Docker

What is Docker?

Docker is an open-source lightweight containerization technology. It has gained widespread popularity in the cloud and application packaging world. It allows you to automate the deployment of applications in lightweight and portable containers.

What are the advantages of using a Docker container?

• Offers an efficient and easy initial setup
• Allows you to describe your application lifecycle in detail
• Simple configuration and interacts with Docker Compose.
• Documentation provides every bit of information.

What are the important features of Docker?

• Easy Modeling
• Version control
• Placement/Affinity
• Application Agility
• Developer Productivity
• Operational Efficiencies

What are the main drawbacks of Docker?

• Doesn’t provide a storage option
• Offer a poor monitoring option.
• No automatic rescheduling of inactive Nodes
• Complicated automatic horizontal scaling set up

What is Docker’s image?

The Docker image helps to create Docker containers. You can create the Docker image with the build command. Due to this, it creates a container that starts when it begins to run. Every docker image is stored in the Docker registry.

What is Docker Engine?

Docker daemon or Docker engine represents the server. The docker daemon and the clients should be run on the same or remote host, which can communicate through command-line client binary and full RESTful API.

Explain Docker Registries?

• Public Registry
• Private Registry

Docker’s public registry is called Docker hub, which allows you to store images privately. In Docker hub, you can store millions of images.

What command should you run to see all running containers in Docker?

$ docker ps

Write the command to stop the docker container?

$ sudo docker stop container name

What is the command to run the image as a container?

$ sudo docker run -it alpine /bin/bash

What is the common instruction in Dockerfile?

The common instruction in Dockerfile is: FROM, LABEL, RUN, and CMD.

What is the memory-swap flag?

Memory-swap is a modified flag that only has meaning if- memory is also set. Swap allows the container to write express memory requirements to disk when the container has exhausted all the RAM which is available to it.

Explain Docker Swarm?

Docker Swarm is a native gathering for docker which helps you to a group of Docker hosts into a single and virtual docker host. It offers the standard docker application program interface.

How can you monitor the docker in production environments?

Docker states and Docker Events are used to monitoring docker in the production environment.

What the states of the Docker container?

• Running
• Paused
• Restarting
• Exited

What is a Docker hub?

Docker hub is a cloud-based registry that helps you to link to code repositories. It allows you to build, test, store your image in the Docker cloud. You can also deploy the image to your host with the help of the Docker hub.

What is Virtualization?

Virtualization is a method of logically dividing mainframes to allow multiple applications to run simultaneously.

However, this scenario changed when companies and open source communities were able to offer a method of handling privileged instructions. It allows multiple OS to run simultaneously on a single x86 based system.

What is Hypervisor?

The hypervisor allows you to create a virtual environment in which the guest virtual machines operate. It controls the guest systems and checks if the resources are allocated to the guests as necessary.

Explain Docker object labels

Docker object labels are a method for applying metadata to docker objects including, images, containers, volumes, network, swam nodes, and services.

How does communication happen between the Docker client and Docker Daemon?

You can communicate between the Docker client and Docker Daemon with the combination of Rest API, socket.IO, and TCP.

Explain the process of scaling your Docker containers

The Docker containers can be scaled to any level starting from a few hundred to even thousands or millions of containers. The only condition for this is that the containers need the memory and the OS at all times, and there should not be a constraint when the Docker is getting scaled.

What are the steps for the Docker container life cycle?

• Build
• Pull
• Run

What is CNM?

CNM stands for Container Networking Model. It is a standard or specification from Docker, Inc. that forms the basis of container networking in a Docker environment. This docker’s approach provides container networking with support for multiple network drivers.

Does Docker offer support for IPV6?

Yes, Docker provides support IPv6. IPv6 networking is supported only on Docker daemons runs on Linux hosts. However, if you want to enable IPv6 support in the Docker daemon, you need to modify /etc/docker/daemon.json and set the ipv6 key to true.

Can you lose data when the container exits?

No, any data that your application writes to the disk get stored in the container. The file system for the container persists even after the container halts.

Explain Docker Trusted Registry?

Docker Trusted Registry is the enterprise-grade image storage toll for Docker. You should install it after your firewall so that you can securely manage the Docker images you use in your applications.

What are Docker Namespaces?

The Namespace in Docker is a technique that offers isolated workspaces called the Container. Namespaces also offer a layer of isolation for the Docker containers.

