1 what is the difference between docker and Kubernetes.

Ans;- Docker:Containerization Platform: Docker is a platform for building, packaging, and

running applications in isolated environments called containers. It provides the tools and
infrastructure to create Docker images, which are essentially blueprints for containers, and
to run these images as instances (containers).

Kubernetes:

 Container Orchestration Platform:

Kubernetes is an open-source system for automating the deployment, scaling, and

management of containerized applications. It orchestrates and manages containers across a
cluster of machines, ensuring high availability, load balancing, and self-healing capabilities.

2 Core components of Kubernetes

Kubernetes consists of the following core components:

 Control plane (master node components):

 kube-apiserver: Main API gateway for the cluster.

 etcd: A distributed key-value store that holds the clusters’ state and
configuration.

 kube-scheduler: Assigns Pods to nodes based on resource availability.

 controller-manager: Manages controllers.

 Worker node components:

 kubelet: Agent that runs on each worker node. It ensures that Pods are
running as expected.

 kube-proxy: Handles networking and routes traffic between services.

3;- Describe the role of etcd in a Kubernetes cluster.

 Answer: etcd is a distributed key-value store that serves as Kubernetes'

backing store for all cluster data, including configuration data, state, and
metadata.

4;- What is a Pod in Kubernetes?

A Pod is the smallest deployable unit in Kubernetes. It represents one or more containers
running in a shared environment. Containers inside a Pod share networking and storage
resources.

Here’s a simple Pod definition YAML file:

apiVersion: v1

apiVersion: v1

kind: Pod

metadata:

name: my-pod

spec:

containers:

- name: nginx-container

image: nginx:1.21

ports:

- containerPort: 80

5;- What is the purpose of kubectl?

Kubectl is the primary CLI tool for managing Kubernetes resources and interacting with the
cluster. Here are a few common kubectl commands you should be familiar with:

6;- What is a Deployment in Kubernetes?

A Deployment in Kubernetes is a higher-level abstraction that manages the lifecycle of Pods.

It ensures that the desired number of replicas are up and running and provides features like
rolling updates, rollbacks, and self-healing.

7;- What is a Kubernetes Service, and why is it needed?

A Service in Kubernetes exposes a group of Pods and allows communication between and to
them.

8;- What service types are available at Kubernetes Services?

Kubernetes provides four main types of Services, each serving a different networking
purpose:
  ClusterIP (default): Allows for internal communication of Pods. Only accessible from
within the cluster.

 NodePort: This exposes the Service on a static port of each Node, making It
accessible from outside the cluster.

 LoadBalancer: Uses a cloud provider’s external load balancer. The Service is then
accessible via a public IP.

 ExternalName: Maps a Kubernetes Service to an external hostname.

9;- What is the role of ConfigMaps and secrets in Kubernetes?

ConfigMaps stores non-sensitive configuration data, while secrets stores sensitive data like
API keys and passwords.

10;- What are Namespaces in Kubernetes?

A Namespace is a virtual cluster within a Kubernetes cluster. It helps to organize workloads

in multi-tenant environments by isolating resources within a cluster.

# create a namespace called “dev”

kubectl create namespace dev

# create a Pod in that namespace

kubectl run nginx --image=nginx --namespace=dev

# get Pods in that namespace

kubectl get pods --namespace=dev

11;- What are Labels and Selectors in Kubernetes?

Labels are key/value pairs attached to objects (e.g. Pods). They help to organize Kubernetes
objects. Selectors filter resources based on Labels.

Here is an example Pod that has the labels environment: production and app: nginx:

12;- What are Persistent Volumes (PVs) and Persistent Volume Claims (PVCs)?

Persistent Volumes (PVs) provide storage that persists beyond Pod lifecycles. The PV is a
storage piece in the cluster that has been provisioned by a cluster administrator or
dynamically provisioned using Storage Classes.

A Persistent Volume Claim (PVC) is a request for storage by a user.

13;- What is Role-Based Access Control (RBAC) in Kubernetes?

RBAC is a security mechanism that restricts users and services based on their permissions. It
consists of:

 Roles and ClusterRoles: Define the actions allowed on resources.

 RoleBindings and ClusterRoleBindings: Assign roles to users or service accounts.

14;- Kubernetes provides three types of autoscaling to optimize resource usage:

1. Horizontal Pod Autoscaler (HPA): Adjusts the number of Pods based on CPU usage,
memory usage, or custom metrics.

2. Vertical Pod Autoscaler (VPA): Adjusts the CPU and memory requests for individual
Pods.

3. Cluster Autoscaler: Adjusts the number of worker nodes in the cluster based on
resource needs.

You can create an HPA using kubectl:

kubectl autoscale deployment nginx --cpu-percent=50 --min=1 --max=10

15;- When Pods fail, Kubernetes provides multiple ways to debug it:

 Use kubectl logs to check container logs for errors.

