This is a quiz about containers, Docker, and Kubernetes -- but mostly about Kubernetes. You can test yourself before a job interview. You may also want to see this list of Kubernetes books.
1. cgroups govern which of the following resources (choose all that apply)?
a. CPU
b. Namespaces
c. Memory
d. Disk I/O rates
Answer: A, C, and D. Source: Page 157 of Docker Up & Running, First Edition, by Matthias and Kane. The second edition can be purchased here.
2. What does the Docker cache do?
a. It makes containers start up and be fully functional from a stopped state more rapidly.
b. It makes pulling an image from a repository happen more rapidly.
c. It makes the creation of an image from a Dockerfile more rapidly.
d. It enables Docker Swarm to integrate with Kubernetes.
Answer: C. Source: https://thenewstack.io/understanding-the-docker-cache-for-faster-builds/
3. What type of logging solution underlies Kubernetes default centralized capabilities?
a. LogStash via Elastic Stack
b. The EFK stack (ElasticSearch, FluentD, and Kibana)
c. Open source Splunk
d. Syslog
e. None of the above, Kubernetes has no centralized logging by default.
Answer: E. Page 501 of Kubernetes in Action by Marko Luksa
4. What does the docker inspect command analyze?
a. Containers.
b. Images.
c. Docker networks.
d. All of the above.
Answer: D. Source man docker inspect from a server with Docker installed.
5. What are three (of the six) types of resources that are namespaced via a Docker container?
Answer: Any of three of these six are acceptable: Mount, UTS (Unix Timesharing System), IPC, PID, network, and user. Source pages 161 and 162 of Docker Up & Running, First Edition by Karl Matthias and Sean Kane. The second edition can be purchased here.
6. Using a kubectl command, can you list individual containers?
Yes
No
Answer: No. According to page 43 of Kubernetes in Action, you can only list "standalone Kubernetes objects." Containers are not necessarily Kubernetes objects.
7. Which of the following is the primary function of the Kubernetes scheduler?
a. Sets a trigger based on resource utilization for a Kubernetes event to happen.
b. Sets a trigger based on time for a Kubernetes event to happen.
c. To allocates a pod on a given worker node.
d. Prioritizes the maintenance of the controller manager according to the time of day.
Answer: C. The scheduler is defined as allocating a pod on a worker node according to page 44 of Kubernetes in Action.
8. How does the Kubelet authenticate with Kubernetes to govern the worker node and ensure it is part of the Kubernetes cluster?
a. Using secrets it authenticates with the Controller Manager.
b. etcd must be configured directly without the API server, and etcd must have the node's configuration information for a worker node to work.
c. The Kubelet contacts the control plane and the scheduler will accept or reject the node.
d. Initially the Kubelet registers with the API server to create a "node" resource.
Answer: C. Page 326 of Kubernetes in Action by Marko Luksa
9. What are the two things that the API server in the Kubernetes control plane does (choose one of the following letter options)?
a. Finds nodes with sufficient resources and assigns pods to such nodes.
b. Manages replications of pods by increasing them during a scale out and decreasing them when scaling in.
c. Ensure no resource starvation happens for a given cluster and manages the Deployment API object.
d. Stores resources in etcd and notifies clients about the change.
e. Listens to the Kubernetes service proxy and manages affinity/anti-affinity rules.
Answer: D. Page 321 of Kubernetes in Action by Luksa.
10. What is the Kubernetes Service Proxy? Choose two.
a. A distributed key-value data store.
b. kube-proxy, one of three components that comprise a worker node (the others being a container runtime and kubelet).
c. The part of the control plane that performs cluster-level functions such as replication.
d. Something that load-balances network traffic between application components.
e. An HTTP endpoint for Services that do not require a fixed IP address.
f. An HTTP endpoint for Services that do not require port 443.
Answer: B and D. Page 19 of Kubernetes in Action by Luksa.