What are the three components of Docker Architecture

• Client
• Docker-Host
• Registry

What is the Docker client?

Docker provides Command Line Interface tools to the client to interact with Docker daemon.

What is the purpose of Docker Host?

It contains the container, images, and the Docker daemon. It offers a complete environment to execute and run your application.

What is a DockerFile?

It is a text file that has all commands which need to be run for building a given image and that image is used for running a container.

What are the different types of Hypervisors?

Native Hypervisor: This type is also called a Bare-metal Hypervisor and runs directly on the underlying host system which also ensures direct access to the host hardware which is why it does not require base OS.

Hosted Hypervisor: This type makes use of the underlying host operating system which has the existing OS installed.

Explain about Docker Compose?

It is a YAML file consisting of all the details regarding various services, networks, and volumes that are needed for setting up the Docker-based application. So, docker-compose is used for creating multiple containers, host them and establish communication between them. For the purpose of communication amongst the containers, ports are exposed by each and every container.

Can a paused container be removed from Docker?

No, it is not possible! A container MUST be in the stopped state before we can remove it.

Differentiate between virtualization and containerization?

Can a container restart by itself?

Yes, it is possible only while using certain docker-defined policies while using the docker run command. Following are the available policies:

Off: In this, the container won’t be restarted in case it’s stopped or fails.

On-failure: Here, the container restarts by itself only when it experiences failures not associated with the user.

Unless-stopped: Using this policy ensures that a container can restart only when the command is executed to stop it by the user.

Always: Irrespective of the failure or stopping, the container always gets restarted in this type of policy.

$ docker run -dit -- restart [restart-policy-value] [container_name]

Can you tell the differences between a Docker Image and a Layer?

Image: This is built up from a series of read-only layers of instructions. An image corresponds to the docker container and is used for speedy operation due to the caching mechanism of each step.

Layer: Each layer corresponds to an instruction of the image’s Dockerfile. In simple words, the layer is also an image but it is the image of the instructions run. The layers can be thought of as intermediate images.

What does the docker info command do?

The command gets detailed information about Docker installed on the host system. The information can be like what is the number of containers or images and in what state they are running and hardware specifications like total memory allocated, speed of the processor, kernel version, etc.

How many containers you can run in Docker and what are the factors influencing this limit?

There is no clearly defined limit to the number of containers that can be run within docker. But it all depends on the limitations – more specifically hardware restrictions. The size of the app and the CPU resources available are 2 important factors influencing this limit. In case your application is not very big and you have abundant CPU resources, then we can run a huge number of containers.

Is there any problem with just using the latest tag in a container orchestration environment?

The problem is if you push a new image with just the latest tag, you lose your old image and your deployments will use the new image. If the new image has any problem, your deployments might fail, resulting in downtime.

When you use explicit version numbers to tag Docker images instead, you can roll back to old images easily. Your deployments will continue to use the old version number due to your tag until you’re ready to switch each of them over.

it a good practice to run stateful applications on Docker?

The concept behind stateful applications is that they store their data onto the local file system. It would difficult if you decided to move the application to another machine; retrieving data becomes painful. I honestly would not prefer running stateful applications on Docker.

Kubernetes

What is Kubernetes?

Kubernetes is an open-source container orchestration tool or system that is used to automate tasks such as the management, monitoring, scaling, and deployment of containerized applications. It is used to easily manage several containers (since it can handle the grouping of containers), which provides for logical units that can be discovered and managed.

K8s is another term for Kubernetes.

What is orchestration when it comes to software and DevOps?

Orchestration refers to the integration of multiple services that allows them to automate processes or synchronize information in a timely fashion. Say, for example, you have six or seven microservices for an application to run. If you place them in separate containers, this would inevitably create obstacles for communication. Orchestration would help in such a situation by enabling all services in individual containers to work seamlessly to accomplish a single goal.

How are Kubernetes and Docker related?

Docker is an open-source platform used to handle software development. Its main benefit is that it packages the settings and dependencies that the software/application needs to run into a container, which allows for portability and several other advantages. Kubernetes allows for the manual linking and orchestrated/

What are the main components of Kubernetes architecture?

There are two primary components: the master node and the worker node. Each of these components has individual components in them.

What is a node in Kubernetes?

A node is the smallest fundamental unit of computing hardware. It represents a single machine in a cluster, which could be a physical machine in a data center or a virtual machine from a cloud provider. Each machine can substitute any other machine in a Kubernetes cluster. The master in Kubernetes controls the nodes that have containers.

