door." kubectl, kubelet, scheduler, controllers all go through it.
Under the hood: Request flow: Authenticate→Authorize→Admit→Validate→etcd. Mnemonic: "AAAVE."
26. True or False? With namespaces you can limit the resources consumed by the users/teams
Show answer
True. With namespaces you can limit CPU, RAM and storage usage.Example: `kubectl create ns staging && kubectl config set-context --current --namespace=staging`
Remember: Namespaces = logical isolation. Combine with ResourceQuotas, NetworkPolicies, RBAC.
27. What is a cluster of containers in Kubernetes?
Show answer
A cluster of containers is a set of machine elements that are nodes. Clusters initiate specific routes so that the containers running on the nodes can communicate with each other. In Kubernetes, the container engine (not the server of the Kubernetes API) provides hosting for the API server.Remember: Use `kubectl explain
28. True or False? A single Pod can be split across multiple nodes
Show answer
False. A single Pod can run on a single node.Remember: K8s true/false questions test defaults and edge cases. Verify: `kubectl explain`.
29. What is a Kubernetes Cluster?
Show answer
Red Hat Definition: "A Kubernetes cluster is a set of node machines for running containerized applications. If you’re running Kubernetes, you’re running a cluster.At a minimum, a cluster contains a worker node and a master node."
Read more [here](https://www.redhat.com/en/topics/containers/what-is-a-kubernetes-cluster)
Remember: Use `kubectl explain
30. What is a Kubernetes node and what components run on it?
Show answer
A node is a virtual or a physical machine that serves as a worker for running the applications.It's recommended to have at least 3 nodes in a production environment.
Remember: Use `kubectl explain
31. Explain what is a Pod
Show answer
A Pod is a group of one or more containers, with shared storage and network resources, and a specification for how to run the containers.Pods are the smallest deployable units of computing that you can create and manage in Kubernetes.
Remember: Pod = smallest deployable unit (not a container!). Multiple containers share network + volumes.
Fun fact: "Pod" from "pod of whales" — a group traveling together, like co-located containers.
32. What is a node in Kubernetes and what runs on it?
Show answer
A worker machine (physical or virtual) that runs containers.Remember: Use `kubectl explain
33. What are Kubernetes namespaces and when should you use them?
Show answer
Namespaces allow you split your cluster into virtual clusters where you can group your applications in a way that makes sense and is completely separated from the other groups (so you can for example create an app with the same name in two different namespaces)Example: `kubectl create ns staging && kubectl config set-context --current --namespace=staging`
Remember: Namespaces = logical isolation. Combine with ResourceQuotas, NetworkPolicies, RBAC.
34. What is a node in Kubernetes?
Show answer
A node is the smallest fundamental unit of computing hardware. It represents a single machine in a cluster, which could be a physical machine in a data center or a virtual machine from a cloud provider. Each machine can substitute any other machine in a Kubernetes cluster. The master in Kubernetes controls the nodes that have containers.Remember: Use `kubectl explain
35. What are Annotations?
Show answer
[Kubernetes.io](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/): "You can use Kubernetes annotations to attach arbitrary non-identifying metadata to objects. Clients such as tools and libraries can retrieve this metadata."Example: `kubectl annotate pod mypod description='Web server' build='v1.2.3'`
Remember: Annotations can't be used in selectors. Store non-identifying metadata.
36. True or False? The scheduler is responsible for both deciding where a Pod will run and actually running it
Show answer
False. While the scheduler is responsible for choosing the node on which the Pod will run, Kubelet is the one that actually runs the Pod.Under the hood: Scheduler: filter (which nodes CAN?) then score (which is BEST?). "Filter then Score."
Remember: Scheduler watches for unassigned pods (no nodeName). It does NOT move running pods.
37. What is a Namespace in Kubernetes?
Show answer
Namespaces are used for dividing cluster resources between multiple users. They are meant for environments where there are many users spread across projects or teams and provide a scope of resources. Namespaces provide a mechanism for isolating groups of resources within a single cluster.Example: `kubectl create ns staging && kubectl config set-context --current --namespace=staging`
Remember: Namespaces = logical isolation. Combine with ResourceQuotas, NetworkPolicies, RBAC.
🟡 Medium (74)¶
1. What the master node is responsible for?
Show answer
The master coordinates all the workflows in the cluster:* Scheduling applications
* Managing desired state
* Rolling out new updates
Remember: Use `kubectl explain
2. What is the role of kube-apiserver aggregation layer in Kubernetes?
Show answer
* kube-apiserver Aggregation Layer: The aggregation layer extends the kube-apiserver to support custom APIs and resources.* It allows third-party APIs and controllers to be seamlessly integrated into the Kubernetes API.
* Facilitates the development and deployment of custom extensions by different organizations or vendors.
* The kube-apiserver aggregation layer enables the Kubernetes API to be extensible, supporting custom resources and APIs beyond the core Kubernetes objects.
* This extensibility is essential for accommodating a wide range of use cases and domain-specific requirements.
3. Which components can't be created within a namespace?
Show answer
Volume and Node.Example: `kubectl create ns staging && kubectl config set-context --current --namespace=staging`
Remember: Namespaces = logical isolation. Combine with ResourceQuotas, NetworkPolicies, RBAC.
4. Discuss the relationship between Kubernetes and container runtimes like Docker and containerd.
Show answer
* Kubernetes and Container Runtimes: Kubernetes interacts with container runtimes to deploy and manage containers.* Common container runtimes include Docker, containerd, and others.
* Kubernetes abstracts the container runtime, allowing flexibility in choosing the underlying technology.
