Kubernetes

Question 1

What is Kubernetes

Answer 1

Kubernetes is a software for containers management, which allows to automatize containers administration, monitoring, deployment and scaling of applications inside containers.
Kubernetes helps to make application always accessible, more suitable for operation under high load, and easily recoverable.
Its goal is to simplify deployment, autorecovery, autoscaling and traffic balancing.

// INFO
Container is isolated and portable software package, containing all required all components required to run certain applications in any environment

Question 2

What is structure of Kubernetes?

Answer 2

Kubernetes cluster consist of master node with replicas, and multiple worker nodes.

Master node purpose is to manage dependent nodes lifecycle and processes.
Master node consist of few parts:
- Api server
- Controller
- Scheduler
- Etcd storage

Question 3

What is Ingress in Kubernetes?

Answer 3

An Ingress is a set of rules within a Kubernetes cluster that determines how external traffic accesses services within the cluster.
It allows traffic to be routed to different services within the cluster based on host or path.

Ingress itself is just a config, it does nothing by itself. To make it work, there must be an Ingress Controller in cluster, what will set up proxy / balancer following rules described in config.
Controller itself can be as separate process (Nginx), as in-built in proxy (traefik)

Controller will route and balance traffic over required Services.

Question 4

What is Service in Kubernetes?

Answer 4

Service is an abstraction over group of pods, what provides single entry point for them. It balances incoming traffic over all pods, that match selector.

Question 5

What is kube-proxy?

Answer 5

This is node-local kubernetes process, that acts like a load balancer, distributing incoming traffic between pods.

Question 6

What is kubelet?

Answer 6

Kubelet is node-local controller, purpose of what is to manage pod deployment inside this node and check their status. If there is too many pods inside node - close some of them. If not enough - start new.

Question 7

What is StatefulSet in Kubernetes?

Answer 7

A StatefulSet is a type of Kubernetes controller designed for deploying stateful applications. It is used instead of a Deployment.
A StatefulSet provides non-random pod IDs that follow a predefined order.
It does not provide replication or data synchronization functionality by itself, this must be implemented separately.
A new pod is created with an index number of +1. When destroying excess pods, they are destroyed in the reverse order of their creation.
A new pod is empty and must be initialized, either within the container image running in the pod or using a special operator, such as Patroni.

Question 8

What is Deployment in Kuberentes?

Answer 8

Deployment is Kuberenetes resource, that provides automated control over application deployment of certain service, including version update and rollback.
This is abstraction over ReplicaSet. Difference is that Deployment also provides functionality for simple replacement of old pods with new pods with new version of certain resource.

Question 9

What is headless service in Kuberenetes?

Answer 9

Headless service is such service, that does not provide any in-built balancing and single entrypoint in form of virtual IP. Instead, it just provides list of IPs of inner pods.

Question 10

What is DaemonSet?

Answer 10

DaemonSet is a special controller, that runs one pod of certain type inside every node or node subset.
Usually, this functionality is used in order to run telemetry / logging / metrics agents.

Question 11

What is Helm?

Answer 11

Helm is Kubernetes package manager and template engine.
It packs separate manifests into chart, and helps to manage Kubernetes resources in cluster.

Question 12

What is Helm Chart?

Answer 12

Helm Chart is a package that contains information about application. That are manifest templates, files with default values, metadata and dependencies.
It is used to simplify process of kubernetes config development.

Question 13

What is Release?

Answer 13

Release is installed instance of Chart inside cluster.

Question 14

What is Value?

Answer 14

Value is configuration, set in .yaml file, that can be used as value inside templates.

Question 15

What is Template?

Answer 15

Template is a certain template of certain manifest inside Kubernetes. This template can use things like template values, dependencies etc, and then this template is compiled into Chart using Helm.

Question 16

What is difference between container and virtual machine?

Answer 16

Well… If to talk in general, both containers and virtual machines purpose is to virtualize certain enviroment, where we run certain processes.
In case of virtual machines, we virtualize everything, including operational system.
In case of containers, we virtualize only environment inside existing operational system.

Question 17

What is api-server?