11. What is the kube-proxy? Choose two.
a. It acts as a proxy-like endpoint for a website that is powered by a Kubernetes cluster to allow for external traffic to be routed to the Pods.
b. It exists on the worker node and routes internal traffic destined for Kubernetes endpoints to one or more Pods on a given worker node.
c. It controls the container runtime on the node.
d. It exists on the control plane and routes internal traffic destined for Kubernetes endpoints to one or more Pods on a given worker node.
e. The Kubernetes Service Proxy.
Answer: B and E. Page 19 and 327 of Kubernetes in Action by Luksa.
12. What is a label selector in Kubernetes?
a. a pod label selector
b. a node label selector
c. Something used by kubectl to list a subset of pods.
d. Something used by Kubernetes internally to list a subset of pods.
e. It is something that is defined in a .yaml file (e.g., for use in a command such as "kubectl create -f foobar.yaml").
f. Something the can be combined for composite criteria (e.g., type1=alpha,type2=financialapp) when selecting pods.
g. All of the above
h. none of the above
Answer: G. Source: Pages 72 through 74 of Kubernetes in Action by Marko Luksa. (Via an online conversation with an expert, we determined A and B were both label selectors.)
13. What creates the pods on the nodes when a Deployment Controller attempts to converge system resources toward a desired state?
a. Deployment Manager
b. The Kubelet
c. The Replication Manager
d. The Node Controller
e. The Scheduler
f. None of the above
Answer: B. Source: The middle of page 319 of Kubernetes in Action by Luksa provides the answer. The top of page 324 of Kubernetes in Action by Luksa has additional context.
14. Stateful containers and the StatefulSet Controller deal with which of the following?
a. Stateful containers and StatefulSet Controller do not exist; containers are ephemeral.
b. Ensuring each atomic process of a container is related to the previous process (e.g., to prevent a container breakout).
c. Instantiating, managing, mounting, and/or writing to a persistent volume.
d. None of the above.
Answer: C. Source: Page 324 of Kubernetes in Action by Luksa.
15. What is a pod in Kubernetes?
a. A container
b. A container and etcd
c. A group of one or more closely related containers
d. The Docker host (the server that hosts containers)
e. None of the above
Answer: C. Source: "A pod is a group of one or more tightly related containers that will always run together on the same worker node and in the same Linux namespace(s)." This quote was taken from page 43 of Kubernetes in Action by Luksa.
16. What command in Kubernetes will list the pods (associated with the kubeconfig) on your server with kubectl?
a. kubectl describe pods
b. kubectl explain pods
c. kubectl get pods
d. kubectl list-cluster
e. kubectl list pods
Answer: C. kubectl get pods
17. What is the equivalent of the "man" page for Kubernetes services?
a. kubectl describe svc
b. kubectl help svc
c. kubectl man svc
d. kubectl explain svc
Answer: D. kubectl explain svc
18. How do you find out the IP address, the TCP/IP port and age of a given service that is running on your Kubernetes cluster?
a. kubectl describe svc
b. kubectl get resources
c. kubectl get rs
d. kubectl get svc
e. kubectl explain svc
Answer: A. kubectl describe svc
19. When a Kubernetes cluster supports a web application, how is routing done? ____________________________________________
Answer
The external traffic is destined for a host, and the underlying pod can be determined via the rules of a "spec" configured in an appropriate yaml of an ingress controller. A service (or an ingress) of a Kubernetes cluster and a worker node's kube-proxy are the primary components usually involved. (To learn more about the differences between a service and an ingress in Kubernetes, see this posting. An ambassador container could support the bypassing of the kube-proxy.) The service listens on a given socket. A service is not attached to a pod. The kube-proxy makes sure a request to an IP address and a port of a service is ultimately connected to a back-end pod. A taint on the node may make it ineligible for the kube-proxy to route traffic to a pod therein. A toleration in a pod may override the taint on the node. (The source of the previous two sentences is this page.) A readiness probe can set a complex set of parameters for a pod to be potentially ready or not to receive traffic; conditional logic can happen at the point of routing due to readiness probes. For a detailed explanation, see this posting.