Remember: Use `kubectl explain
5. What happens to running pods if if you stop Kubelet on the worker nodes?
Show answer
When you stop the kubelet service on a worker node, it will no longer be able to communicate with the Kubernetes API server. As a result, the node will be marked as NotReady and the pods running on that node will be marked as Unknown. The Kubernetes control plane will then attempt to reschedule the pods to other available nodes in the cluster.Remember: kubelet = node agent. Takes PodSpecs, ensures containers are running and healthy.
Under the hood: kubelet talks to container runtime (containerd, CRI-O) via CRI interface.
6. Describe how would you delete a static Pod
Show answer
Locate the static Pods directory (look at `staticPodPath` in kubelet configuration file).Go to that directory and remove the manifest/definition of the staic Pod (`rm
Remember: `--dry-run=client -o yaml` generates manifests. `kubectl explain` shows field schemas.
7. How to list all the components that bound to a namespace?
Show answer
`kubectl api-resources --namespaced=true`Remember: 4 default namespaces: default, kube-system, kube-public, kube-node-lease. Mnemonic: "DSPL."
Gotcha: Never run production workloads in `default` — no quotas, harder RBAC.
8. Running kubectl get pods you see Pods in "Pending" status. What would you do?
Show answer
One possible path is to run `kubectl describe podYou might see one of the following:
* Cluster is full. In this case, extend the cluster.
* ResourcesQuota limits are met. In this case you might want to modify them
* Check if PersistentVolumeClaim mount is pending
If none of the above helped, run the command (`get pods`) with `-o wide` to see if the node is assigned to a node. If not, there might be an issue with scheduler.
9. How to get the name of the current namespace?
Show answer
`kubectl config view | grep namespace`Example: `kubectl create ns staging && kubectl config set-context --current --namespace=staging`
Remember: Namespaces = logical isolation. Combine with ResourceQuotas, NetworkPolicies, RBAC.
10. Using node affinity, set a Pod to never schedule on a node where the key is "region" and value is "neverland"
Show answer
`vi pod.yaml````yaml\naffinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: region\n operator: NotIn\n values:\n - neverland\n```
Remember: Node affinity=where. Pod affinity=near whom. Pod anti-affinity=away from whom.
Gotcha: `required`=hard rule (must match). `preferred`=soft (best effort).
11. How can you find out information on a Service related to a certain Pod if all you can use is kubectl exec --
Show answer
You can run `kubectl execVariables such as `[SERVICE_NAME]_SERVICE_HOST`, `[SERVICE_NAME]_SERVICE_PORT`, ...
Example: `kubectl exec -it pod -- /bin/sh`. Multi-container: `--container=name`.
Gotcha: exec needs a running container. For crashed pods: `kubectl logs --previous`.
12. Explain readiness probes
Show answer
readiness probes used by Kubelet to know when a container is ready to start running, accepting traffic.For example, a readiness probe can be to connect port 8080 on a container. Once Kubelet manages to connect it, the Pod is marked as ready
You can read more about it in [kubernetes.io](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes)
Remember: Liveness=alive? Readiness=ready for traffic? Startup=done booting? Three probes, three purposes.
Gotcha: Aggressive liveness probe kills slow starters. Use startup probe or initialDelaySeconds.
13. How many containers can a pod contain?
Show answer
A pod can include multiple containers but in most cases it would probably be one container per pod.There are some patterns where it makes to run more than one container like the "side-car" pattern where you might want to perform logging or some other operation that is executed by another container running with your app container in the same Pod.
Remember: `--dry-run=client -o yaml` generates manifests. `kubectl explain` shows field schemas.
14. Explain liveness probes
Show answer
Liveness probes is a useful mechanism used for restarting the container when a certain check/probe, the user has defined, fails.For example, the user can define that the command `cat /app/status` will run every X seconds and the moment this command fails, the container will be restarted.
You can read more about it in [kubernetes.io](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes)
Remember: Liveness=alive? Readiness=ready for traffic? Startup=done booting? Three probes, three purposes.
Gotcha: Aggressive liveness probe kills slow starters. Use startup probe or initialDelaySeconds.
15. What special namespaces are there by default when creating a Kubernetes cluster?
Show answer
* default* kube-system
* kube-public
* kube-node-lease
Remember: 4 default namespaces: default, kube-system, kube-public, kube-node-lease. Mnemonic: "DSPL."
Gotcha: Never run production workloads in `default` — no quotas, harder RBAC.
16. How to schedule a pod on a node called "node1"?
Show answer
`k run some-pod --image=redix -o yaml --dry-run=client > pod.yaml``vi pod.yaml` and add:
```\nspec:\n nodeName: node1\n```
`k apply -f pod.yaml`
Note: if you don't have a node1 in your cluster the Pod will be stuck on "Pending" state.
Remember: `--dry-run=client -o yaml` generates manifests. `kubectl explain` shows field schemas.
17. You applied a taint with k taint node minikube app=web:NoSchedule on the only node in your cluster and then executed kubectl run some-pod --image=redis but the Pod is in pending state. How to fix it?
Show answer
`kubectl edit po some-pod` and add the following```\n - effect: NoSchedule\n key: app\n operator: Equal\n value: web\n```
Exit and save. The pod should be in Running state now.
Remember: Taint effects: NoSchedule (block), PreferNoSchedule (soft), NoExecute (evict+block).
Example: Add: `kubectl taint nodes n1 key=val:NoSchedule`. Remove: append `-` at end.
18. What kubectl describe pod [pod name] does? command does?
Show answer
Show details of a specific resource or group of resources.Remember: `--dry-run=client -o yaml` generates manifests. `kubectl explain` shows field schemas.
19. Explain the working of the master node in Kubernetes?
Show answer
The master node dignifies the node that controls and manages the set of worker nodes. This kind resembles a cluster in Kubernetes. The nodes are responsible for the cluster management and the API used to configure and manage the resources within the collection. The master nodes of Kubernetes can run with Kubernetes itself, the asset of dedicated pods.Remember: Use `kubectl explain
20. List all the pods with the label "env=prod"
Show answer
`k get po -l env=prod`To count them: `k get po -l env=prod --no-headers | wc -l`
Example: `kubectl label pod mypod app=web tier=frontend`
Remember: Labels = key-value pairs for selection. Services, Deployments, Jobs all use selectors.
