Knowledge Bank - ganeshahv/Contrail_SRE GitHub Wiki

Virtualization Fundamentals

  1. System resources like mnt, pid and network can be virtualized with namespaces.
  2. On Linux we can limit process resources with Control Groups.
  3. We can transparently overlay two or more directories, stacked one over another with UnionFS.
  4. With chroot we change the root directory of a process and its children started with chroot.
  5. FreeBSD jails may prevent a chroot type attack.
  6. OpenVZ containers run Linux.
  7. Cgroup, multiple Linux hosts in namespaces for isolation are not supported by LXC.
  8. Systemd manages containers created with systemd-nspawn.
  9. The App Container standard specifies App Container Image, App Container Pod, App Container Image Discovery, App Container Executor.
  10. The Open Container Initiative includes specifications for Runtime and Image Format.
  11. Running a container with runc does not require a daemon process.
  12. Docker daemon manages runc containers through containerd.
  13. Docker client communicates with Docker daemon using REST APIs.
  14. A rkt pod can point to one or more applications
  15. Docker Desktop on Mac and Windows allows the mounting of a host directory inside a container.
  16. Docker Desktop installs Docker Compose, Command Line Client and Docker Engine.
  17. Docker Client is capable of communicating with a remote Docker Daemon.
  18. A container image is mapped to a running container in Read-Only mode.
  19. The command docker container commit creates an on-disk copy of a container’s ephemeral storage.
  20. Docker images are versioned with Image Tag.
  21. Rkt downloads a container image with rkt fetch.
  22. Dockerfile is the source of the instructions used by Buildah to create images.
  23. There are similarities between Podman commands and Docker.
  24. With Docker, a container can be referred by its name, ID and partial ID.
  25. With rkt we can create a Pod from a Docker container image.
  26. docker container inspect and podman container inspect can be used to display detailed information about a container.
  27. While creating a container, we create a process on the host running the container runtime.
  28. docker container commit and rkt export help to create a new image from a container or Pod.
  29. A container image is not a runtime object.
  30. Build from scratch or From a running container or Image conversion are all image creation methods.
  31. Containers can be created from images, and images can be created from containers.
  32. A container image can be created from a running container, a base container image, a File containing a set of instructions.
  33. We can share Containerfiles or Dockerfiles to enable image builds.
  34. Dockerfiles and Containerfiles include build time instructions like SHELL, FROM and RUN.
  35. Dockerfiles and Containerfiles include run time instructions like CMD and ENTRYPOINT.
  36. Docker uses bridge network driver by default to connect containers.
  37. Docker uses Container Network Model(CNM).
  38. docker network inspect displays network information.
  39. Containers can share a network namespace on the same system.
  40. ptp, bridge, macvlan, ipvlan are built-in network types of rkt.
  41. CRI-O uses Container Network Interface (CNI).
  42. If we delete an existing file from a container, the file does not get deleted from the base container image storage layer.
  43. We use Host volumes to mount a host directory inside a Pod with rkt.
  44. overlayfs is the default storage driver for CRI-O.

Kubernetes Fundamentals

  1. One or more containers, Shared IP address and One namespace are part of a Pod.
  2. Google developed Borg as an internal project.
  3. Objects and the state of the cluster are stored in etcd.
  4. Watch-loops or controllers interrogate the kube-apiserver or kubelet for a particular object state.
  5. kubeadm command is used to create a cluster and add nodes.
  6. kubectl is the main binary for working with objects of a Kubernetes cluster.
  7. There can be one pod networks per cluster.
  8. The kube config file contains Endpoints, SSL keys and Contexts.
  9. Pod is the smallest object or unit we can work with in Kubernetes.
  10. Only one IP addresses can be configured for a Pod.
  11. kube-apiserver is the main configuration agent on a master server.
  12. kubelet is the main agent on a worker node.
  13. Service connects other resources together and handles Ingress and Egress traffic.
  14. Kubernetes uses a RESTful API-driven architecture, accepting standard HTTP verbs.
  15. Annotations allow for metadata to be included with an object that may be helpful outside the Kubernetes object interaction.
  16. kind, metadata, apiVersion and spec must be included in a pod template.
  17. --all-namespaces should be appended to the command in order to affect every namespace with kubectl.
  18. All API versions should not be considered stable.
  19. Deployment is the suggested object for deploying and scaling an application.
  20. Container, Pod, ReplicaSet, Deployment is the correct order of Kubernetes objects.
  21. DaemonSet runs one pod on each node.
  22. Horizontal Pod Autoscaling scales resources based on CPU usage (50% by default).
  23. Jobs and CronJobs belong to the batch api group.
  24. replicas is a deployment value which determines the number of duplicate Pods deployed.
    • selector* is a header value having to do with updating Pods.
    • label* metadata is used to select an object with kubectl, based on an arbitrary string, regardless of the object type.
  27. We pass history to the kubectl rollout command to view object revisions.
  28. We pass undo to the kubectl rollout command in order to return to a previous version.
  29. ClusterIP, NodePort, LoadBalancer and ExternalName are Kubernetes service types.
  30. kube-proxy watches the API server for configuration changes and iptable updates.
  31. LoadBalancer spreads packets among Pods in a Deployment automatically.
  32. kubectl proxy starts a local proxy, which is useful for development and testing.
  33. Applications need not use persistent storage.
  34. Deployment uses a Persistent Volume Claim.
  35. persistentVolumeReclaimPolicy determines what happens to persistent storage upon release.
  36. A Secret contains encoded and not encrypted data.
  37. ConfigMaps can be created from Literal values, Individual files or Multiple files in the same directory.
  38. Efficiency is the main reason to use an Ingress Controller instead of multiple services.
  39. Both L4 and L7 can be configured in Ingress controllers.
  40. Multiple schedulers can be deployed at the same time.
  41. When a node has been tainted, a Pod requires toleration to be deployed on that node.
  42. All taints do not cause Pods to stop running on a node.
  43. Kubernetes does not have built-in cluster-wide logging.
  44. If a container does not provide logging, a Sidecar container could be used to generate and handle logging in the Pod.
  45. We use Custom Resource Definition when adding a new API object to kube-apiserver.
  46. We use Aggregated APIs to add a new API server to the cluster acting as a subordinate to kube-apiserver.
  47. Chart is the template that describes the application to deploy, configurations, and dependencies.
  48. A chart deployment output tells us about missing dependencies.
  49. Tiller is the agent that deploys objects based on a chart.
  50. A collection of charts called a Repository.
  51. kube-apiserveraccepts the --authorization-mode option to change the authorization tool in use.