20. What component of the Kubernetes control plane sends out the liveness probes to the pods?
a. The API server
b. The Controller Manager
c. etcd
d. The Scheduler
e. None of the above.
Answer: E. The kubelet (a component not in the control plane) sends out the liveness probe. The source is page 90 of Kubernetes in Action by Luksa.
21. What component of the Kubernetes control plane ultimately responds to failed liveness probes of containers?
a. The API server
b. The Controller Manager
c. etcd
d. The Scheduler
e. None of the above.
Answer: B. The Controller Manager. The source is page 90 of Kubernetes in Action by Luksa.
22. Which of the following are true in Kubernetes? Choose all that apply.
a. Taints are for nodes.
b. Taints are for pods.
c. Tolerations are for nodes.
d. Tolerations are for pods.
Answer: A and D. The source can be found here.
23. From which of the following can you create a Docker image?
a. a Dockerfile
b. a container
c. a .tar file
d. all of the above
e. none of the above
Answer: D. The sources of this answer are as follows:
- a. https://docs.docker.com/develop/develop-images/baseimages/
- b. https://stackoverflow.com/questions/48874167/publishing-container-to-quay-by-example
- c. A .tar file could be an image according to this https://www.thegeekdiary.com/how-to-create-docker-image-from-a-container-and-dockerfile/
24. How many Schedulers in the control plane can run in a working Kubernetes cluster? Choose the most accurate answer.
a. You must have exactly one Scheduler.
b. You can have no Schedulers or at most one Scheduler.
c. You can have one or two Schedulers for every master node.
d. You can have no Schedulers or several.
Answer: D. Page 321 of Kubernetes in Action.
25. Is there a difference between a pod specification and a manifest?
Answer: No. They are the both same as a pod template.
"Pod templates are pod specifications which are included in other objects, such as Replication Controllers, Jobs, and DaemonSets. Controllers use Pod Templates to make actual pods. The sample below is a simple manifest for a Pod which contains a container that prints a message." This previous quote and the code below this sentence were taken from https://kubernetes.io/docs/concepts/workloads/pods/pod-overview/.
apiVersion: v1
kind: Pod
metadata:
name: myapp-pod
labels:
app: myapp
spec:
containers:
- name: myapp-container
image: busybox
command: ['sh', '-c', 'echo Hello Kubernetes! && sleep 3600']26. Describe the lifecycle of a container.
_____________________________
Answer: Something along the lines of this would be an acceptable answer: Create container, run container, start container, stop container, restart container and/or destroy container.
27. How does Kubernetes do Service Discovery?
a. Via environment variables for the socket of the service.
b. Via DNS.
c. Both of the above.
d. Via kube-proxy
e. None of the above.
Answer: C. Source: fabric8.io.
28. Which of the following is the most recommended way to make the Kubernetes control plane highly available?
a. Have multiple masters with at least three Schedulers configured as the "--leader-elect" option.
b. Have multiple Controller Managers and one API server, one etcd instance and one scheduler.
c. Introduce a load balancer between the Kubelets and the API servers that serve multiple masters.
d. Currently you cannot because etcd needs to be one instance to serve the control plane.
Answer: C. Source: Page 342 of Kubernetes in Action.
29. In multi-master Kubernetes control planes, list the components (one or more) that do nothing until they are designated as a --leader-elect? Choose the most correct answer.
a. API Server
b. Controller Manager
c. etcd
d. Scheduler
e. a and b
f. b and c
g. a and c
h. b and d
i. None of the above.
Answer: H. Source: Page 343 of Kubernetes in Action.