21. Check how many pods exist in the "dev" namespace
Show answer
`k get po -n dev`Example: `kubectl create ns staging && kubectl config set-context --current --namespace=staging`
Remember: Namespaces = logical isolation. Combine with ResourceQuotas, NetworkPolicies, RBAC.
22. What does the node status contain?
Show answer
The main components of a node status are:* Address - Contains the hostname, external IP, and internal IP
* Condition - Describes the status of all running nodes
* Capacity - Describes the resources available on the node (CPU, memory, max pods)
* Info - Contains general information about the node (kernel version, Kubernetes version, container runtime details, OS)
Remember: Use `kubectl explain
23. Explain Labels. What are they and why would one use them?
Show answer
Kubernetes labels are key-value pairs that can connect identifying metadata with Kubernetes objects.Example: `kubectl label pod mypod app=web tier=frontend`
Remember: Labels = key-value pairs for selection. Services, Deployments, Jobs all use selectors.
24. How to create components in a namespace?
Show answer
One way is by specifying --namespace like this: `kubectl apply -f my_component.yaml --namespace=some-namespace`Another way is by specifying it in the YAML itself:
```\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: some-configmap\n namespace: some-namespace\n```
and you can verify with: `kubectl get configmap -n some-namespace`
Example: `kubectl create ns staging && kubectl config set-context --current --namespace=staging`
Remember: Namespaces = logical isolation. Combine with ResourceQuotas, NetworkPolicies, RBAC.
25. Discuss the use of Taints and Tolerations in Kubernetes for node affinity.
Show answer
Taints and Tolerations:* Taints are applied to nodes to repel certain pods.
* Tolerations are set in pod specifications to allow them to tolerate taints.
* This mechanism helps influence pod placement based on node affinity requirements.
Remember: "Taints repel, Tolerations permit." Node taints say "stay away unless you tolerate me."
Example: `kubectl taint nodes node1 gpu=true:NoSchedule` — only tolerating pods land there.
26. Which of the following is not a static pod?:
Show answer
kube-proxy - it's a DaemonSet (since it has to be presented on every node in the cluster). There is no one specific node on which it has to run.Remember: Use `kubectl explain
27. You want to run a new Pod and you would like it to be scheduled by a custom scheduler. How to achieve it?
Show answer
Add the following to the spec of the Pod:```\nspec:\n schedulerName: some-custom-scheduler\n```
Under the hood: Scheduler: filter (which nodes CAN?) then score (which is BEST?). "Filter then Score."
Remember: Scheduler watches for unassigned pods (no nodeName). It does NOT move running pods.
28. Which resources are accessible from different namespaces?
Show answer
Services (and a few other cluster-scoped resources like Nodes and PersistentVolumes). A Service in namespace A can be reached from namespace B via `Example: `kubectl create ns staging && kubectl config set-context --current --namespace=staging`
Remember: Namespaces = logical isolation. Combine with ResourceQuotas, NetworkPolicies, RBAC.
29. Create a pod called "kartos" in the namespace dev. The pod should be using the "redis" image.
Show answer
If the namespace doesn't exist already: `k create ns dev``k run kratos --image=redis -n dev`
Example: `kubectl create ns staging && kubectl config set-context --current --namespace=staging`
Remember: Namespaces = logical isolation. Combine with ResourceQuotas, NetworkPolicies, RBAC.
30. There are two containers inside a Pod called "some-pod". What will happen if you run kubectl logs some-pod
Show answer
It won't work because there are two containers inside the Pod and you need to specify one of them with `kubectl logs POD_NAME -c CONTAINER_NAME`Example: `kubectl logs -f pod --previous` — `-f` follows, `--previous` shows crash logs.
Remember: Multi-container: `--container=name`. Without it, errors on multi-container pods.
31. What kube-node-lease contains?
Show answer
It holds information on heartbeats of nodes. Each node gets an object which holds information about its availability.Remember: Use `kubectl explain
32. How to switch to another namespace? In other words how to change active namespace?
Show answer
`kubectl config set-context --current --namespace=some-namespace` and validate with `kubectl config view --minify | grep namespace:`OR
`kubens some-namespace`
Example: `kubectl create ns staging && kubectl config set-context --current --namespace=staging`
Remember: Namespaces = logical isolation. Combine with ResourceQuotas, NetworkPolicies, RBAC.
33. What Kube Proxy does?
Show answer
Kube Proxy is a network proxy that runs on each node in your cluster, implementing part of the Kubernetes Service conceptRemember: Use `kubectl explain
34. What taint effects are there? Explain each one of them
Show answer
`NoSchedule`: prevents from resources to be scheduled on a certain node`PreferNoSchedule`: will prefer to shcedule resources on other nodes before resorting to scheduling the resource on the chosen node (on which the taint was applied)
`NoExecute`: Applying "NoSchedule" will not evict already running Pods (or other resources) from the node as opposed to "NoExecute" which will evict any already running resource from the Node
Remember: Taint effects: NoSchedule (block), PreferNoSchedule (soft), NoExecute (evict+block).
Example: Add: `kubectl taint nodes n1 key=val:NoSchedule`. Remove: append `-` at end.
35. Provide some actual examples of how labels are used
Show answer
* Can be used by the scheduler to place certain Pods (with certain labels) on specific nodes* Used by replicasets to track pods which have to be scaled
Example: `kubectl label pod mypod app=web tier=frontend`
Remember: Labels = key-value pairs for selection. Services, Deployments, Jobs all use selectors.
