Kubernetes Quiz

This is a quiz about containers, Docker, and Kubernetes -- but mostly about Kubernetes. You can test yourself before a job interview. You may also want to see this list of Kubernetes books.

1. cgroups govern which of the following resources (choose all that apply)?

a. CPU
b. Namespaces
c. Memory
d. Disk I/O rates

2. What does the Docker cache do?

a. It makes containers start up and be fully functional from a stopped state more rapidly.
b. It makes pulling an image from a repository happen more rapidly.
c. It makes the creation of an image from a Dockerfile more rapidly.
d. It enables Docker Swarm to integrate with Kubernetes.

3. What type of logging solution underlies Kubernetes default centralized capabilities?

a. LogStash via Elastic Stack
b. The EFK stack (ElasticSearch, FluentD, and Kibana)
c. Open source Splunk
d. Syslog
e. None of the above, Kubernetes has no centralized logging by default.

4. What does the docker inspect command analyze?

a. Containers.
b. Images.
c. Docker networks.
d. All of the above.

5. What are three (of the six) types of resources that are namespaced via a Docker container?




6. Using a kubectl command, can you list individual containers?

Yes
No

7. Which of the following is the primary function of the Kubernetes scheduler?

a. Sets a trigger based on resource utilization for a Kubernetes event to happen.
b. Sets a trigger based on time for a Kubernetes event to happen.
c. To allocate a pod on a given worker node.
d. Prioritizes the maintenance of the controller manager according to the time of day.

8. How does the Kubelet authenticate with Kubernetes to govern the worker node and ensure it is part of the Kubernetes cluster?

a. Using secrets it authenticates with the Controller Manager.
b. etcd must be configured directly without the API server, and etcd must have the node's configuration information for a worker node to work.
c. The Kubelet contacts the control plane and the scheduler will accept or reject the node.
d. Initially the Kubelet registers with the API server to create a "node" resource.

9. What are the two things that the API server in the Kubernetes control plane does (choose one of the following letter options)?

a. Finds nodes with sufficient resources and assigns pods to such nodes.
b. Manages replications of pods by increasing them during a scale out and decreasing them when scaling in.
c. Ensure no resource starvation happens for a given cluster and manages the Deployment API object.
d. Stores resources in etcd and notifies clients about the change.
e. Listens to the Kubernetes service proxy and manages affinity/anti-affinity rules.

10. What is the Kubernetes Service Proxy? Choose two.

a. A distributed key-value data store.
b. kube-proxy, one of three components that comprise a worker node (the others being a container runtime and kubelet).
c. The part of the control plane that performs cluster-level functions such as replication.
d. Something that load-balances network traffic between application components.
e. An HTTP endpoint for Services that do not require a fixed IP address.
f. An HTTP endpoint for Services that do not require port 443.

11. What is the kube-proxy? Choose two.

a. It acts as a proxy-like endpoint for a website that is powered by a Kubernetes cluster to allow for external traffic to be routed to the Pods.
b. It exists on the worker node and routes internal traffic destined for Kubernetes endpoints to one or more Pods on a given worker node.
c. It controls the container runtime on the node.
d. It exists on the control plane and routes internal traffic destined for Kubernetes endpoints to one or more Pods on a given worker node.
e. The Kubernetes Service Proxy.

12. What is a label selector in Kubernetes?

a. a pod label selector
b. a node label selector
c. Something used by kubectl to list a subset of pods.
d. Something used by Kubernetes internally to list a subset of pods.
e. It is something that is defined in a .yaml file (e.g., for use in a command such as "kubectl create -f foobar.yaml").
f. Something the can be combined for composite criteria (e.g., type1=alpha,type2=financialapp) when selecting pods.
g. All of the above
h. none of the above

13. What creates the pods on the nodes when a Deployment Controller attempts to converge system resources toward a desired state?

a. Deployment Manager
b. The Kubelet
c. The Replication Manager
d. The Node Controller
e. The Scheduler
f. None of the above

14. Stateful containers and the StatefulSet Controller deal with which of the following?

a. Stateful containers and StatefulSet Controller do not exist; containers are ephemeral.
b. Ensuring each atomic process of a container is related to the previous process (e.g., to prevent a container breakout).
c. Instantiating, managing, mounting, and/or writing to a persistent volume.
d. None of the above.

