diff --git a/README.md b/README.md index 2bafb89..90e9f97 100644 --- a/README.md +++ b/README.md @@ -39,8 +39,6 @@ The goal is to help candidates: * [Describe and demonstrate how to use templates with “docker service create”.](data/1_Orchestration/use_templates_with_service_create.yaml) * [Identify the steps needed to troubleshoot a service not deploying.](data/1_Orchestration/troubleshoot_service.yaml) * [Describe how a Dockerized application communicates with legacy systems.](data/1_Orchestration/legacy_communication.yaml) -* [Describe how to deploy containerized workloads as Kubernetes pods and deployments.](data/1_Orchestration/k8s_pods_deployments.yaml) -* [Describe how to provide configuration to Kubernetes pods using configMaps and secrets.](data/1_Orchestration/k8s_configmap_secret.yaml) * [Describe service update and rollback strategies.](data/1_Orchestration/service_update_rollback.yaml) * [Describe node availability (drain, active, pause).](data/1_Orchestration/node_availability.yaml) * [Describe the Swarm autolock feature.](data/1_Orchestration/swarm_autolock.yaml) @@ -100,8 +98,6 @@ The goal is to help candidates: * [Understand and describe the types of traffic that flow between the Docker engine, registry, and UCP controllers](data/4_Networking/understand_engine_registry_ucp_traffic.yaml) * [Describe and demonstrate how to deploy a service on a Docker overlay network.](data/4_Networking/deploy_overlay_service.yaml) * [Describe and demonstrate how to troubleshoot container and engine logs to resolve connectivity issues between containers.](data/4_Networking/troubleshoot_container_connectivity.yaml) -* [Describe how to route traffic to Kubernetes pods using ClusterIP and NodePort services.](data/4_Networking/k8s_clusterip_nodeport.yaml) -* [Describe the Kubernetes container network model.](data/4_Networking/describe_kubernetes_container_network_model.yaml) ### Domain 5: Security (15% of exam) @@ -133,8 +129,6 @@ The goal is to help candidates: * [Describe the use of volumes with Docker for persistent storage.](data/6_storage_and_volumes/persistent_storage.yaml) * [Identify the steps to take to clean up unused images on a filesystem and DTR.](data/6_storage_and_volumes/unused_images.yaml) * [Describe and demonstrate how storage can be used across cluster nodes.](data/6_storage_and_volumes/volume_cluster.yaml) -* [Describe how to provision persistent storage to a Kubernetes pod using persistentVolumes.](data/6_storage_and_volumes/persistent_volumes.yaml) -* [Describe the relationship between container storage interface drivers, storageClass, persistentVolumeClaim and volume objects in Kubernetes.](data/6_storage_and_volumes/relationship_storage_volume.yaml) * [Describe tmpfs mounts.](data/6_storage_and_volumes/tmpfs_mounts.yaml) * [Compare storage drivers.](data/6_storage_and_volumes/storage_driver_comparison.yaml) * [Describe docker system df and prune commands.](data/6_storage_and_volumes/system_cleanup.yaml) diff --git a/data/1_Orchestration/k8s_configmap_secret.yaml b/data/1_Orchestration/k8s_configmap_secret.yaml deleted file mode 100644 index 8049a14..0000000 --- a/data/1_Orchestration/k8s_configmap_secret.yaml +++ /dev/null @@ -1,90 +0,0 @@ -questions: - - uuid: 1d7ea4ae-d13b-41e1-a7b0-e7710cf22982 - question: What is the purpose of a ConfigMap in Kubernetes? - answers: - - { value: 'To manage user permissions', correct: false } - - { value: 'To define security policies', correct: false } - - { value: 'To provide configuration data as key-value pairs to Pods', correct: true } - - { value: 'To store container logs', correct: false } - help: https://kubernetes.io/docs/concepts/configuration/configmap/ - - - uuid: b4b776f4-cd20-4f59-a9bb-2f98ee0e40fa - question: What is the key difference between a ConfigMap and a Secret in Kubernetes? - answers: - - { value: 'Secrets can only be used with StatefulSets', correct: false } - - { value: 'Secrets are base64-encoded and used for sensitive data', correct: true } - - { value: 'ConfigMaps are encrypted by default', correct: false } - - { value: 'Secrets cannot be mounted into Pods', correct: false } - help: https://kubernetes.io/docs/concepts/configuration/secret/ - - - uuid: a5c85058-e6c9-4ff8-96e0-40e8c6c6a561 - question: How can a ConfigMap be used inside a Pod? - answers: - - { value: 'Only in init containers', correct: false } - - { value: 'As environment variables or mounted as files', correct: true } - - { value: 'As part of the container image', correct: false } - - { value: 'By injecting them into kube-proxy', correct: false } - help: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/ - - - uuid: 316db2d0-c5e1-4eb6-98be-77c0866e6166 - question: What must be done before referencing a ConfigMap in a Pod? - answers: - - { value: 'It must be encoded in base64', correct: false } - - { value: 'It must be imported from a Helm chart', correct: false } - - { value: 'The ConfigMap must exist in the same namespace', correct: true } - - { value: 'It must be mounted to the kubelet', correct: false } - help: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/ - - - uuid: fcb7b2e6-5584-4f34-8755-58900169f169 - question: Which of the following is true about Secrets in Kubernetes? - answers: - - { value: 'They are encrypted with TLS by default', correct: false } - - { value: 'They are stored in etcd as plaintext', correct: false } - - { value: 'They can only be accessed via the API', correct: false } - - { value: 'They can be mounted as volumes into containers', correct: true } - help: https://kubernetes.io/docs/concepts/configuration/secret/ - - - uuid: 82184f47-6502-46ea-8d97-cc7e23acb4bb - question: How do you expose a key from a ConfigMap as an environment variable? - answers: - - { value: 'Use envFrom or env in the container spec', correct: true } - - { value: 'Use volumesFrom', correct: false } - - { value: 'Reference the ConfigMap in a PVC', correct: false } - - { value: 'Use args in the container spec', correct: false } - help: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/ - - - uuid: b243f486-c775-4b59-b52f-26e9ae5a64b0 - question: What should you do to prevent secrets from being visible in environment variables? - answers: - - { value: 'Mount the secret as a volume instead', correct: true } - - { value: 'Disable the container’s shell access', correct: false } - - { value: 'Use initContainers to obfuscate secrets', correct: false } - - { value: 'Run containers with non-root user', correct: false } - help: https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod - - - uuid: 7d847e10-5037-41dc-beb3-96f72862a172 - question: Where are Kubernetes Secrets stored by default? - answers: - - { value: 'In etcd', correct: true } - - { value: 'In kubelet memory', correct: false } - - { value: 'In the container filesystem', correct: false } - - { value: 'In Docker volumes', correct: false } - help: https://kubernetes.io/docs/concepts/configuration/secret/#security-properties - - - uuid: af9619a7-f9b9-4a96-814f-6d23480fe312 - question: Which Kubernetes field is used to mount a Secret as a volume? - answers: - - { value: 'env.secret', correct: false } - - { value: 'spec.secretName', correct: false } - - { value: 'volumes.secret.secretName', correct: true } - - { value: 'args.secretFile', correct: false } - help: https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod - - - uuid: 01f4a764-9a5c-4b77-b204-ef3e94b6b91a - question: How can a ConfigMap or Secret be updated without restarting the Pod? - answers: - - { value: 'It’s not possible', correct: false } - - { value: 'Use projected volumes with subPath disabled', correct: true } - - { value: 'Update the image and re-deploy', correct: false } - - { value: 'Use ephemeral containers', correct: false } - help: https://kubernetes.io/docs/concepts/configuration/configmap/#mounted-configmaps-are-updated-automatically diff --git a/data/1_Orchestration/k8s_pods_deployments.yaml b/data/1_Orchestration/k8s_pods_deployments.yaml deleted file mode 100644 index 7e75fb1..0000000 --- a/data/1_Orchestration/k8s_pods_deployments.yaml +++ /dev/null @@ -1,90 +0,0 @@ -questions: - - uuid: d0d87db1-2fe0-426c-a49f-0c2c60c472b1 - question: What is the minimum required field in a Kubernetes Pod manifest? - answers: - - { value: 'labels', correct: false } - - { value: 'spec', correct: true } - - { value: 'containers', correct: false } - - { value: 'metadata', correct: false } - help: https://kubernetes.io/docs/concepts/workloads/pods/ - - - uuid: a99b73b1-09d1-4cb6-b3a0-593a2910a789 - question: Which object in Kubernetes is used to manage the lifecycle and scaling of Pods? - answers: - - { value: 'Service', correct: false } - - { value: 'ReplicaSet', correct: false } - - { value: 'Pod', correct: false } - - { value: 'Deployment', correct: true } - help: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/ - - - uuid: f7d8e74e-47e4-48aa-bf17-f20be1f3a9c0 - question: What is the primary benefit of using a Deployment instead of a standalone Pod? - answers: - - { value: 