36. While namespaces do provide scope for resources, they are not isolating them
Show answer
True. Try create two pods in two separate namespaces for example, and you'll see there is a connection between the two.Example: `kubectl create ns staging && kubectl config set-context --current --namespace=staging`
Remember: Namespaces = logical isolation. Combine with ResourceQuotas, NetworkPolicies, RBAC.
37. Create a taint on one of the nodes in your cluster with key of "app" and value of "web" and effect of "NoSchedule". Verify it was applied
Show answer
`k taint node minikube app=web:NoSchedule``k describe no minikube | grep -i taints`
Remember: Taint effects: NoSchedule (block), PreferNoSchedule (soft), NoExecute (evict+block).
Example: Add: `kubectl taint nodes n1 key=val:NoSchedule`. Remove: append `-` at end.
38. Remove an existing taint from one of the nodes in your cluster
Show answer
`k taint node minikube app=web:NoSchedule-`Remember: Taint effects: NoSchedule (block), PreferNoSchedule (soft), NoExecute (evict+block).
Example: Add: `kubectl taint nodes n1 key=val:NoSchedule`. Remove: append `-` at end.
39. Name two controllers you are familiar with
Show answer
1. Node Controller: manages the nodes of a cluster. Among other things, the controller is responsible for monitoring nodes' health - if the node is suddenly unreachable it will evacuate all the pods running on it and will mark the node status accordingly.2. Replication Controller - monitors the status of pod replicas based on what should be running. It makes sure the number of pods that should be running is actually running
Remember: Use `kubectl explain
40. Check what labels one of your nodes in the cluster has
Show answer
`k get no minikube --show-labels`Example: `kubectl label pod mypod app=web tier=frontend`
Remember: Labels = key-value pairs for selection. Services, Deployments, Jobs all use selectors.
41. What is etcd's role in Kubernetes?
Show answer
etcd is the distributed key-value store that Kubernetes uses as its backing store for all cluster data – it holds the state and configuration of the cluster (such as what pods should be running, ConfigMaps, secrets, etc.). It's a critical component for Kubernetes' high availability and consistency.Remember: etcd is the cluster's "brain" — all state lives here. Back up with `etcdctl snapshot save`.
Fun fact: etcd uses Raft consensus. 3 nodes tolerate 1 failure; 5 tolerate 2.
42. What are the components of the master node (aka control plane)?
Show answer
* API Server - the Kubernetes API. All cluster components communicate through it* Scheduler - assigns an application with a worker node it can run on
* Controller Manager - cluster maintenance (replications, node failures, etc.)
* etcd - stores cluster configuration
Remember: Use `kubectl explain
43. How to list the pods in the current namespace?
Show answer
`kubectl get po`Remember: 4 default namespaces: default, kube-system, kube-public, kube-node-lease. Mnemonic: "DSPL."
Gotcha: Never run production workloads in `default` — no quotas, harder RBAC.
44. What are your thoughts on "Pods are not meant to be created directly"?
Show answer
Pods are usually indeed not created directly. You'll notice that Pods are usually created as part of another entities such as Deployments or ReplicaSets.If a Pod dies, Kubernetes will not bring it back. This is why it's more useful for example to define ReplicaSets that will make sure that a given number of Pods will always run, even after a certain Pod dies.
Remember: `--dry-run=client -o yaml` generates manifests. `kubectl explain` shows field schemas.
45. Explain the purpose of the following lines
Show answer
They define a readiness probe where the Pod will not be marked as "Ready" before it will be possible to connect to port 2017 of the container. The first check/probe will start after 15 seconds from the moment the container started to run and will continue to run the check/probe every 20 seconds until it will manage to connect to the defined port.Remember: Use `kubectl explain
46. Using node affinity, set a Pod to schedule on a node where the key is "region" and value is either "asia" or "emea"
Show answer
`vi pod.yaml````yaml\naffinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: region\n operator: In\n values:\n - asia\n - emea\n```
Remember: Node affinity=where. Pod affinity=near whom. Pod anti-affinity=away from whom.
Gotcha: `required`=hard rule (must match). `preferred`=soft (best effort).
47. Check if there are taints on node "master"
Show answer
`k describe no master | grep -i taints`Remember: Taint effects: NoSchedule (block), PreferNoSchedule (soft), NoExecute (evict+block).
Example: Add: `kubectl taint nodes n1 key=val:NoSchedule`. Remove: append `-` at end.
48. Which service and in which namespace the following file is referencing?
Show answer
It's referencing the service "samurai" in the namespace called "jack".Example: `kubectl create ns staging && kubectl config set-context --current --namespace=staging`
Remember: Namespaces = logical isolation. Combine with ResourceQuotas, NetworkPolicies, RBAC.
49. What kubectl get componentstatus does?
Show answer
Outputs the status of each of the control plane components.Remember: Use `kubectl explain
50. How does scheduling work in kubernetes?
Show answer
The control plane component kube-scheduler asks the following questions,1. What to schedule? It tries to understand the pod-definition specifications
2. Which node to schedule? It tries to determine the best node with available resources to spin a pod
3. Binds the Pod to a given node
View more [here](https://www.youtube.com/watch?v=rDCWxkvPlAw)
Remember: `--dry-run=client -o yaml` generates manifests. `kubectl explain` shows field schemas.
51. Create a namespace called 'alle'
Show answer
`k create ns alle`Example: `kubectl create ns staging && kubectl config set-context --current --namespace=staging`
Remember: Namespaces = logical isolation. Combine with ResourceQuotas, NetworkPolicies, RBAC.