30. What namespace(s) is (or are) there by default with Kubernetes?
a. default
b. docker
c. kube-system
d. kube-public
e. kube-proxy
f. a and b
g. a and e
h. a, c, and d
i. a through e
Answer: H. Source "…there are actually three namespaces that Kubernetes ships with: default, kube-system (used for Kubernetes components), and kube-public (used for public resources)." This quote was taken from https://cloud.google.com/blog/products/gcp/kubernetes-best-practices-organizing-with-namespaces
31. What is a Kubernetes operator?
a. A Kubernetes systems administrator.
b. A given application running in Kubernetes that is using container services.
c. The underlying server(s) of a Kubernetes cluster.
d. A user permission in the Kubernetes control plane.
e. A method or pattern in the form of a program that automates Kubernetes procedures that are normally handled by a human.
Answer: E. The source of this answer is here https://kubernetes.io/docs/concepts/extend-kubernetes/operator/. "An Operator is a method of packaging, deploying and managing a Kubernetes application." (This quote was taken from https://coreos.com/operators/.)
Operators are considered patterns according to the following sources:
- https://kubernetes.io/docs/concepts/extend-kubernetes/operator/
- https://thenewstack.io/kubernetes-when-to-use-and-when-to-avoid-the-operator-pattern/
- https://www.bmc.com/blogs/kubernetes-operator/
To learn about the operator framework to use operators, see https://github.com/operator-framework or https://operatorframework.io/.
32. What is a difference between a readiness probe and a liveness probe?
a. A readiness probe is sent from the kubelet telling the control plane what affinity it should have for sending pods to the worker node. A liveness probe is sent from the kubelet telling the control plane it is merely available. The readiness probe provides more information.
b. A readiness probe is for deployment sets whereas a liveness probe is for the controller manager.
c. A liveness probe is for deployment sets whereas a readiness probe is for the controller manager.
d. Liveness probes are for potentially restarting containers whereas readiness probes are for signaling that a pod is ready for traffic.
e. Readiness probes are from pods and liveness pods are from nodes.
f. Liveness probes are from pods and readiness pods are from nodes.
g. Liveness probes are from the control plane and readiness probes are from the nodes.
Answer: D. The source of this answer is Kubernetes.io. For more information, see this internal posting.
33. What is a startup probe in Kubernetes?
a. It is sent from the control plane to start a container application.
b. It is sent from the pod to the control plane to initiate a scale out process.
c. It is a configurable setting to signal that a container application has started running and will prevent liveness and readiness probes from working until the container has started.
d. None of the above.
Answer: C. The source of this answer is Kubernetes.io.
34. The Scheduler in the control plane governs future or current pod allocations in the worker nodes?
a. Current
b. Future
c. Both
d. Neither
Answer: A. This was taken from page 44 of Kubernetes in Action.
35. What are Kubernetes Admission Controllers?
a. A component of the control plane to authenticate a worker node to join a Kubernetes cluster.
b. An optional component of the kubelet to authenticate a worker node to be part of a Kubernetes cluster.
c. They are synonymous with Admission Control plugins, and they enforce sophisticated security.
d. A feature of the controller manager to authorize users to connect to the Kubernetes cluster.
Answer: C. Source: https://kubernetes.io/blog/2019/03/21/a-guide-to-kubernetes-admission-controllers/
36. How do you bypass admission control plugins? Choose the best answer.
a. Run a command like this: kube-apiserver --disable-admission-plugins=PodNodeSelector,AlwaysDeny …
b. Use read-only client/HTTP requests to the API server (as opposed to creating pods, pulling images, or modifying a cluster)
c. a and b
d. None of the above, but it is possible.
e. None of the above; it is not possible to bypass admission control plugins.
Answer: C. For A (and B), the source is this: https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/. For B, the source is this: According to page 317 of Kubernetes in Action, these Admission Control plugins are bypassed when a client requests to read something. Modifications to pods, creating or deleting pods or pulling images would not be considered read-only requests.
37. How many ServiceAccounts can a pod be associated with?
a. None, pods do not use ServiceAccounts.
b. Zero or one.
c. One.
d. Two.
e. An infinite number
Answer: C. Source: Page 349 of Kubernetes in Action.