What does the node status contain?

The main components of a node status are Address, Condition, Capacity, and Info.

What process runs on Kubernetes Master Node?

The Kube-API server process runs on the master node and serves to scale the deployment of more instances.

What is a pod in Kubernetes?

Pods are high-level structures that wrap one or more containers. This is because containers are not run directly in Kubernetes. Containers in the same pod share a local network and the same resources, allowing them to easily communicate with other containers in the same pod as if they were on the same machine while at the same time maintaining a degree of isolation.

What is the job of the kube-scheduler?

The kube-scheduler assigns nodes to newly created pods.

What is a cluster of containers in Kubernetes?

A Kubernetes cluster is a set of nodes that run containerized applications. Containerizing applications package an app with its dependencies and some necessary services. Kubernetes clusters allow containers to run across multiple machines and environments: virtual, physical, cloud-based, and on-premises.

What are Daemon sets?

A Daemon set is a set of pods that runs only once on a host. They are used for host layer attributes like a network or for monitoring a network, which you may not need to run on a host more than once.

What is ‘Heapster’ in Kubernetes?

A Heapster is a performance monitoring and metrics collection system for data collected by Kublet. This aggregator is natively supported and runs like any other pod within a Kubernetes cluster, which allows it to discover and query usage data from all nodes within the cluster.

What is a Namespace in Kubernetes?

Namespaces are used for dividing cluster resources between multiple users. They are meant for environments where there are many users spread across projects or teams and provide a scope of resources.

What is the Kubernetes controller manager?

The controller manager is a daemon that is used for embedding core control loops, garbage collection, and Namespace creation. It enables the running of multiple processes on the master node even though they are compiled to run as a single process.

What are the types of controller managers?

The primary controller managers that can run on the master node are –

• Endpoints controller
• Service accounts controller
• Namespace controller
• Node controller
• Token controller
• Replication controller.

What is etcd?

Kubernetes uses etcd as a distributed key-value store for all of its data, including metadata and configuration data, and allows nodes in Kubernetes clusters to read and write data. Although etcd was purposely built for CoreOS, it also works on a variety of operating systems (e.g., Linux, BSB, and OS X) because it is open-source. Etcd represents the state of a cluster at a specific moment in time and is a canonical hub for state management and cluster coordination of a Kubernetes cluster.

What are the different services within Kubernetes?

• Cluster IP service
• Node Port service
• External Name Creation service and
• Load Balancer service

What is ClusterIP?

The ClusterIP is the default Kubernetes service that provides a service inside a cluster (with no external access) that other apps inside your cluster can access.

What is NodePort?

The NodePort service is the most fundamental way to get external traffic directly to your service. It opens a specific port on all Nodes and forwards any traffic sent to this port to the service.

What is the LoadBalancer in Kubernetes?

The LoadBalancer service is used to expose services to the internet. A Network load balancer, for example, creates a single IP address that forwards all traffic to your service.

What is a headless service?

A headless service is used to interface with service discovery mechanisms without being tied to a ClusterIP, therefore allowing you to directly reach pods without having to access them through a proxy. It is useful when neither load balancing nor a single Service IP is required.

What is Kubelet?

The kubelet is a service agent that controls and maintains a set of pods by watching for pod specs through the Kubernetes API server. It preserves the pod lifecycle by ensuring that a given set of containers are all running as they should. The kubelet runs on each node and enables communication between the master and slave nodes.

What is Kubectl?

Kubectl is a CLI (command-line interface) that is used to run commands against Kubernetes clusters. As such, it controls the Kubernetes cluster manager through different create and manage commands on the Kubernetes component

Give examples of recommended security measures for Kubernetes.

Examples of standard Kubernetes security measures include defining resource quotas, support for auditing, restriction of etcd access, regular security updates to the environment, network segmentation, definition of strict resource policies, continuous scanning for security vulnerabilities, and using images from authorized repositories.

What is Kube-proxy?

Kube-proxy is an implementation of a load balancer and network proxy used to support service abstraction with other networking operations. Kube-proxy is responsible for directing traffic to the right container based on IP and the port number of incoming requests.

How can you get a static IP for a Kubernetes load balancer?

A static IP for the Kubernetes load balancer can be achieved by changing DNS records since the Kubernetes Master can assign a new static IP address.

What is minikube?