52. What process runs on Kubernetes Master Node?
Show answer
The Kube-api server process runs on the master node and serves to scale the deployment of more instances.Remember: Use `kubectl explain
53. How to delete all pods whose status is not "Running"?
Show answer
`kubectl delete pods --field-selector=status.phase!=Running` removes all pods not in Running state. This catches Failed, Succeeded, Pending, and Unknown pods.Gotcha: add `--dry-run=client` first to preview what would be deleted. Use `--field-selector=status.phase==Failed` to target only failed pods specifically.
54. What kubectl logs [pod-name] command does?
Show answer
Prints the logs for a container in a pod.Example: `kubectl logs -f pod --previous` — `-f` follows, `--previous` shows crash logs.
Remember: Multi-container: `--container=name`. Without it, errors on multi-container pods.
55. An engineer form your organization asked whether there is a way to prevent from Pods (with cretain label) to be scheduled on one of the nodes in the cluster. Your reply is:
Show answer
Yes, using taints, we could run the following command and it will prevent from all resources with label "app=web" to be scheduled on node1: `kubectl taint node node1 app=web:NoSchedule`Example: `kubectl label pod mypod app=web tier=frontend`
Remember: Labels = key-value pairs for selection. Services, Deployments, Jobs all use selectors.
56. What can you find in kube-system namespace?
Show answer
* Master and Kubectl processes* System processes
Example: `kubectl create ns staging && kubectl config set-context --current --namespace=staging`
Remember: Namespaces = logical isolation. Combine with ResourceQuotas, NetworkPolicies, RBAC.
57. Why it's common to have only one container per Pod in most cases?
Show answer
One reason is that it makes it harder to scale when you need to scale only one of the containers in a given Pod.Remember: Use `kubectl explain
58. How to check to which worker node the pods were scheduled to? In other words, how to check on which node a certain Pod is running?
Show answer
`kubectl get pods -o wide` shows pod details including the NODE column indicating which worker node each pod runs on. You can also use `kubectl describe pod59. What happens when you delete a Pod?
Show answer
1. The `TERM` signal is sent to kill the main processes inside the containers of the given Pod2. Each container is given a period of 30 seconds to shut down the processes gracefully
3. If the grace period expires, the `KILL` signal is used to kill the processes forcefully and the containers as well
Remember: Use `kubectl explain
60. You are looking for a Pod called "atreus". How to check in which namespace it runs?
Show answer
`k get po -A | grep atreus`Example: `kubectl create ns staging && kubectl config set-context --current --namespace=staging`
Remember: Namespaces = logical isolation. Combine with ResourceQuotas, NetworkPolicies, RBAC.
61. Name the initial namespaces from which Kubernetes starts?
Show answer
Kubernetes starts with three initial namespaces:* default - The default namespace for objects with no other namespace
* kube-system - The namespace for objects created by the Kubernetes system
* kube-public - This namespace is readable by all users and is reserved for cluster usage
Example: `kubectl create ns staging && kubectl config set-context --current --namespace=staging`
Remember: Namespaces = logical isolation. Combine with ResourceQuotas, NetworkPolicies, RBAC.
62. What Kubernetes objects are there?
Show answer
* Pod* Service
* ReplicationController
* ReplicaSet
* DaemonSet
* Namespace
* ConfigMap
...
Remember: Use `kubectl explain
63. How to confirm a container is running after running the command kubectl run web --image nginxinc/nginx-unprivileged
Show answer
* When you run `kubectl describe pods`Status: Running`
* Run a command inside the container: `kubectl exec web -- ls`
Remember: `--dry-run=client -o yaml` generates manifests. `kubectl explain` shows field schemas.
64. How to view the logs of a container running in a Pod?
Show answer
`k logs POD_NAME`Example: `kubectl logs -f pod --previous` — `-f` follows, `--previous` shows crash logs.
Remember: Multi-container: `--container=name`. Without it, errors on multi-container pods.
65. Create a static pod with the image python that runs the command sleep 2017
Show answer
First change to the directory tracked by kubelet for creating static pod: `cd /etc/kubernetes/manifests` (you can verify path by reading kubelet conf file)Now create the definition/manifest in that directory
`k run some-pod --image=python --command sleep 2017 --restart=Never --dry-run=client -o yaml > statuc-pod.yaml`
Remember: `--dry-run=client -o yaml` generates manifests. `kubectl explain` shows field schemas.
66. How view all the pods running in all the namespaces?
Show answer
`kubectl get pods --all-namespaces`Example: `kubectl create ns staging && kubectl config set-context --current --namespace=staging`
Remember: Namespaces = logical isolation. Combine with ResourceQuotas, NetworkPolicies, RBAC.
67. What kube-public contains?
Show answer
* A configmap, which contains cluster information* Publicly accessible data
Remember: Use `kubectl explain
68. Check how many namespaces are there
Show answer
`k get ns --no-headers | wc -l`Example: `kubectl create ns staging && kubectl config set-context --current --namespace=staging`
Remember: Namespaces = logical isolation. Combine with ResourceQuotas, NetworkPolicies, RBAC.
69. What are all the phases/steps of a control loop?
Show answer
- Observe - identify the cluster current state- Diff - Identify whether a diff exists between current state and desired state
- Act - Bring current cluster state to the desired state (basically reach a state where there is no diff)
Remember: Use `kubectl explain
70. You applied a taint with k taint node minikube app=web:NoSchedule on the only node in your cluster and then executed kubectl run some-pod --image=redis. What will happen?
Show answer
The Pod will remain in "Pending" status due to the only node in the cluster having a taint of "app=web".Remember: Taint effects: NoSchedule (block), PreferNoSchedule (soft), NoExecute (evict+block).
Example: Add: `kubectl taint nodes n1 key=val:NoSchedule`. Remove: append `-` at end.
71. How to list all namespaces?
Show answer
`kubectl get namespaces` OR `kubectl get ns`Remember: 4 default namespaces: default, kube-system, kube-public, kube-node-lease. Mnemonic: "DSPL."