38. What is a ServiceAccount?
a. An account that lives solely in the control plane to maintain cluster-level resources.
b. A non-user account that runs in the Kubelet to authenticate to the Scheduler.
c. A non-user account that runs in the Kubelet to authenticate to the Controller Manager.
d. A way for an application running inside a pod to authenticate with the API server.
Answer: D. Source: Page 348 of Kubernetes in Action.
39. Which of the following types of services can help make a service externally accessible? Choose all that apply.
a. ClusterIP
b. LoadBalancer
c. NodePort
d. Ingress
e. None of the above.
Answer: B, C, and D. B and C according to page 135 of Kubernetes in Action. For D, an HTTP/HTTPS service can be exposed by an ingress according to this website. To learn why A is incorrect, see this https://kubernetes.io/docs/concepts/services-networking/service/
40. Every controller does which of the following?
a. Communicates with other controllers
b. Wait for the API server to indicate a change must be made
c. Manipulates pod API objects to make changes
d. All of the above
e. Both a and b
f. Both b and c
g. None of the above
Answer: F. For B, see page 322 of Kubernetes in Action. For C, see page 324 of Kubernetes in Action. For why A is not correct, see page 322 of Kubernetes in Action.
41. What are some discrete components that the API server interacts with directly? Choose all that apply.
a. kube-proxy
b. The kubelet on worker notes
c. The ReplicaSet controller
d. The DaemonSet Controller
e. etcd
f. Scheduler
g. The Endpoints controller
h. The Persistent Volume controller
i. A server with the kubectl command
Answer: A, B, E, F and I. Source: Pages 18 (for a), 318 (for b, e, and i), 319 (for f), 321 (c, d), 322 (for g, h) of Kubernetes in Action.
42. RoleBindings and ClusterRoleBindings bind Roles and ClusterRoles for which of the following?
a. Users
b. Groups
c. ServiceAccounts
d. All of the above
e. None of the above
Answer: D. Source: Page 374 of Kubernetes in Action.
43. True or False? The API server does nothing but store resources in etcd and inform clients about this process after it happens.
True
False
Source: True. Page 321 of Kubernetes in Action.
44. Which are valid types of readiness probes? Choose three.
a. a service probe
b. an HTTP GET probe
c. a TCP Socket probe
d. a liveness probe
e. an ICMP probe
f. a process listening probe
g. an Exec probe
Answer: B, C, and G. Source: Page 150 of Kubernetes in Action.
45. In open source Kubernetes, a namespace, a cluster, and a user are associated with each other with which of the following?
a. project
b. context
c. etcd
d. kubelet
e. kube-proxy
f. none of the above
Answer: B. Source is https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-access-for-kubectl. The reason it is not A is that projects are part of OpenShift.
46. Network communication between Pods happens because of which of the following?
a. Container Network Interface plugin
b. NAT
c. the kubelet
d. all of the above
e. none of the above
Answer: A. Source page 335 of Kubernetes in Action. Flannel, Calico, Romana, and Weave-net are examples of CNI plugins according to Kubernetes.io.
47. How is the PodDisruptionBudget different from the maxUnavailable setting?
a. The PodDisruptionBudget is a setting in GKE associated with a low cost tier whereas the maxUnavailable is a GKE setting associated with a fixed service level agreement with GCP.
b. The PodDisruptionBudget is a setting in EKS associated with a low cost tier whereas the maxUnavailable is a EKS setting associated with a fixed service level agreement with AWS.
c. The PodDisruptionBudget setting is a subsetting parameter for a deployment "strategy" to keep available old pods during the deployment whereas the maxUnavailable involves pods remaining available when pods are evacuating nodes.
d. The maxUnavailable setting is a subsetting parameter for a deployment "strategy" to keep available old pods during the deployment whereas the PodDisruptionBudget involves pods remaining available when pods are evacuating nodes.
Answer: D. Source Page 272 of Kubernetes in Action and the inside of back cover page, possibly considered page 595, of Kubernetes in Action.