'Automatic rollout and scaling', correct: true } - - { value: 'Simplified volume configuration', correct: false } - - { value: 'Faster startup', correct: false } - - { value: 'Pod affinity rules', correct: false } - help: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/ - - - uuid: 3596ef84-30ef-4cf1-8362-79cba4ee9fd5 - question: What command creates a Deployment from a container image? - answers: - - { value: 'kubectl run pod nginx', correct: false } - - { value: 'kubectl deploy image nginx', correct: false } - - { value: 'kubectl create deployment myapp --image=nginx', correct: true } - - { value: 'kubectl apply -f pod.yaml', correct: false } - help: https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#create - - - uuid: 9f52d7fb-17d9-4ab1-b9b6-6dd5f41e0f0e - question: Which Kubernetes resource ensures a specified number of Pods are always running? - answers: - - { value: 'ConfigMap', correct: false } - - { value: 'Secret', correct: false } - - { value: 'Deployment', correct: true } - - { value: 'Service', correct: false } - help: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/ - - - uuid: b8e3c3a2-77a4-4d90-bd1f-1eab94f377c1 - question: How can you declaratively deploy a Pod in Kubernetes? - answers: - - { value: 'Using a YAML manifest with `kubectl apply -f`', correct: true } - - { value: 'Using Docker Compose', correct: false } - - { value: 'Using `kubectl exec`', correct: false } - - { value: 'Using docker run', correct: false } - help: https://kubernetes.io/docs/tasks/run-application/run-single-instance-stateful-application/ - - - uuid: 5bb4c3dc-9428-4938-8c3e-9e0ee1e4200f - question: Which field in a Deployment manifest specifies the container image to run? - answers: - - { value: 'spec.selector.image', correct: false } - - { value: 'spec.template.spec.containers.image', correct: true } - - { value: 'metadata.image', correct: false } - - { value: 'spec.imagePullPolicy', correct: false } - help: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/ - - - uuid: 4cd9971a-932f-4e12-94e9-832e33e19d10 - question: What happens when you change the image in a Deployment spec and reapply the manifest? - answers: - - { value: 'The deployment fails', correct: false } - - { value: 'All Pods are stopped and restarted at once', correct: false } - - { value: 'Nothing happens', correct: false } - - { value: 'Kubernetes performs a rolling update of the Pods', correct: true } - help: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#updating-a-deployment - - - uuid: 4abf4c56-d6ea-48c2-beb3-b29d486b1e7e - question: Which field in a Deployment manifest allows you to set the number of Pods? - answers: - - { value: 'spec.count', correct: false } - - { value: 'metadata.replicas', correct: false } - - { value: 'containers.replicas', correct: false } - - { value: 'spec.replicas', correct: true } - help: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/ - - - uuid: 9e922c82-f3f3-499b-9cc5-8a4f21e9c3b9 - question: How do you expose a Deployment so it can be accessed outside the cluster? - answers: - - { value: 'Add port mapping in the deployment manifest', correct: false } - - { value: 'Use pod-level IP forwarding', correct: false } - - { value: 'Create a Service of type NodePort or LoadBalancer', correct: true } - - { value: 'Use kubectl expose with type=internal', correct: false } - help: https://kubernetes.io/docs/concepts/services-networking/service/ diff --git a/data/4_Networking/describe_kubernetes_container_network_model.yaml b/data/4_Networking/describe_kubernetes_container_network_model.yaml deleted file mode 100644 index ab16d3f..0000000 --- a/data/4_Networking/describe_kubernetes_container_network_model.yaml +++ /dev/null @@ -1,117 +0,0 @@ -questions: - - uuid: 14596cd3-0c20-47aa-bd2a-bba765352315 - question: What is a core principle of the Kubernetes Container Network Interface (CNI) model? - answers: - - { value: 'All Pods can communicate with all other Pods without NAT', correct: true } - - { value: 'Each Pod must manually configure NAT', correct: false } - - { value: 'Pods can only communicate within the same namespace', correct: false } - - { value: 'Each Pod has multiple IPs by default', correct: false } - help: https://kubernetes.io/docs/concepts/cluster-administration/networking/ - - - uuid: 68952c0c-bb62-4e59-9911-c9dc3b7e3e1e - question: In Kubernetes, what does each Pod receive in terms of networking? - answers: - - { value: 'An IP tied to its namespace', correct: false } - - { value: 'A unique IP