 Use kubectl describe pod to inspect events and recent state changes.

 Use kubectl exec to open an interactive shell and investigate from inside the
container.

 Use kubectl get pods --field-selector=[Link]=Failed to list all failing Pods.

16;- How does Kubernetes handle Pod disruptions and high availability?

Kubernetes ensures high availability through Pod Disruption Budgets (PDBs), anti-affinity
rules, and self-healing mechanisms. Here’s how these mechanisms work:

 Pod Disruption Budget (PDB): Ensures a minimum number of Pods remain available
during voluntary disruptions (e.g., cluster updates where nodes need to be scaled
down).

 Pod affinity and anti-affinity: Controls for which Pods can be scheduled together or
separately.

 Node selectors and Taints/Tolerations: Control how workloads are distributed across
Nodes.

17;- How can you secure a Kubernetes cluster?

Follow the 4C security model to secure a Kubernetes cluster:

1. Cloud provider security: Use IAM roles and firewall rules.

2. Cluster security: Enable RBAC, audit logs, and API server security.

3. Container security: Scan images and use non-root users.

4. Code security: Implement secrets management and use network policies

18;- What are Taints and Tolerations in Kubernetes?

Taints and Tolerations control where Pods run:

 Taints: Mark nodes to reject Pods.

 Tolerations: Allow Pods to ignore certain Taints.

19;- What are Kubernetes sidecar containers, and how are they used?

A sidecar container runs alongside the main application container inside the same Pod. It
is commonly used for:

 Logging and monitoring (e.g. collecting logs with Fluentd).

 Security proxies (e.g. running Istio’s Envoy proxy for service mesh).

 Configuration management (e.g. syncing application settings).

20;- Name three typical Pod error causes and how they can be fixed.

Pods can get stuck in Pending, CrashLoopBackOff, or ImagePullBackOff states:

 Pod stuck in Pending: Check node availability and resource limits. You can check the
events of the Pod for further information.

 CrashLoopBackOff: Investigate app logs and check misconfigurations.

 ImagePullBackOff: Ensure the correct image name and pull credentials. Again,
investigate the Pod's events for further information.

21;-How do you implement zero-downtime Deployments in Kubernetes?

Zero-downtime Deployments ensure that updates do not interrupt live traffic.

Kubernetes achieves that using:

 Rolling updates (default, gradually replacing old Pods with new ones).

 Canary deployments (testing with a subset of users).

 Blue-green deployments (switching between production and test environments).

Readiness probes help Kubernetes avoid traffic being sent to unready Pods
How do you backup and restore an etcd cluster in Kubernetes?

Etcd is the key-value store that holds the entire cluster state. Regular backups are
essential to avoid data loss.

You can create a backup using the below command:

ETCDCTL_API=3 etcdctl --endpoints=[Link] \

--cacert=<trusted-ca-file> --cert=<cert-file> --key=<key-file> \

snapshot save <backup-file-location>

How do you monitor a Kubernetes cluster?

Kubernetes administrators must monitor CPU, memory, disk, networking, and

application health. The following tools are recommended for these tasks:

 Prometheus + Grafana: Collect and visualize cluster metrics. Create real-time alerts
to get notified in case there are issues.

 Loki + Fluentd: Collect and analyze logs.

 Kubernetes dashboard: UI-based cluster monitoring.

How do you implement high availability in Kubernetes?

High availability is essential to avoid downtime of applications running in your

Kubernetes cluster. You can ensure high availability by:

 Using multiple control plane nodes. Multiple API servers prevent downtime if one
fails.

 Enabling the cluster autoscaler. This automatically adds/removes nodes based on

demand.

How do you implement Kubernetes cluster multi-tenancy?

Multi-tenancy is quite important if you are setting up Kubernetes for your company. It
allows multiple teams or applications to share a Kubernetes cluster securely without
interfering with each other.

There are two types of multi-tenancy:

1. Soft multi-tenancy: Uses Namespaces, RBAC, and NetworkPolicies to isolate on the

namespace level.

2. Hard multi-tenancy: Uses virtual clusters or separate control planes to isolate a

physical cluster (e.g., KCP).

What is CoreDNS? How do you configure and use it?

CoreDNS is the default DNS provider for Kubernetes clusters. It provides service
discovery and allows Pods to communicate using internal DNS names instead of IP
addresses.

Features of CoreDNS:

 Handles internal DNS resolution ([Link]).

 Supports custom DNS configuration.

 Load-balances DNS queries across multiple Pods.

 Allows caching for improved performance.

You can configure CoreDNS using the ConfigMap stored in the kube-system namespace.
You can view the current settings using:

kubectl get configmap coredns -n kube-system -o yaml