Gotcha: Never run production workloads in `default` — no quotas, harder RBAC.
72. What process is responsible for running and installing the different controllers?
Show answer
The kube-controller-manager runs all built-in controllers (ReplicaSet, Deployment, Job, Node, ServiceAccount, etc.) as goroutines in a single process. Each controller watches the API server for its resource type and reconciles desired vs actual state. If kube-controller-manager crashes, no new reconciliation happens until it restarts.73. How to get list of resources which are not bound to a specific namespace?
Show answer
kubectl api-resources --namespaced=falseRemember: 4 default namespaces: default, kube-system, kube-public, kube-node-lease. Mnemonic: "DSPL."
Gotcha: Never run production workloads in `default` — no quotas, harder RBAC.
74. What are the components of a worker node (aka data plane)?
Show answer
* Kubelet - an agent responsible for node communication with the master.* Kube-proxy - load balancing traffic between app components
* Container runtime - the engine runs the containers (Podman, Docker, ...)
Remember: Use `kubectl explain
🔴 Hard (31)¶
1. What is the purpose of the kube-controller-manager in Kubernetes?
Show answer
* kube-controller-manager: The kube-controller-manager runs controller processes that regulate the state of the system.* Various controllers include Node Controller, Replication Controller, and Endpoints Controller.
* Each controller manages specific aspects, ensuring that the desired state is maintained.
* kube-controller-manager hosts multiple controllers, each responsible for specific tasks related to maintaining the desired state of the Kubernetes cluster.
* These controllers work collaboratively to manage nodes, ensure replica sets are maintained, and update endpoints as services change.
Remember: Controllers run reconciliation loops: desired state vs actual state → take action.
Example: ReplicaSet controller: 2 running, 3 desired → create 1. That's reconciliation.
2. Assuming you have multiple schedulers, how to know which scheduler was used for a given Pod?
Show answer
Running `kubectl get events` you can see which scheduler was used.Under the hood: Scheduler: filter (which nodes CAN?) then score (which is BEST?). "Filter then Score."
Remember: Scheduler watches for unassigned pods (no nodeName). It does NOT move running pods.
3. Can you deploy multiple schedulers?
Show answer
Yes, it is possible. You can run another pod with a command similar to:```\nspec:\n containers:\n - command:\n - kube-scheduler\n - --address=127.0.0.1\n - --leader-elect=true\n - --scheduler-name=some-custom-scheduler\n...\n```
Under the hood: Scheduler: filter (which nodes CAN?) then score (which is BEST?). "Filter then Score."
Remember: Scheduler watches for unassigned pods (no nodeName). It does NOT move running pods.
4. What is a Custom Resource Definition (CRD) in Kubernetes and how is it used?
Show answer
CRD (Custom Resource Definition) extends the Kubernetes API with your own resource types.How it works:
- Define a CRD YAML specifying group, version, kind, and schema
- `kubectl apply` the CRD to register the new type
- Now you can create instances of your custom resource like any built-in resource
- Pair with a custom controller (Operator pattern) to add business logic
Example: Define a `Database` CRD, then `kubectl apply -f my-database.yaml` to create managed DB instances. The operator watches for these resources and handles provisioning, backups, and failover.
5. What is the role of the kube-apiserver in Kubernetes?
Show answer
The kube-apiserver is a key component of the Kubernetes control plane and serves as the API server for the entire Kubernetes cluster. It exposes the Kubernetes API, which is used by various components to interact with the cluster, including users, the command-line interface (kubectl), and other Kubernetes master components.The kube-apiserver validates and processes RESTful API requests, enforces security policies, and updates the corresponding objects in etcd, the cluster's distributed key-value store. It acts as the entry point for API requests, making it a critical component for the entire Kubernetes architecture. The API server provides a unified endpoint for communication with the cluster and ensures consistency in the desired state of the system.
6. Explain the main components of Kubernetes architecture.
Show answer
The main components of Kubernetes architecture include:**Master Node:**
* kube-apiserver: Serves as the API server for Kubernetes, handling communication with the cluster.
* etcd: Consistent and highly available key-value store for storing configuration data.
* kube-scheduler: Assigns work (pods) to nodes based on resource availability and constraints.
**Node (Minion) Nodes:**
* kubelet: Acts as the node agent, ensuring that containers are running on the node as expected.
Remember: Use `kubectl explain
7. What happens when you run a Pod with kubectl?
Show answer
1. Kubectl sends a request to the API server (kube-apiserver) to create the Pod1. In the process the user gets authenticated and the request is being validated.
2. etcd is being updated with the data
2. The Scheduler detects that there is an unassigned Pod by monitoring the API server (kube-apiserver)
3. The Scheduler chooses a node to assign the Pod to
1. etcd is being updated with the information
4. The Scheduler updates the API server about which node it chose
5.
8. How annotations different from labels?
Show answer
[Kubernetes.io](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/): "Labels can be used to select objects and to find collections of objects that satisfy certain conditions. In contrast, annotations are not used to identify and select objects. The metadata in an annotation can be small or large, structured or unstructured, and can include characters not permitted by labels."9. Discuss the role of kube-scheduler in the Kubernetes control plane.
Show answer
* kube-scheduler: The kube-scheduler is responsible for scheduling pods onto nodes in the cluster.* It considers factors such as resource availability, affinity, anti-affinity, and user-defined constraints.
* kube-scheduler helps maintain balance and efficiency in the allocation of workloads across the cluster.
* As part of the Kubernetes control plane, kube-scheduler plays a crucial role in optimizing resource utilization.
* It ensures that pods are scheduled onto nodes that meet their requirements and constraints, contributing to the overall health and performance of the cluster.
10. An engineer form your organization told you he is interested only in seeing his team resources in Kubernetes. Instead, in reality, he sees resources of the whole organization, from multiple different teams. What Kubernetes concept can you use in order to deal with it?