48. How do you backout of a Kubernetes deployment named "foobar"?
a. Run "kubectl rollout undo deployment foobar"
b. Run "kubectl rollback deployment foobar"
c. Run "kubeadm revert foobar"
d. Run "kubectl backout foobar"
e. There is no supported way to do this.
Answer: A. Source 269 of Kubernetes in Action.
49. What is Kubernetes Cluster Federation?
a. A configuration that brings EKS, AKS, and GKE together to be seen as one Kubernetes cluster
b. A way of attaching multiple Kubernetes clusters in a coherent way
c. A cluster of Kubernetes clusters
d. A proprietary distribution of Kubernetes
e. a, b, c
f. none of the above
Answer: E. With a Federation API server and the Federation Controller Manager, and a dedicated kubectl client and a dedicated etcd instance, a Kubernetes Cluster Federation can manage the control planes of multiple Kubernetes clusters. For more information, see https://coreos.com/blog/kubernetes-cluster-federation.html
50. What pair of components handle DNS resolution in Kubernetes pods?
a. The kubelet and the Container Network Interface plugin
b. The kubelet and etcd
c. Label selectors and the Endpoint Controller
d. A pod's /etc/resolv.conf file and the kube-dns pod
e. None of the above.
Answer: D. Source: Page 129 of Kubernetes in Action.
51. What is Envoy?
a. Environment-specific configuration immutably placed into a container.
b. A communication bus and platform-agnostic data plane.
c. A container that adapts at run-time to specific configuration requests.
d. A container that has Quality-of-Service options unavailable in open source Kubernetes.
e. A sidecar container designed to have cached authentication with another service.
Answer: B. Source: What is Envoy in Kubernetes?
52. Which of the following are Quality of Service class designations for a Pod? Choose all that apply.
a. Available
b. BestEffort
c. NonPreemptive
d. Reserved
e. Shared
f. Guaranteed
g. Minimal
h. HighAvailable
i. Burstable
j. HighPriority
Answer: B, F, and I. For the source of this, see this external page. For more information, see https://www.replex.io/blog/everything-you-need-to-know-about-kubernetes-quality-of-service-qos-classes
53. On Kubernetes 1.11 or higher, when an existing PVC's size is requested to be enlarged, what happens by default (assuming there is space available)?
a. A new volume is created and the pre-existing one is destroyed.
b. A new volume is created and the pre-existing one remains.
c. The pre-existing one's size is expanded.
d. The request fails.
Answer: C. Source: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#expanding-persistent-volumes-claims
54. What kubectl command would you use to remove pods from a node before maintenance without making the node unschedulable?
a. kubectl evict
b. kubectl cordon
c. kubectl uncordon
d. kubectl drain
e. kubectl taint
f. kubectl taint all
Answer: D. Source: https://kubernetes.io/docs/tasks/administer-cluster/safely-drain-node/#use-kubectl-drain-to-remove-a-node-from-service
55. Name three verbs that the Kubernetes API server supports (e.g., /v1/api/dosomething).
________
________
________
Answer: Options include GET, CREATE, UPDATE, PATCH, DELETE and PROXY
Source: https://kubernetes.io/docs/reference/using-api/api-concepts/#single-resource-api
56. Name three different distributions of Kubernetes.
_______________
_______________
_______________
Answer: Here are several possible options:
Azure Kubernetes Service (AKS, Microsoft's Kubernetes-as-a-Service)
Canonical Distribution of Kubernetes
Elastic Kubernetes Service (EKS, Amazon's Kubernetes-as-a-Service)
Google Kubernetes Engine (GKE, Google's Kubernetes-as-a-Service)
Heptio Kubernetes Subscription
Kotena Pharos
Minikube
open-source Kubernetes
OpenShift
Pivotal Kubernetes Service (owned by VMware)
Rancher 2.x
SUSE Container as a Service Platform
Gravity
57. What is a service mesh?
______________________________________________
Answer: An optional component of Kubernetes that provides more features or better security. For more details, see this posting.
