Skip to content

Kubernetes Concepts Flashcards

Quick reference flashcards for Kubernetes architecture and concepts.

Architecture Components

Q: What are the control plane components?

Answer - **kube-apiserver** - API frontend, handles REST operations - **etcd** - Key-value store for cluster data - **kube-scheduler** - Assigns pods to nodes - **kube-controller-manager** - Runs controller processes - **cloud-controller-manager** - Cloud-specific controllers

Q: What are the node components?

Answer - **kubelet** - Agent that runs on each node, manages pods - **kube-proxy** - Network proxy, maintains network rules - **Container runtime** - Runs containers (containerd, CRI-O)

Q: What is etcd?

Answer Distributed key-value store that stores all cluster data including: - Cluster state - Configuration - Secrets - Service discovery information

Q: What does the kube-scheduler do?

Answer Watches for newly created pods with no assigned node and selects a node based on: - Resource requirements - Hardware/software constraints - Affinity/anti-affinity rules - Taints and tolerations - Data locality

Workload Resources

Q: What is a Pod?

Answer Smallest deployable unit in Kubernetes. Contains: - One or more containers - Shared storage (volumes) - Shared network (IP address) - Specification for how to run containers

Q: What is a ReplicaSet?

Answer Ensures a specified number of pod replicas are running at any time. - Maintains desired replica count - Creates/deletes pods as needed - Usually managed by Deployments

Q: What is a Deployment?

Answer Provides declarative updates for Pods and ReplicaSets: - Rolling updates - Rollbacks - Scaling - Pause/resume updates

Q: What is a StatefulSet?

Answer Manages stateful applications with: - Stable, unique network identifiers - Stable, persistent storage - Ordered, graceful deployment and scaling - Ordered, automated rolling updates

Q: What is a DaemonSet?

Answer Ensures all (or some) nodes run a copy of a pod: - Node monitoring agents - Log collectors - Storage daemons - Automatically adds pods to new nodes

Q: What is a Job?

Answer Creates pods that run to completion: - Batch processing - One-time tasks - Tracks successful completions - Can run multiple pods in parallel

Q: What is a CronJob?

Answer Creates Jobs on a schedule (cron format): - Scheduled backups - Report generation - Periodic cleanup tasks

Services & Networking

Q: What are the Service types?

Answer - **ClusterIP** - Internal cluster IP (default) - **NodePort** - Exposes on each node's IP at static port - **LoadBalancer** - Cloud provider load balancer - **ExternalName** - Maps to external DNS name

Q: What is an Ingress?

Answer Manages external access to services: - HTTP/HTTPS routing - Load balancing - SSL/TLS termination - Name-based virtual hosting

Q: What is a NetworkPolicy?

Answer Controls traffic flow between pods: - Ingress rules (incoming traffic) - Egress rules (outgoing traffic) - Pod selectors - Namespace selectors

Storage

Q: What is a PersistentVolume (PV)?

Answer Cluster-wide storage resource: - Provisioned by admin or dynamically - Independent of pod lifecycle - Has capacity, access modes, reclaim policy

Q: What is a PersistentVolumeClaim (PVC)?

Answer Request for storage by a user: - Requests specific size and access mode - Binds to matching PV - Used by pods to mount storage

Q: What are the access modes for PV?

Answer - **ReadWriteOnce (RWO)** - Single node read-write - **ReadOnlyMany (ROX)** - Multiple nodes read-only - **ReadWriteMany (RWX)** - Multiple nodes read-write - **ReadWriteOncePod (RWOP)** - Single pod read-write

Q: What is a StorageClass?

Answer Describes storage "classes" for dynamic provisioning: - Provisioner (e.g., kubernetes.io/aws-ebs) - Parameters (type, zone, etc.) - Reclaim policy - Volume binding mode

Configuration

Q: What is a ConfigMap?

Answer Stores non-confidential configuration data: - Key-value pairs - Configuration files - Can be used as environment variables or volumes - Not encrypted

Q: What is a Secret?

Answer Stores sensitive data: - Passwords, tokens, keys - Base64 encoded (not encrypted by default) - Can be encrypted at rest - Used as env vars or volumes

Security

Q: What is RBAC?

Answer Role-Based Access Control: - **Role** - Namespace-scoped permissions - **ClusterRole** - Cluster-scoped permissions - **RoleBinding** - Binds Role to users/groups - **ClusterRoleBinding** - Binds ClusterRole to users/groups

Q: What is a ServiceAccount?

Answer Identity for processes running in pods: - Provides authentication to API server - Can be assigned RBAC permissions - Token mounted in pods

Q: What are Pod Security Standards?

Answer - **Privileged** - Unrestricted policy - **Baseline** - Minimally restrictive, prevents known escalations - **Restricted** - Heavily restricted, security best practices

Scheduling

Q: What are Taints and Tolerations?

Answer **Taints** - Applied to nodes, repel pods **Tolerations** - Applied to pods, allow scheduling on tainted nodes Effects: - NoSchedule - Don't schedule - PreferNoSchedule - Try not to schedule - NoExecute - Evict existing pods

Q: What is Node Affinity?

Answer Constrains pods to nodes with specific labels: - **requiredDuringSchedulingIgnoredDuringExecution** - Hard requirement - **preferredDuringSchedulingIgnoredDuringExecution** - Soft preference

Q: What is Pod Affinity/Anti-Affinity?

Answer **Affinity** - Schedule pods together (same node/zone) **Anti-Affinity** - Schedule pods apart (different nodes/zones) Use cases: - Co-locate related pods - Spread for high availability

← Back to Home