Minikube is software that helps the user to run Kubernetes. It runs on the single nodes that are inside VM on your computer. This tool is also used by programmers who are developing an application using Kubernetes.

Explain Prometheus in Kubernetes?

Prometheus is an application that is used for monitoring and alerting. It can be called out to your systems, grab real-time metrics, compress it, and stores properly in a database.

List tools for container orchestration?

• Docker swarm
• Apache Mesos
• Kubernetes

Mention the list of objects of Kubernetes?

• Pods
• Replication sets and controllers
• Jobs and cron jobs
• Daemon sets
• Distinctive identities
• Deployments
• Stateful sets

Explain about Stateful sets in Kubernetes?

The stateful set is a workload API object that is used to manage the stateful application. It can also be used to manage the deployments and scaling the sets of pods. The state information and other data of stateful pods are store in the disk storage, which connects with a stateful set.

Why use Daemon sets?

• It enables to runs of storage platforms like ceph and glusterd on each node.
• Daemon sets run the logs collection on every node such as filebeat or fluentd.
• It performs node monitoring on each and every node.

Explain the Replica set?

A Replica set is used to keep replica pods stable. It enables us to specify the available number of identical pods. This can be considered a replacement for the replication .controller.

List out some important Kubectl commands?

• kubectl annotate
• kubectl cluster-info
• kubectl attach
• kubectl apply
• kubectl config
• kubectl autoscale
• kubectl config current-context
• kubectl config set

Why uses Kube-apiserver?

Kube-apiserver is an API server of Kubernetes that is used to configure and validate API objects, which include services, controllers, etc. It provides the frontend to the cluster’s shared region using which components interact with each other.

Explain the types of Kubernetes pods?

• Single Container Pod: The “one-container-per-Pod” model is the most common Kubernetes use case; in this case, you can think of a Pod as a wrapper around a single container; Kubernetes manages Pods rather than managing the containers directly.
• Multicontainer pods: A Pod can encapsulate an application composed of multiple co-located containers tightly coupled and need to share resources. These co-located containers form a single cohesive unit of service—for example, one container serving data stored in a shared volume to the public. In contrast, a separate sidecar container refreshes or updates those files. The Pod wraps these containers, storage resources, and an ephemeral network identity together as a single unit.

What are the labels in Kubernetes?

Labels are a collection of keys that contain some values. The key values are connected to pods, replication controllers, and associated services. Generally, labels are added to some object during its creation time. The users can modify them at run time.

What are the objectives of the replication controller?

• It is responsible for controlling and administering the pod lifecycle.
• It monitors and verifies whether the allowed number of replicas are running or not.
• The replication controller helps the user to check the pod status.
• It enables to alter a pod. The user can drag its position the way interested in it.

What do you mean by persistent volume?

A persistent volume is a storage unit that is controlled by the administrator. It is used to manage an individual pod in a cluster.

What are Secrets in Kubernetes?

Secrets are sensitive information like the login credentials of the user. They are objects in Kubernetes that stores sensitive information like username and password after performing encryption.

What is Sematext Docker Agent?

Sematext Docker agent is a log collection agent with events and metrics. It runs as a small container in each Docker host. These agents gather metrics, events, and logs for all cluster nodes and containers.

What are federated clusters?

Federated clusters are multiple clusters that are managed as a single cluster.

What is OpenShift?

OpenShift is a public cloud application development and hosting platform developed by Red Hat. It offers automation for management so that developers can focus on writing the code.

Explain about Kubernetes Volumes?

Kubernetes volumes support all containers deployed in a pod of Kubernetes. Volumes are not limited to any container.

What are the ways to provide API-Security on Kubernetes?

• Using correct auth mode with API server authentication mode= Node.
• Make Kubernetes that protects its API via authorization-mode=Webhook.
• Ensure the kube-dashboard uses a restrictive RBAC (Role-Based Access Control) policy

What is ContainerCreating pod?

A ContainerCreating pod is one that can be scheduled on a node but can’t start up properly.

Explain PVC?

The full form of PVC stands for Persistent Volume Claim. It is storage requested by Kubernetes for pods. The user does not require to know the underlying provisioning. This claim should be created in the same namespace where the pod is created.

What is the Kubernetes Network Policy?

Network Policy defines how the pods in the same namespace would communicate with each other and the network endpoint.

What is the Kubernetes proxy service?

Kubernetes proxy service is a service that runs on the node and helps in making it available to an external host.