15. What is a pod in Kubernetes?

a. A container
b. A container and etcd
c. A group of one or more closely related containers
d. The Docker host (the server that hosts containers)
e. None of the above

16. What command in Kubernetes will list the pods (associated with the kubeconfig) on your server with kubectl?

a. kubectl describe pods
b. kubectl explain pods
c. kubectl get pods
d. kubectl list-cluster
e. kubectl list pods

17. What is the equivalent of the "man" page for Kubernetes services?

a. kubectl describe svc
b. kubectl help svc
c. kubectl man svc
d. kubectl explain svc

18. How do you find out the IP address, the TCP/IP port and age of a given service that is running on your Kubernetes cluster?

a. kubectl describe svc
b. kubectl get resources
c. kubectl get rs
d. kubectl get svc
e. kubectl explain svc

19. When a Kubernetes cluster supports a web application, how is routing done? ____________________________________________

20. What component of the Kubernetes control plane sends out the liveness probes to the pods?

a. The API server
b. The Controller Manager
c. etcd
d. The Scheduler
e. None of the above.

21. What component of the Kubernetes control plane ultimately responds to failed liveness probes of containers?

a. The API server
b. The Controller Manager
c. etcd
d. The Scheduler
e. None of the above.

22. Which of the following are true in Kubernetes? Choose all that apply.

a. Taints are for nodes.
b. Taints are for pods.
c. Tolerations are for nodes.
d. Tolerations are for pods.

23. From which of the following can you create a Docker image?

a. a Dockerfile
b. a container
c. a .tar file
d. all of the above
e. none of the above

24. How many Schedulers in the control plane can run in a working Kubernetes cluster? Choose the most accurate answer.

a. You must have exactly one Scheduler.
b. You can have no Schedulers or at most one Scheduler.
c. You can have one or two Schedulers for every master node.
d. You can have no Schedulers or several.

25. Is there a difference between a pod specification and a manifest?

Yes or No?

26. Describe the lifecycle of a container.

______________________________________

27. How does Kubernetes do Service Discovery?

a. Via environment variables for the socket of the service.
b. Via DNS.
c. Both of the above.
d. Via kube-proxy
e. None of the above.

28. Which of the following is the most recommended way to make the Kubernetes control plane highly available?

a. Have multiple masters with at least three Schedulers configured as the "--leader-elect" option.
b. Have multiple Controller Managers and one API server, one etcd instance and one scheduler.
c. Introduce a load balancer between the Kubelets and the API servers that serve multiple masters.
d. Currently you cannot because etcd needs to be one instance to serve the control plane.

29. In multi-master Kubernetes control planes, list the components (one or more) that do nothing until they are designated as a --leader-elect? Choose the most correct answer.

a. API Server
b. Controller Manager
c. etcd
d. Scheduler
e. a and b
f. b and c
g. a and c
h. b and d
i. None of the above.

30. What namespace(s) is (or are) there by default with Kubernetes?

a. default
b. docker
c. kube-system
d. kube-public
e. kube-proxy
f. a and b
g. a and e
h. a, c, and d
i. a through e

31. What is a Kubernetes operator?

a. A Kubernetes systems administrator.
b. A given application running in Kubernetes that is using container services.
c. The underlying server(s) of a Kubernetes cluster.
d. A user permission in the Kubernetes control plane.
e. A method or pattern in the form of a program that automates Kubernetes procedures that are normally handled by a human.

32. What is a difference between a readiness probe and a liveness probe?

a. A readiness probe is sent from the kubelet telling the control plane what affinity it should have for sending pods to the worker node. A liveness probe is sent from the kubelet telling the control plane it is merely available. The readiness probe provides more information.
b. A readiness probe is for deployment sets whereas a liveness probe is for the controller manager.
c. A liveness probe is for deployment sets whereas a readiness probe is for the controller manager.
d. Liveness probes are for potentially restarting containers whereas readiness probes are for signaling that a pod is ready for traffic.
e. Readiness probes are from pods and liveness pods are from nodes.
f. Liveness probes are from pods and readiness pods are from nodes.
g. Liveness probes are from the control plane and readiness probes are from the nodes.

33. What is a startup probe in Kubernetes?

a. It is sent from the control plane to start a container application.
b. It is sent from the pod to the control plane to initiate a scale out process.
c. It is a configurable setting to signal that a container application has started running and will prevent liveness and readiness probes from working until the container has started.
d. None of the above.

34. The Scheduler in the control plane governs future or current pod allocations in the worker nodes?

a. Current
b. Future
c. Both
d. Neither

35. What are Kubernetes Admission Controllers?

a. A component of the control plane to authenticate a worker node to join a Kubernetes cluster.
b. An optional component of the kubelet to authenticate a worker node to be part of a Kubernetes cluster.
c. They are synonymous with Admission Control plugins, and they enforce sophisticated security.
d. A feature of the controller manager to authorize users to connect to the Kubernetes cluster.

36. How do you bypass admission control plugins?

a. Run a command like this: kube-apiserver --disable-admission-plugins=PodNodeSelector,AlwaysDeny …
b. Use read-only client/HTTP requests to the API server (as opposed to creating pods, pulling images, or modifying a cluster)
c. a and b
d. None of the above, but it is possible.
e. None of the above; it is not possible to bypass admission control plugins.