Show answer
Namespaces. See the following [namespaces question and answer](#namespaces-use-cases) for more information.Remember: Use `kubectl explain
11. What do you understand by Cloud controller manager?
Show answer
With the help of cloud infrastructure technologies, you can run Kubernetes on them. In the context of Cloud Controller Manager, it is the control plane component that embeds the cloud-specific control logic. This process lets you link the cluster into the cloud provider's API and separates the elements that interact with the cloud platform from components that only interact with your cluster.This also enables the cloud providers to release the features at a different pace compared to the main Kubernetes project. It is structured using a plugin mechanism and allows various cloud providers to integrate their platforms with Kubernetes.
12. Where static Pods manifests are located?
Show answer
Most of the time it's in /etc/kubernetes/manifests but you can verify with `grep -i static /var/lib/kubelet/config.yaml` to locate the value of `statisPodsPath`.It might be that your config is in different path. To verify run `ps -ef | grep kubelet` and see what is the value of --config argument of the process `/usr/bin/kubelet`
The key itself for defining the path of static Pods is `staticPodPath`. So if your config is in `/var/lib/kubelet/config.yaml` you can run `grep staticPodPath /var/lib/kubelet/config.yaml`.
Remember: Use `kubectl explain
13. Why is etcd performance tied to disk latency more than CPU?
Show answer
etcd uses Raft consensus which requires synchronous disk writes for every committed operation.The bottleneck:
1. Raft consensus protocol
- Every write must be persisted before acknowledgment
- Leader writes to WAL (Write-Ahead Log)
- Followers must also persist before ACK
- Quorum requires majority to persist
2. fsync per commit
- etcd calls fsync() after every write batch
- fsync() = wait for disk confirmation
- Network latency + disk latency = total latency
- CPU sits idle waiting for disk
Remember: etcd is the cluster's "brain" — all state lives here. Back up with `etcdctl snapshot save`.
Fun fact: etcd uses Raft consensus. 3 nodes tolerate 1 failure; 5 tolerate 2.
14. What are Custom Resource Definitions (CRDs) in Kubernetes?
Show answer
* Custom Resource Definitions (CRDs): CRDs extend the Kubernetes API to support custom resources defined by users.* They allow users to define and use custom resource types beyond the core Kubernetes objects.
* CRDs are the foundation for creating custom controllers and operators.
* CRDs empower users to extend Kubernetes with domain-specific resources tailored to their applications. By defining custom resources, users can leverage the Kubernetes API and benefit from the same management capabilities for their specialized workloads.
Remember: Use `kubectl explain
15. Describe the role of etcd in a Kubernetes cluster.
Show answer
**etcd:*** Distributed, consistent, and highly available key-value store.
* Stores configuration data, state information, and metadata about the cluster.
* Provides a reliable and centralized data store for the entire Kubernetes control plane.
* etcd ensures consistency among the components of the Kubernetes control plane by serving as the primary data store. It holds critical information such as cluster configuration, node status, and metadata about pods, services, and other resources. Its distributed nature makes it resilient to failures, contributing to the overall reliability of the Kubernetes cluster.
16. How to identify which Pods are Static Pods?
Show answer
There are several ways to identify static pods:1. **Node name suffix**: Static pods have the node name appended as a suffix to their pod name. For example, a static pod from manifest `etcd.yaml` on node `master-01` would be named `etcd-master-01`.
2. **Owner reference**: Static pods have their `ownerReferences` field set to a Node object rather than a ReplicaSet, Deployment, or other controller.
Remember: `--dry-run=client -o yaml` generates manifests. `kubectl explain` shows field schemas.
17. What use cases exist for running multiple containers in a single pod?
Show answer
A web application with separate (= in their own containers) logging and monitoring components/adapters is one examples.A CI/CD pipeline (using Tekton for example) can run multiple containers in one Pod if a Task contains multiple commands.
Remember: Use `kubectl explain
18. You have one Kubernetes cluster and multiple teams that would like to use it. You would like to limit the resources each team consumes in the cluster. Which Kubernetes concept would you use for that?
Show answer
Namespaces will allow to limit resources and also make sure there are no collisions between teams when working in the cluster (like creating an app with the same name).Remember: Use `kubectl explain
19. What are Kubernetes selectors and how do they match resources?
Show answer
[Kubernetes.io](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors): "Unlike names and UIDs, labels do not provide uniqueness. In general, we expect many objects to carry the same label(s).Via a label selector, the client/user can identify a set of objects. The label selector is the core grouping primitive in Kubernetes.
The API currently supports two types of selectors: equality-based and set-based. A label selector can be made of multiple requirements which are comma-separated. In the case of multiple requirements, all must be satisfied so the comma separator acts as a logical AND (&&) operator."
20. Why to use namespaces? What is the problem with using one default namespace?
Show answer
When using the default namespace alone, it becomes hard over time to get an overview of all the applications you manage in your cluster. Namespaces make it easier to organize the applications into groups that makes sense, like a namespace of all the monitoring applications and a namespace for all the security applications, etc.Namespaces can also be useful for managing Blue/Green environments where each namespace can include a different version of an app and also share resources that are in other namespaces (namespaces like logging,
21. Discuss the role of kube-proxy in Kubernetes networking.
Show answer
* kube-proxy Role: kube-proxy is responsible for maintaining network rules on nodes.* It enables communication to and from pods and services.
* Implements load balancing for services with multiple pod instances.
* kube-proxy operates at the network layer, ensuring that communication between pods and services is correctly routed. It plays a crucial role in load balancing service traffic among available pod instances, contributing to the overall stability and performance of the Kubernetes networking model.
Remember: Use `kubectl explain
22. Discuss the importance of readiness and liveness probes in Kubernetes.
Show answer
• Readiness Probe:• Determines when a pod is ready to start accepting traffic.