58. Name three different service meshes for K8S.
________________________
________________________
________________________
Answer: Any of these are acceptable:
AWS App Mesh
Consul Connect
Kuma
Istio
Linkerd
OpenShift Service Mesh
VMware Tanzu Service Mesh (formerly VMware NSX)
59. What is Ambassador in Kubernetes?
a. A type of sidecar container designed to facilitate connectivity to services outside the Kubernetes cluster
b. A type of sidecar container designed to facilitate connectivity to services inside Kubernetes cluster
c. An ingress controller based on Swarm
d. An ingress controller based on Envoy
e. A technology that facilitates sending traffic directly to pods and bypassing kube-proxy
f. a and c
g. a and d
h. b and c
i. b and d
j. a, c and e
k. a, d and e
l. b, c and e
m. b, d and e
n. None of the above.
Answer: K.
For A, see page 139 of Kubernetes Patterns by Bilgin Ibryam and Roland Huß (O'Reilly). Copyright 2019 Bilgin Ibryam and Roland Huß, 978-1-492-05028-5.
For D, "Ambassador is an open-source Envoy-based ingress controller." taken from https://kubernetes.io/blog/2020/06/05/supporting-the-evolving-ingress-specification-in-kubernetes-1.18/#supporting-kubernetes-ingress
For E, see https://blog.getambassador.io/load-balancing-strategies-in-kubernetes-l4-round-robin-l7-round-robin-ring-hash-and-more-6a5b81595d6c
60. The concept of standing up the new pods simultaneously while all of the old pods are still running (and later dissolve the old pods) describes which pattern?
a. Rolling update
b. Blue/Green release
c. Canary release
d. Recreate strategy
e. Stand-up release
f. Fixed deployment
g. Standard update
Answer: B. Source: Page 30 of Kubernetes Patterns by Bilgin Ibryam and Roland Huß (O'Reilly). Copyright 2019 Bilgin Ibryam and Roland Huß, 978-1-492-05028-5.
61. Which of the following were influenced from the the Gang of Four Design Patterns book?
a. Kubernetes design patterns
b. Apache Camel's architecture and features
c. Both of the above
d. None of the above
Answer: C. Source for A is from page 4 of Kubernetes Patterns by Bilgin Ibryam and Roland Huß (O'Reilly). Copyright 2019 Bilgin Ibryam and Roland Huß, 978-1-492-05028-5. The source of B is https://camel.apache.org/manual/latest/book-getting-started.html. Camel is relevant to Kubernetes; for more information about this, see https://camel.apache.org/components/latest/kubernetes-summary.html
62. Which of the following is ideal for a kube-proxy or some cluster-wide operator such as a log collector?
a. DaemonSet
b. ReplicaSet
c. CronJob
d. Deployment
Answer: A. Source page 75 of Kubernetes Patterns by Bilgin Ibryam and Roland Huß (O'Reilly). Copyright 2019 Bilgin Ibryam and Roland Huß, 978-1-492-05028-5.
63. Which of the following is a way that will cause Kubernetes to scale out? Chose the most accurate response.
a. A "kubectl scale" command
b. A "kubectl create" command with .yaml that includes a properly configured YAML file (that uses a resource kind such as a deployment or replicaset to utilize more pods).
c. Automatically based on resource utilization
d. All of the above
e. a and b
f. a and c
g. b and c
h. none of the above
Answer: D. Source page 79 of Kubernetes Patterns by Bilgin Ibryam and Roland Huß (O'Reilly). Copyright 2019 Bilgin Ibryam and Roland Huß, 978-1-492-05028-5.
64. Which component of Kubernetes is responsible for deleting the persistent volumes so they can be recycled after a StatefulSet has been discarded?
a. the API server
b. the Kubelet
c. the Controller Manager
d. the Scheduler
e. None of the above
Answer: E. Persistent volumes are not automatically deleted or recycled. The source of this is pages 91 and 92 of Kubernetes Patterns by Bilgin Ibryam and Roland Huß (O'Reilly). Copyright 2019 Bilgin Ibryam and Roland Huß, 978-1-492-05028-5.