37. How many ServiceAccounts can a pod be associated with?

a. None, pods do not use ServiceAccounts.
b. Zero or one.
c. One.
d. Two.
e. An infinite number

38. What is a ServiceAccount?

a. An account that lives solely in the control plane to maintain cluster-level resources.
b. A non-user account that runs in the Kubelet to authenticate to the Scheduler.
c. A non-user account that runs in the Kubelet to authenticate to the Controller Manager.
d. A way for an application running inside a pod to authenticate with the API server.

39. Which of the following types of services can help make a service externally accessible? Choose all that apply.

a. ClusterIP
b. LoadBalancer
c. NodePort
d. Ingress
e. None of the above.

40. Every controller does which of the following?

a. Communicates with other controllers
b. Wait for the API server to indicate a change must be made
c. Manipulates pod API objects to make changes
d. All of the above
e. Both a and b
f. Both b and c
g. None of the above

41. What are some discrete components that the API server interacts with directly? Choose all that apply.

a. kube-proxy
b. The kubelet on worker notes
c. The ReplicaSet controller
d. The DaemonSet Controller
e. etcd
f. Scheduler
g. The Endpoints controller
h. The Persistent Volume controller
i. A server with the kubectl command

42. RoleBindings and ClusterRoleBindings bind Roles and ClusterRoles for which of the following?

a. Users
b. Groups
c. ServiceAccounts
d. All of the above
e. None of the above

43. True or False? The API server does nothing but store resources in etcd and inform clients about this process after it happens.

True
False

44. Which are valid types of readiness probes? Choose three.

a. a service probe
b. an HTTP GET probe
c. a TCP Socket probe
d. a liveness probe
e. an ICMP probe
f. a process listening probe
g. an Exec probe

45. In open source Kubernetes, a namespace, a cluster, and a user are associated with each other with which of the following?

a. project
b. context
c. etcd
d. kubelet
e. kube-proxy
f. none of the above

46. Network communication between Pods happens because of which of the following?

a. Container Network Interface plugin
b. NAT
c. the kubelet
d. all of the above
e. none of the above

47. How is the PodDisruptionBudget different from the maxUnavailable setting?

a. The PodDisruptionBudget is a setting in GKE associated with a low cost tier whereas the maxUnavailable is a GKE setting associated with a fixed service level agreement with GCP.
b. The PodDisruptionBudget is a setting in EKS associated with a low cost tier whereas the maxUnavailable is a EKS setting associated with a fixed service level agreement with AWS.
c. The PodDisruptionBudget setting is a subsetting parameter for a deployment "strategy" to keep available old pods during the deployment whereas the maxUnavailable involves pods remaining available when pods are evacuating nodes.
d. The maxUnavailable setting is a subsetting parameter for a deployment "strategy" to keep available old pods during the deployment whereas the PodDisruptionBudget involves pods remaining available when pods are evacuating nodes.

48. How do you backout of a Kubernetes deployment named "foobar"?

a. Run "kubectl rollout undo deployment foobar"
b. Run "kubectl rollback deployment foobar"
c. Run "kubeadm revert foobar"
d. Run "kubectl backout foobar"
e. There is no supported way to do this.

49. What is Kubernetes Cluster Federation?

a. A configuration that brings EKS, AKS, and GKE together to be seen as one Kubernetes cluster
b. A way of attaching multiple Kubernetes clusters in a coherent way
c. A cluster of Kubernetes clusters
d. A proprietary distribution of Kubernetes
e. a, b, c
f. none of the above

50. What pair of components handle DNS resolution in Kubernetes pods?

a. The kubelet and the Container Network Interface plugin
b. The kubelet and etcd
c. Label selectors and the Endpoint Controller
d. A pod's /etc/resolv.conf file and the kube-dns pod
e. None of the above.

51. What is Envoy?

a. Environment-specific configuration immutably placed into a container.
b. A communication bus and platform-agnostic data plane.
c. A container that adapts at run-time to specific configuration requests.
d. A container that has Quality-of-Service options unavailable in open source Kubernetes.
e. A sidecar container designed to have cached authentication with another service.

52. Which of the following are Quality of Service class designations for a Pod? Choose all that apply.

a. Available
b. BestEffort
c. NonPreemptive
d. Reserved
e. Shared
f. Guaranteed
g. Minimal
h. HighAvailable
i. Burstable
j. HighPriority

53. On Kubernetes 1.11 or higher, when an existing PVC's size is requested to be enlarged, what happens by default (assuming there is space available)?

a. A new volume is created and the pre-existing one is destroyed.
b. A new volume is created and the pre-existing one remains.
c. The pre-existing one's size is expanded.
d. The request fails.