• Used to avoid directing traffic to pods that are still initializing or experiencing issues.
• Specifies a condition that must be met for the pod to be considered ready.
• Liveness Probe:
• Detects whether a pod is healthy and operational.
• Periodically checks the pod's health, restarting it if the probe fails.
• Helps maintain the overall health and responsiveness of the application.
Remember: Liveness=alive? Readiness=ready for traffic? Startup=done booting? Three probes, three purposes.
Gotcha: Aggressive liveness probe kills slow starters. Use startup probe or initialDelaySeconds.
23. Describe the Kubernetes API versioning strategy.
Show answer
* API Versioning Strategy: Kubernetes follows a versioning scheme for its API to maintain compatibility and introduce new features.* API versions are structured as "group/version."
* For example, "v1" represents the stable core API, while "apps/v1" may represent a group-specific version for certain resources.
* The versioning strategy allows Kubernetes to introduce enhancements without breaking existing deployments.
* It provides stability for core resources while enabling extensions and improvements through versioned groups.
Remember: Use `kubectl explain
24. Explain the purpose of kubelet in the Kubernetes cluster.
Show answer
The kubelet is a node agent that runs on each node in a Kubernetes cluster and is responsible for ensuring that containers are running in a Pod as expected. It interacts with the container runtime (e.g., Docker) to manage the containers and communicates with the master node to receive pod specifications and report the status of pods.**Key responsibilities of the kubelet include:**
* Pod Lifecycle Management: Ensures that the containers within a pod are running and healthy.
Remember: kubelet = node agent. Takes PodSpecs, ensures containers are running and healthy.
Under the hood: kubelet talks to container runtime (containerd, CRI-O) via CRI interface.
25. True or False? By default there is no communication between two Pods in two different namespaces
Show answer
False. By default two Pods in two different namespaces are able to communicate with each other.Try it for yourself:
kubectl run test-prod -n prod --image ubuntu -- sleep 2000000000
kubectl run test-dev -n dev --image ubuntu -- sleep 2000000000
`k describe po test-prod -n prod` to get the IP of test-prod Pod.
Access dev Pod: `kubectl exec --stdin --tty test-dev -n dev -- /bin/bash`
And ping the IP of test-prod Pod you get earlier.You'll see that there is communication between the two pods, in two separate namespaces.
26. Discuss the role of the kubelet in the node's container runtime.
Show answer
* kubelet Role: The kubelet is an agent that runs on each node in the cluster.* It is responsible for managing and maintaining the state of pods on the node.
* kubelet interacts with the container runtime (e.g., Docker, containerd) to start, stop, and monitor containers.
* kubelet is a critical component in the Kubernetes node. It communicates with the control plane, ensuring that containers defined in pods are running and healthy.
* It works in tandem with the container runtime to execute the desired state of the pod.
27. Explain the concept of Labels and Selectors in Kubernetes.
Show answer
**Labels:**• Key-value pairs attached to objects (e.g., pods, nodes, services) in Kubernetes.
• Used to organize and categorize objects based on arbitrary attributes.
• Provide metadata that can be queried to select and filter objects.
**Selectors:**
• Queries based on labels used to filter and match objects in Kubernetes.
• Allow for the creation of groups of objects based on common attributes.
• Used in various contexts, such as selecting pods for services or ReplicaSets.
Example: `kubectl get pods -l app=web,tier=frontend` — match both labels.
Remember: Labels = sticky notes. Selectors = search queries. Services use selectors to find pods.
28. Why etcd? Why not some SQL or NoSQL database?
Show answer
When chosen as the data store etcd was (and still is of course):* Highly Available - you can deploy multiple nodes
* Fully Replicated - any node in etcd cluster is "primary" node and has full access to the data
* Consistent - reads return latest data
* Secured - supports both TLS and SSL
* Speed - high performance data store (10k writes per sec!)
Remember: etcd is the cluster's "brain" — all state lives here. Back up with `etcdctl snapshot save`.
Fun fact: etcd uses Raft consensus. 3 nodes tolerate 1 failure; 5 tolerate 2.
29. What are Kubernetes labels and how are they used?
Show answer
[Kubernetes.io](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/): "Labels are key/value pairs that are attached to objects, such as pods. Labels are intended to be used to specify identifying attributes of objects that are meaningful and relevant to users, but do not directly imply semantics to the core system. Labels can be used to organize and to select subsets of objects. Labels can be attached to objects at creation time and subsequently added and modified at any time. Each object can have a set of key/value labels defined. Each Key must be unique for a given object."30. Explain the concept of Namespaces in Kubernetes.
Show answer
* Namespaces:* Virtual clusters within a physical cluster, providing a way to partition resources.
* Used to organize and scope objects, preventing naming conflicts.
* Enable the isolation of resources, making it easier to manage and share clusters.
Namespaces allow multiple teams or applications to coexist within a shared Kubernetes cluster without interfering with each other. They provide a logical separation of resources, such as pods, services, and storage, making it possible to create isolated environments within a single physical cluster.
31. What is the difference between liveness and readiness probes in Kubernetes?
Show answer
Both are health check mechanisms, but they serve different purposes:Liveness Probe:
- Determines if the container is running
- If it fails, kubelet kills the container and restarts it
- Use case: Detect deadlocks, unresponsive applications
- "Is the application alive?"
Readiness Probe:
- Determines if the container is ready to receive traffic
- If it fails, Pod is removed from Service endpoints
- Container is NOT restarted
- Use case: Waiting for dependencies, warming caches
- "Is the application ready to serve requests?"
Best practices:
- Liveness: Simple check, shouldn't depend on external services
- Readiness: Can include dependency checks
- Don't make liveness check the same as readiness
- Set appropriate initialDelaySeconds for slow-starting apps