address', correct: true } - - { value: 'No IP address until a service is created', correct: false } - - { value: 'A shared IP with the node', correct: false } - help: https://kubernetes.io/docs/concepts/cluster-administration/networking/ - - - uuid: 97bdb862-c891-44c7-8889-e0e22e50754f - question: What is the purpose of a CNI plugin in Kubernetes? - answers: - - { value: 'To load balance external traffic', correct: false } - - { value: 'To manage ingress controllers', correct: false } - - { value: 'To create DNS entries for services', correct: false } - - { value: 'To configure network interfaces for Pods', correct: true } - help: https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/ - - - uuid: e6523cb3-e99b-4cd8-88d2-bd8be25c4c4b - question: What is the key function of kube-proxy in the Kubernetes networking model? - answers: - - { value: 'Assigns IPs to Pods', correct: false } - - { value: 'Acts as a DHCP server for containers', correct: false } - - { value: 'Maintains network rules on nodes to allow service access', correct: true } - - { value: 'Routes DNS queries to external resolvers', correct: false } - help: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - - - uuid: 963a0ad1-8991-4d19-b087-23b84fd13712 - question: Which networking assumption is required by Kubernetes for inter-Pod communication? - answers: - - { value: 'No NAT between Pods', correct: true } - - { value: 'Pods communicate only via services', correct: false } - - { value: 'DNS must be configured manually', correct: false } - - { value: 'Pods must use host networking', correct: false } - help: https://kubernetes.io/docs/concepts/cluster-administration/networking/#requirements - - - uuid: 03ef515e-812a-4b84-8b68-8c9ac67a05e7 - question: What networking model does Kubernetes enforce for communication? - answers: - - { value: 'Container-to-node NAT model', correct: false } - - { value: 'Hierarchical network model with segmented routing', correct: false } - - { value: 'IP-over-IP overlay model', correct: false } - - { value: 'Flat network model where Pods have full routability', correct: true } - help: https://kubernetes.io/docs/concepts/cluster-administration/networking/#kubernetes-model - - - uuid: e2c9645a-09c0-4aa4-8e4c-76179f7a42a4 - question: What is the role of a Kubernetes Service in the network model? - answers: - - { value: 'It assigns IPs to Pods', correct: false } - - { value: 'It manages ingress controllers', correct: false } - - { value: 'It provides stable network endpoints for accessing Pods', correct: true } - - { value: 'It replaces kube-dns', correct: false } - help: https://kubernetes.io/docs/concepts/services-networking/service/ - - - uuid: 2aa6ff98-f105-44df-9a63-4e6df3c734cf - question: How does Kubernetes ensure service discovery in the cluster? - answers: - - { value: 'By using static host files', correct: false } - - { value: 'By requiring manual IP configuration in Pods', correct: false } - - { value: 'By using DNS records created by kube-dns/CoreDNS', correct: true } - - { value: 'By injecting IPs into environment variables only', correct: false } - help: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ - - - uuid: 1782764a-2fcf-4643-a1d8-2434b45c7cf7 - question: What is the difference between ClusterIP, NodePort, and LoadBalancer in Kubernetes? - answers: - - { value: 'They configure ingress network policies', correct: false } - - { value: 'They control which namespace a Service belongs to', correct: false } - - { value: 'They define how a Service is exposed inside or outside the cluster', correct: true } - - { value: 'They assign IP addresses to nodes', correct: false } - help: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - - - uuid: 2754d9f5-b82e-4f7d-9a7a-1e2f3b07e3ac - question: Which Service type should you use to expose an application externally without an external load balancer? - answers: - - { value: 'ClusterIP', correct: false } - - { value: 'ExternalName', correct: false } - - { value: 'NodePort', correct: true } - - { value: 'Headless', correct: false } - help: https://kubernetes.io/docs/concepts/services-networking/service/#nodeport - - - uuid: e0db5b13-d0d2-4041-bb12-e631a4265a47 - question: What is a headless service in Kubernetes? - answers: - - { value: 'A service that has no DNS entry', correct: false } - - { value: 'A service without a cluster IP, used for direct Pod-to-Pod communication', correct: true } - - { value: 'A service without labels', correct: false } - - { value: 'A deprecated type of