Answer 17

This is a gateway between internal functional parts of master node and external world. All interaction with master node & interaction of internal master node parts with external entities is conducted through api server. External users can communicate with it using kubectl
This module watches worker nodes and notifies master node about changes.

Question 18

What is Kubernetes Controller Manager?

Answer 18

Internal part. Responsible for tracking current cluster state and bringing it to desired state through performing actions with worker nodes.
Intenally implements Deployment, ReplicaSet, StatefulSet, DaemonSet, Jobs, CronJobs controllers

Question 19

What is ETCD storage?

Answer 19

This is key-value database, what is used in order to store data that we can use in Kubernetes, for example settings & custom parameters.

Question 20

What is scheduler?

Answer 20

Scheduler is a component purpose of what is to distribute load between worker nodes. It constantly watches worker nodes resources and makes decision about node where new pod should be deployed.

Question 21

What is ReplicaSet?

Answer 21

ReplicaSet is a Kubernetes controller, purpose of what is to deploy certain number of pods inside Kubernetes cluster.

Question 22

What is Job?

Answer 22

Job is a Kubernetes resource, that represents single time task.
If task fails, Job will try to restart pod until success or timeout.
After task is successfully finished, Job is considered finished too, and newer runs in cluster again.

How job can be used? For example, in order to set up certain environment. Let’s say, that we want to set up CI/CD that way, that when we create a new branch in our project, then we create a new environment for testing. Job, this case, can be used in order to create and fill databases with all required information, for example.

Question 23

What is pod?

Answer 23

Pod is smallest Kubernetes entity, what runs containers inside. Can contain multiple containers.
Each pod has its own unique IP-address, and, optionally, dedicated disk volumes.

Question 24

What is CronJob?

Answer 24

CronJob is a Kubernetes resource that is used in order to run certain Job regularly. This can be used for almost anything: for deleting old entries from DB, for sending messages, or sth else.

Question 25

What is namespace?

Answer 25

Namespace is a thing that makes is possible to split single cluster into few virtual clusters, inside each of what applications can be grouped by certian criteria. Groups will be isolated from each other. Thanks to that, this is possible to create two applications with same name, but inside separate namespaces.

Question 26

How Kubernetes work with storages / disk?

Answer 26

When certain application needs storage space, Kubernetes allocates "volume", which is certain part of disk space. Volumes, allocated for stateless services, exist only while pod is alive, but for other cases, for example for databases, Persistent Volumes are used. Persistent Volume is storage unit, that don't depend on pod lifecycle. But pods don't interact with PV directly. They do this through PVC. PVC - Persistent Volume Claim - a claim to provide PV of certain characteristics: storage type, volume, access type (read / write). In order to describe PVC, storage classes are used.

Question 27

How to make an application, deployed in Kubernetes accessible from the internet?

Answer 27

In order to do this, this is neccessary to set up Service. That would be needed to set up ClusterIP, NodePort, LoadBalancer and External Name.

Question 28

What is ClusterIP?

Answer 28

ClusterIP is a virtual static IP, that provides single entry point for whole pods group inside service. This IP is accessible only from inside Kubernetes cluster itself. This can be used for internal communication inside cluster.

Question 29

What is NodePort?

Answer 29

Node port is a thing, that allows you to set up certain port in your cluster, that will be available on all nodes, and all requests made to this port, will be distributed between pods of corresponding service inside this node. Also, optionally, if external traffic policy is not set to local, if current node does not have corresponding pods, traffic will be redirected to another node, that has them.

Question 30

What is LoadBalancer?

Answer 30

LoadBalancer is an option in Service resource, that is used to tell Kubernetes, that certain service wants to use external load balancer, that will balance traffic between Service nodes.

Question 31

How will you be deploying you application in Kubernetes, if you only have kuberctl?

Answer 31

First of all, this case application should be packed into container. Then, using Deployment resource, I ask Kubernetes to deploy certain number of container instances. After that, I will set up LoadBalancer, in order to make requests to system using public IP, and distribute traffic between pods. Finally, in order to route incoming traffic, I will have to set up Ingress and run Ingress controller, for example Nginx.

Question 32

Application has stopped working. How to understand, what happened and what is the problem?