65. What is the rule syntax in a YAML file to prevent a Pod from running as root?
a. NoAllowPrivilegeEscalation
b. RootNotAllowed
c. MustRunAsNonRoot
d. RunAsNonRoot
Answer: C. Source https://kubernetes.io/blog/2018/07/18/11-ways-not-to-get-hacked/#8-run-containers-as-a-non-root-user
66. What is the difference between uncordon and taint?
a. uncordon marks a node as unschedulable (for any pod), but a taint marks a pod as unsuitable for certain nodes
b. uncordon marks a node as unsuitable for certain pods, but a taint marks a pod as unscheduable with certain nodes
c. uncordon marks a node as schedulable, but a taint marks a node as unsuitable for certain pods
d. None of the above.
Answer: C. Source: https://www.continualintegration.com/miscellaneous-articles/what-are-some-common-kubectl-commands/
67. What is a Docker tag? Choose the most correct answer.
a. A variety of meta data about a Docker container stored in the container file itself
b. A variety of meta data about a Docker image stored in the Docker image file or the Docker registry
c. A registry-wide unique identifier of a Docker image
d. A repository-wide unique identifier of a Docker image
e. All of the above
f. None of the above
Answer: D. Source https://www.freecodecamp.org/news/an-introduction-to-docker-tags-9b5395636c2a/
To understand the differences of a registry and a repository, see this posting.
68. To tag an image, you would run which of the following?
a. docker tag
b. docker build -t
c. docker build --tag
d. All of the above
e. None of the above
Answer: D. Sources:
https://docs.docker.com/engine/reference/commandline/tag/
https://docs.docker.com/engine/reference/commandline/build/
69. For a typical Kubernetes deployment, what components of a worker node typically interact with which component of the Control Plane? Choose 2, 3, or 4, but also choose the most accurate combination.
a. For the worker node, the kubelet
b. For the worker node, the kube-proxy
c. For the worker node, the Container Runtime
d. For the Control Plane, the API server
e. For the Control Plane, the Scheduler
f. For the Control Plane, the Controller Manager
g. For the control plane, etcd
Answer: A, B, and D. Source: Page 18 of Kubernetes in Action by Marko Luksa.
70. What type of logging solution underlies Kubernetes' built-in ability to monitor individual containers and the node itself?
a. Heapster
b. cAdvisor from inside kube-proxy
c. cAdvisor from inside the Kubelet
d. cAdvisor on the node from outside the Kubelet
e. cAdvisor inside the container runtime
f. the Kubelet
Answer: C. Source: https://www.cloudforecast.io/blog/cadvisor-and-kubernetes-monitoring-guide/
See also page 430 of Kubernetes in Action by Marko Luksa.
Heapster is not correct because it is obsolete; see https://github.com/kubernetes-retired/heapster for more information.
71. What are valid types of taints?
a. NoSchedule
b. PreferNoSchedule
c. NoExecute
d. A and B
e. B and C
f. A and C
g. All of the above
h. None of the above; there is only one valid taint.
i. None of the above; the other types are not listed
Answer: G. Source: https://medium.com/kubernetes-tutorials/making-sense-of-taints-and-tolerations-in-kubernetes-446e75010f4e
See also page 460 of Kubernetes in Action.
72. How many etcd nodes is it recommended for the production implementation of the Kubernetes cluster?
a. 1
b. 3
c. 5
d. 6
Answer: C. Source: https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/
73. What is the difference between a pod and a container?
___________________________________________
Answer: A container is not necessarily a pod. A pod is one or more containers.
Pods are the smallest deployable units of computing that you can create and manage in Kubernetes. A Pod (as in a pod of whales or pea pod) is a group of one or more containers, with shared storage and network resources, and a specification for how to run the containers.
Taken from https://kubernetes.io/docs/concepts/workloads/pods/
You may want to buy a Kubernetes book.