service', correct: false } - help: https://kubernetes.io/docs/concepts/services-networking/service/#headless-services - - - uuid: 95bcb9ee-7fc7-44a0-99d1-5a28b5b42f6f - question: What is the main role of a NetworkPolicy in Kubernetes? - answers: - - { value: 'To route ingress traffic', correct: false } - - { value: 'To create CNI plugins', correct: false } - - { value: 'To assign IPs to services', correct: false } - - { value: 'To restrict traffic between Pods and namespaces', correct: true } - help: https://kubernetes.io/docs/concepts/services-networking/network-policies/ - - - uuid: 570f42f3-21e7-4a90-b146-9f2c7fd85b4e - question: Can Kubernetes guarantee pod-to-pod communication across all nodes without additional setup? - answers: - - { value: 'Yes, always by default', correct: false } - - { value: 'Only when using NodePort services', correct: false } - - { value: 'No, communication is restricted by default', correct: false } - - { value: 'Only if a proper CNI plugin implementing the flat network model is installed', correct: true } - help: https://kubernetes.io/docs/concepts/cluster-administration/networking/ diff --git a/data/4_Networking/k8s_clusterip_nodeport.yaml b/data/4_Networking/k8s_clusterip_nodeport.yaml deleted file mode 100644 index 5cae727..0000000 --- a/data/4_Networking/k8s_clusterip_nodeport.yaml +++ /dev/null @@ -1,72 +0,0 @@ -questions: - - uuid: 6237a39b-6ad2-4db3-a68b-41c10d7f4e8e - question: What is the default Kubernetes service type for exposing a pod? - answers: - - { value: 'ClusterIP', correct: true } - - { value: 'LoadBalancer', correct: false } - - { value: 'Ingress', correct: false } - - { value: 'NodePort', correct: false } - help: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - - - uuid: b23b2f0d-32da-47f6-92f0-53cb8b9991ea - question: How does a ClusterIP service route traffic to a pod? - answers: - - { value: 'It creates an Ingress rule pointing to the pod', correct: false } - - { value: 'It assigns a floating IP to each pod', correct: false } - - { value: 'It exposes the pod directly on the public IP of the node', correct: false } - - { value: 'It creates a virtual IP accessible only inside the cluster and forwards traffic to pod endpoints', correct: true } - help: https://kubernetes.io/docs/concepts/services-networking/service/#clusterip - - - uuid: 8743182b-9834-4baf-a8b6-c292d7ee3b31 - question: Which statement about NodePort services is correct? - answers: - - { value: 'They assign an external IP to each pod', correct: false } - - { value: 'They expose the service on a static port on each Node’s IP', correct: true } - - { value: 'They are only available inside the cluster', correct: false } - - { value: 'They allow external access through a Kubernetes Ingress only', correct: false } - help: https://kubernetes.io/docs/concepts/services-networking/service/#nodeport - - - uuid: 17a00a80-246e-4723-8167-e42eb2c6dd7b - question: What is the default port range used for NodePort services in Kubernetes? - answers: - - { value: '1024–2048', correct: false } - - { value: '8080–8888', correct: false } - - { value: '30000–32767', correct: true } - - { value: '20000–24000', correct: false } - help: https://kubernetes.io/docs/concepts/services-networking/service/#nodeport - - - uuid: b3ec8d85-b187-4d4e-b7bb-02d19464d816 - question: How can you access a pod exposed by a NodePort service? - answers: - - { value: 'Using kubectl proxy only', correct: false } - - { value: 'Using the ClusterIP address over the internet', correct: false } - - { value: 'Using the pod IP directly from outside the cluster', correct: false } - - { value: 'Using :', correct: true } - help: https://kubernetes.io/docs/concepts/services-networking/service/#nodeport - - - uuid: e9c7fa91-f800-49b4-8fd9-8a84d93352c1 - question: What is a key limitation of ClusterIP services? - answers: - - { value: 'They can only expose UDP traffic', correct: false } - - { value: 'They require a public IP for every pod', correct: false } - - { value: 'They conflict with kube-dns', correct: false } - - { value: 'They are not reachable from outside the Kubernetes cluster', correct: true } - help: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - - - uuid: 307b1f11-4ee3-44d2-b6e5-1de9e55e9698 - question: What is the purpose of kube-proxy in the context of ClusterIP and NodePort services? - answers: - - { value: 'It manages the node firewall for secure access', correct: false } - - { value: 'It runs Ingress controllers on each node', correct: false } - - { value: 'It assigns DNS names to services', correct: false } - - { value: 'It programs iptables/ipvs rules to route traffic to service endpoints', correct: true } - help: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - - - uuid: a8fa66b6-7028-4a11-b62b-342ba57d16aa - question: What command can you use to expose a pod using a NodePort service? - answers: - - { value: 'kubectl expose pod mypod --port=80 --type=NodePort', correct: true } - - { value: 'kubectl publish pod mypod --port=80', correct: false } - - { value: 'kubectl run mypod --expose=NodePort', correct: false } - - { value: 'kubectl port-forward mypod 80:80', correct: false } - help: https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#expose diff --git a/data/6_storage_and_volumes/persistent_volumes.yaml b/data/6_storage_and_volumes/persistent_volumes.yaml deleted file mode 100644 index 97b0644..0000000 --- a/data/6_storage_and_volumes/persistent_volumes.yaml +++ /dev/null @@ -1,126 +0,0 @@ -questions: - - uuid: 5c3f8f61-3e19-4e6f-9a3f-6f3f1f5c2a11 - question: Which Kubernetes object should an application reference in order to mount persistent storage? - answers: - - { value: 'A PersistentVolume (PV) directly in the Pod spec', correct: false } - - { value: 'A ConfigMap with the disk path', correct: false } - - { value: 'A PersistentVolumeClaim (PVC) referenced in the Pod spec', correct: true } - - { value: 'A StorageClass directly in the Pod spec', correct: false } - help: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#claims-as-volumes - - - uuid: 9a9c8a2c-4c2b-4b2a-8b8b-2d3b5f2b1a77 - question: What is the typical sequence for dynamic provisioning of storage? - answers: - - { value: 'Create CSI Driver → Pod mounts disk without PVC', correct: false } - - { value: 'Create Pod → PVC is autogenerated → PV is optional', correct: false } - - { value: 'Create PV → Pod mounts PV directly → StorageClass is optional', correct: false } - - { value: 'Create StorageClass → Create PVC → Kubernetes dynamically creates a matching PV → Pod mounts the PVC', correct: true } - help: https://kubernetes.io/docs/concepts/storage/storage-classes/ - - - uuid: 3c1b4b93-0a8d-4d2e-b1d1-8e5c9fcb92e4 - question: Which fields MUST a PVC specify to request storage? - answers: - - { value: 'reclaimPolicy and volumeMode', correct: false } - - { value: 'accessModes and resources.requests.storage', correct: true } - - { value: 'mountOptions and fsType', correct: false } - - { value: 'nodeSelector and tolerations', correct: false } - help: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims - - - uuid: e2e9f6a4-0b2c-4f8c-9e51-bf1a8f9c3c6d - question: How does a Pod mount a PVC? - answers: - - { value: 'Use hostPath pointing to the PV', correct: false } - - { value: 'Reference the PV name directly in volumeMounts', correct: false } - - { value: 'Add a volume with persistentVolumeClaim.claimName and mount it via volumeMounts in the container', correct: true } - - { value: 'Set storageClassName in the Pod spec', correct: false } - help: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#claims-as-volumes - - - uuid: 6f3a1a2e-2f7a-4002-8f7e-7d6a9b2f553d - question: Which access mode allows a volume to be mounted read-write by a single node? - answers: - - { value: 'WriteOnlyMany (WOM)', correct: false } - - { value: 'ReadWriteMany (RWX)', correct: false } - - { value: 'ReadWriteOnce (RWO)', correct: true } - - { value: 'ReadOnlyMany (ROX)', correct: false } - help: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes - - - uuid: 1a7b2d51-6f67-4f26-9878-64d6e5859234 - question: Which access mode is typically required to share the same volume across multiple Pods on different nodes? - answers: - - { value: 'Any access mode works', correct: false } - - { value: 'ReadOnlyMany (ROX) only', correct: false } - - { value: 'ReadWriteMany (RWX)', correct: true } - - { value: 'ReadWriteOnce (RWO)', correct: false } - help: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes - - - uuid: 7b6a3a53-0a5f-4da1-8c18-298e2f0256ab - question: What does the StorageClass reclaimPolicy 'Delete' do when a bound PVC is deleted? - answers: - - { value: 'It converts the PV to a ConfigMap', correct: false } - - { value: 'It deletes the underlying PV and the external storage resource', correct: true } - - { value: 'It snapshots the PV and then retains it', correct: false } - - { value: 'It retains the PV but clears the data', correct: false } - help: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#reclaiming - - - uuid: 4d8e2f42-6e6a-4c20-9d6a-1b2a6d2a8caa - question: 'What is the effect of setting StorageClass parameter `volumeBindingMode: WaitForFirstConsumer`?' - answers: - - { value: 'Delays PV provisioning and binding until a Pod is scheduled, enabling topology-aware placement', correct: true } - - { value: 'Forces immediate PV creation on all nodes', correct: false } - - { value: 'Makes the PVC read-only until a Pod starts', correct: false } - - { value: 'Requires manual PV creation', correct: false } - help: https://kubernetes.io/docs/concepts/storage/storage-classes/#volume-binding-mode - - - uuid: 0f4aa9b1-6a1c-4f1a-a1b6-0c0a86d9b5f7 - question: Which volumeMode writes a raw block device into the container instead of a mounted filesystem? - answers: - - { value: 'fsType: block', correct: false } - - { value: 'mountOptions: block', correct: false } - - { value: 'volumeMode: Block', correct: true } - - { value: 'volumeMode: Filesystem', correct: false } - help: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#raw-block-volume-support - - - uuid: 2e4f6cb8-0c8a-4b1c-9d7d-8f3d9c2b7c66 - question: For static provisioning, what must be true for a PV to bind to a PVC? - answers: - - { value: 'The PV must be created after the PVC', correct: false } - - { value: 'PV capacity ≥ PVC request, accessModes compatible, and StorageClass (or none) matches', correct: true } - - { value: 'PV and PVC must have identical names', correct: false } - - { value: 'The PV must be in the same namespace', correct: false } - help: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#binding - - - uuid: c8b6342d-0e56-4f0e-9b16-0b9df2f2b4c1 - question: How do you request dynamic provisioning using the cluster’s default StorageClass? - answers: - - { value: 'Reference the CSI Driver directly in the Pod', correct: false } - - { value: 'Set accessModes to RWX only', correct: false } - - { value: 'Create a PVC without specifying storageClassName (or set it to the default class name)', correct: true } - - { value: 'Create a PV first and omit the StorageClass', correct: false } - help: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#dynamic - - - uuid: a9d0b1c7-6f77-40d0-8c92-8f5a1a7b1e12 - question: Which command shows whether a PVC has been bound to a PV? - answers: - - { value: 'kubectl get sc --show-bound', correct: false } - - { value: 'kubectl get pv -n ', correct: false } - - { value: 'kubectl get pvc -o wide (STATUS should be Bound)', correct: true } - - { value: 'kubectl describe pod only', correct: false } - help: https://kubernetes.io/docs/tasks/configure-pod-container/configure-persistent-volume-storage/ - - - uuid: 1f6f0d7a-8c28-4b2b-8c4f-1b2c9e7f6e40 - question: Which statement about hostPath volumes is TRUE for production use? - answers: - - { value: 'They are node-local and not recommended for multi-node Pod portability', correct: true } - - { value: 'They support RWX across nodes by default', correct: false } - - { value: 'They automatically replicate data', correct: false } - - { value: 'They are dynamically provisioned like PVCs', correct: false } - help: https://kubernetes.io/docs/concepts/storage/volumes/#hostpath - - - uuid: 0e7c20d4-23a8-4d1c-9a1f-1a7f2e7b3c9d - question: To allow PVC filesystem expansion after creation, what must be enabled? - answers: - - { value: 'StorageClass allowVolumeExpansion: true and supported driver; Pod may need restart to resize fs', correct: true } - - { value: 'Set reclaimPolicy: Expand', correct: false } - - { value: 'PVC accessModes must include RWX', correct: false } - - { value: 'Annotate the PV with resize.kubernetes.io/true', correct: false } - help: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#expanding-persistent-volumes-claims diff --git a/data/6_storage_and_volumes/relationship_storage_volume.yaml b/data/6_storage_and_volumes/relationship_storage_volume.yaml deleted file mode 100644 index 60b1dd3..0000000 --- a/data/6_storage_and_volumes/relationship_storage_volume.yaml +++ /dev/null @@ -1,81 +0,0 @@ -questions: - - uuid: 4eac18b5-46df-46ce-b92b-1825d3c47c1f - question: What is the role of a CSI (Container Storage Interface) driver in Kubernetes? - answers: - - { value: 'It handles network ingress rules', correct: false } - - { value: 'It provides the plugin implementation to provision and manage external storage systems', correct: true } - - { value: 'It configures Docker overlay2 drivers', correct: false } - - { value: 'It stores Pod logs in the node filesystem', correct: false } - help: https://kubernetes.io/docs/concepts/storage/volumes/#csi - - - uuid: 1b44b8f8-6d36-4f77-9d92-2c8573f0b87a - question: What is the relationship between a StorageClass and a CSI driver? - answers: - - { value: 'A StorageClass directly mounts a volume into a Pod', correct: false } - - { value: 'A StorageClass defines parameters and policies for provisioning storage through a CSI driver', correct: true } - - { value: 'They are unrelated objects in Kubernetes', correct: false } - - { value: 'A CSI driver creates PVCs automatically', correct: false } - help: https://kubernetes.io/docs/concepts/storage/storage-classes/ - - - uuid: 5d2a7a6d-2306-4474-88bc-75d5f4c0b0dd - question: What happens when a PersistentVolumeClaim (PVC) is created with a StorageClass? - answers: - - { value: 'The PVC creates a tmpfs volume', correct: false } - - { value: 'The PVC replaces the CSI driver configuration', correct: false } - - { value: 'The PVC directly binds to the Pod without a PV', correct: false } - - { value: 'Kubernetes requests the CSI driver (through the StorageClass) to dynamically provision a PersistentVolume (PV)', correct: true } - help: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#dynamic - - - uuid: 64fa91c4-59fd-4c56-9b64-d0f1f1e38f50 - question: What is the role of a PersistentVolume (PV) in Kubernetes? - answers: - - { value: 'It only exists for in-memory storage', correct: false } - - { value: 'It is used to manage node labels', correct: false } - - { value: 'It is the actual representation of the storage resource provisioned by the CSI driver', correct: true } - - { value: 'It is a Pod configuration file', correct: false } - help: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistent-volumes - - - uuid: 4a3c82e5-3f91-44ff-9b26-18638e62a8de - question: How does a Pod use storage provisioned by a CSI driver? - answers: - - { value: 'The Pod spec defines a volume that references a PVC, which is bound to a PV provisioned by the CSI driver', correct: true } - - { value: 'The Pod uses a ConfigMap to access the volume', correct: false } - - { value: 'The Pod directly references the CSI driver', correct: false } - - { value: 'The Pod mounts the StorageClass directly', correct: false } - help: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#claims-as-volumes - - - uuid: 3cc8a6b3-dc94-42a2-9158-8c80f91f4aaf - question: Which Kubernetes object is responsible for defining volume access modes like ReadWriteOnce or ReadWriteMany? - answers: - - { value: 'StorageClass', correct: false } - - { value: 'Pod spec', correct: false } - - { value: 'CSI Driver', correct: false } - - { value: 'PersistentVolumeClaim (PVC)', correct: true } - help: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes - - - uuid: a9382b20-39a7-4ec3-bb6f-4a62e3b2f3ac - question: Which object connects user requests for storage to the actual provisioned volume? - answers: - - { value: 'CSI Driver directly', correct: false } - - { value: 'StorageClass', correct: false } - - { value: 'kubectl create volume', correct: false } - - { value: 'PersistentVolumeClaim (PVC)', correct: true } - help: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#binding - - - uuid: e1f1f6e2-914c-4769-8510-56f1f7e9a3cc - question: What does 'WaitForFirstConsumer' volumeBindingMode in a StorageClass ensure? - answers: - - { value: 'The PV is shared by all namespaces automatically', correct: false } - - { value: 'The PV is always provisioned immediately', correct: false } - - { value: 'The PVC becomes read-only', correct: false } - - { value: 'PV provisioning is delayed until a Pod using the PVC is scheduled, enabling topology-aware placement', correct: true } - help: https://kubernetes.io/docs/concepts/storage/storage-classes/#volume-binding-mode - - - uuid: 5e4f7a17-2d66-4f7a-87d6-5f1a66c7a48e - question: Which statement BEST describes the overall relationship of CSI, StorageClass, PVC, PV, and Pod volume? - answers: - - { value: 'StorageClass and PVC are optional aliases for ConfigMaps', correct: false } - - { value: 'PV and PVC are identical objects with different names', correct: false } - - { value: 'CSI driver implements storage, StorageClass defines how to provision it, PVC requests it, PV represents it, and Pod volume consumes it', correct: true } - - { value: 'CSI driver provisions PVCs, StorageClass creates Pods, PV defines namespaces, and Pod uses CSI directly', correct: false } - help: https://kubernetes.io/docs/concepts/storage/persistent-volumes/