Answer 32

Well, there could be quite a lot of things that could lead to this situation. We need to check some things. First of all, is our manifest correct? Is it applied? Then, maybe we just don't have enough resources in cluster, so this is not possible to run all required processes. ДОПОЛНИТЬ

Question 33

How did you interact with Kubernetes?

Answer 33

At my first job, I had the opportunity to work with Kubernetes quite extensively. Initially, when our project was in the MVP and early testing phase, with very few users, we simply deployed it manually, and that was okay. But then, when we started preparing to scale it to a larger user base and were breaking the monolith project into few smaller services, this approach became unacceptable, and we needed to deploy our services to Kubernetes. We did this using EKS. This was primarily needed in order to implement autoscaling and avoid overprovisioning, so that the number of running instances depended on load instead of being constant number, to avoid overspending. And also using it simplified the deployment of new versions. During this process, I used to work with Helm charts, I was writing them for our frontend and backend services, and later also took on the task of setting up a canary release using Argo Rollouts. Then I moved to Ozon. At Ozon, all infrastructure related things are handled by a separate DevOps team, so my interactions with Kubernetes there were quite limited, and I just few times had to work with pod logs and look at them while working on bugs related tasks. So mostly in Ozon I used to work with it during debugging, for example. (Looking at pod logs when working on one of bugs. At certain moment of time, we almost didn't have any push notification settings, we had only one option to enable or disable them in general for one of our services, and by historical reasons caching for these settings was implemented inside local process cache instead of something like Redis, for example. By idea, this local cache had to be synchronized periodically with our database, but this mechanism didn't work because of mistake made, but nobody noticed this for quite long time because this was not an important part of our application. At certain moment of time they noticed that there is a problem with that, and I was investigating this.)

Question 34

What are secrets?

Answer 34

Secrets - are all kind of data, that is related to providing access to certain resources, and what should not be disclosed. For example, secrets are: - Passwords - Authentication tokens - Encryption keys Secrets must never be hardcoded in code or stored in places, available to everyone. They should be stored in special secrets managers, like HashiCorp Vault, for example.

Question 35

What is requests / limits?

Answer 35

Requests - how much memory & CPU container is guaranteed to receive. Limits - maximal resources allowed for this container to receive. In case of exceeding limits by CPU container will be throttled. In case of exceeding limits by memory container will be stopped.

Question 36

Kubevirt

Question 37

Что такое pod и container в Kubernetes, в чём разница?

Question 38

Что такое container в Kubernetes?

Question 39

Что такое namespace и как он работает?

Question 40

Что такое controlgroups?

Question 41

Почему не очень хорошо размещать несколько контейнеров в одном поде? Когда это оправданно?

Answer 41

Причина - автоскейлинг (дополнить) Допустимо когда нужно гарантированно разместить их на одной машине

Question 42

Что такое Kustomize и зачем он нужен?

Question 43

What is ETCD and how it works?

Question 44

В чём разница между ReplicaSet и Deployment?

Question 45

Что такое Canary | Blue-Green | Recreate | Rolling Update?

Question 46

What is cluster autoscaler? (VPA | HPA)

Question 47

What is Terraform?

Answer 47

Есть конфиг, есть ядро, есть провайдер (обёртка над API нашего облака) Ядро читает конфиг и на его основе и основе данных получаемых через провайдер, управляет состоянием системы для приведения её к задекларированному в конфиге состоянию. ДОПОЛНИТЬ

Question 48

What is your experience with Kubernetes in Ozon?

Answer 48

- Писал Helm чарты, работал с темплейтами и с Kustomize - Взаимодействовал с ArgoCD: смотрел сервисы, их статус, статус развёртываемых версий (успешно / неуспешно), смотрел логи для неуспешных развёртываний. - Я время от времени занимался управлением доступами для наших сервисов, для того чтобы контролировать, к каким сервисам внутри кластера эти сервисы могли отправлять запросы, это управлялось с помощью (Cillium / Calico) (посмотреть что это, верхнеуровнево) ДОПОЛНИТЬ

Question 49

Что такое Kustomize и как он работает, зачем нужен, в чём разница с Helm?