54. What kubectl command would you use to remove pods from a node before maintenance without making the node unschedulable?

a. kubectl evict
b. kubectl cordon
c. kubectl uncordon
d. kubectl drain
e. kubectl taint
f. kubectl taint all

55. Name three verbs that the Kubernetes API server supports (e.g., /v1/api/dosomething).
________
________
________

56. Name three different distributions of Kubernetes.
_______________
_______________
_______________

57. What is a service mesh?
______________________________________________

58. Name three different service meshes for K8S.
________________________
________________________
________________________

59. What is Ambassador in Kubernetes?

a. A type of sidecar container designed to facilitate connectivity to services outside the Kubernetes cluster
b. A type of sidecar container designed to facilitate connectivity to services inside Kubernetes cluster
c. An ingress controller based on Swarm
d. An ingress controller based on Envoy
e. A technology that facilitates sending traffic directly to pods and bypassing kube-proxy
f. a and c
g. a and d
h. b and c
i. b and d
j. a, c and e
k. a, d and e
l. b, c and e
m. b, d and e
n. None of the above.

60. The concept of standing up the new pods simultaneously while all of the old pods are still running (and later dissolve the old pods) describes which pattern?

a. Rolling update
b. Blue/Green release
c. Canary release
d. Recreate strategy
e. Stand-up release
f. Fixed deployment
g. Standard update

61. Which of the following were influenced from the the Gang of Four Design Patterns book?

a. Kubernetes design patterns
b. Apache Camel's architecture and features
c. Both of the above
d. None of the above

62. Which of the following is ideal for a kube-proxy or some cluster-wide operator such as a log collector?

a. DaemonSet
b. ReplicaSet
c. CronJob
d. Deployment

63. Which of the following is a way that will cause Kubernetes to scale out? Chose the most accurate response.

a. A "kubectl scale" command
b. A "kubectl create" command with .yaml that includes a properly configured YAML file (that uses a resource kind such as a deployment or replicaset to utilize more pods).
c. Automatically based on resource utilization
d. All of the above
e. a and b
f. a and c
g. b and c
h. none of the above

64. Which component of Kubernetes is responsible for deleting the persistent volumes so they can be recycled after a StatefulSet has been discarded?

a. the API server
b. the Kubelet
c. the Controller Manager
d. the Scheduler
e. None of the above

65. What is the rule syntax in a YAML file to prevent a Pod from running as root?

a. NoAllowPrivilegeEscalation
b. RootNotAllowed
c. MustRunAsNonRoot
d. RunAsNonRoot

66. What is the difference between uncordon and taint?

a. uncordon marks a node as unschedulable (for any pod), but a taint marks a pod as unsuitable for certain nodes
b. uncordon marks a node as unsuitable for certain pods, but a taint marks a pod as unscheduable with certain nodes
c. uncordon marks a node as schedulable, but a taint marks a pod as unsuitable for certain nodes
d. None of the above.

67. What is a Docker tag? Choose the most correct answer.

a. A variety of meta data about a Docker container stored in the container file itself
b. A variety of meta data about a Docker image stored in the Docker image file or the Docker registry
c. A registry-wide unique identifier of a Docker image
d. A repository-wide unique identifier of a Docker image
e. All of the above
f. None of the above

68. To tag an image, you would run which of the following?

a. docker tag
b. docker build -t
c. docker build --tag
d. All of the above
e. None of the above

69. For a typical Kubernetes deployment, what components of a worker node typically interact with which component of the Control Plane? Choose 2, 3, or 4, but also choose the most accurate combination.

a. For the worker node, the kubelet
b. For the worker node, the kube-proxy
c. For the worker node, the Container Runtime
d. For the Control Plane, the API server
e. For the Control Plane, the Scheduler
f. For the Control Plane, the Controller Manager
g. For the control plane, etcd

70. What type of logging solution underlies Kubernetes' built-in ability to monitor individual containers and the node itself?

a. Heapster
b. cAdvisor from inside kube-proxy
c. cAdvisor from inside the Kubelet
d. cAdvisor on the node from outside the Kubelet
e. cAdvisor inside the container runtime
f. the Kubelet

71. What are valid types of taints?

a. NoSchedule
b. PreferNoSchedule
c. NoExecute
d. A and B
e. B and C
f. A and C
g. All of the above
h. None of the above; there is only one valid taint.
i. None of the above; the other types are not listed

72. How many etcd nodes is it recommended for the production implementation of the Kubernetes cluster?

a. 1
b. 3
c. 5
d. 6

73. What is the difference between a pod and a container?
___________________________________________

You can find the answers to this quiz here.

Leave a comment

Your email address will not be published. Required fields are marked *