Kubernetes Developer Learning Center: Answer Key

Code Module Challenges

Run Kubernetes locally with Kind and deploy a 12 factor app

Q: In Codebase (1st factor), what file would you typically write to package and run code within a container

A: Dockerfile

Q: When storing and accessing config (the 3rd factor), where is the best place to do this in Kubernetes?

A: ConfigMap

Q: With "Build, Release, Run" (the 5th factor), should you consider using a multi-stage Dockerfile build? Bonus points if you can describe in one sentence what benefits multi-stage builds enable

A: Yes; results in smaller and/or more secure container images

Q: For "Dev/Prod Parity" (10th factor) how many Dockerfiles should you consider creating and maintaining for each application?

A: 1

Q: What is the best practice in Kubernetes for running a one-off Admin Process (12th factor)?

A: Job or CronJob

Packaging code in containers with Docker and Buildpacks

Q: Should application and the containers they are packaged in be designed/defined to be "ephemeral?"

A: Yes

Q: What is the primary use of multi-stage build Dockerfiles?

A: To reduce image size / security attack surface

Q: Who first conceived/created the concept of buildpacks?

A: Heroku

Q: Name a popular buildpack provider

A: Heroku, Google, Paketo

Q: How many layers are included in the latest Ambassador Edge Stack (AES) image?

A: 33 (although this may change over time!)

Make code changes quickly with K8s, Skaffold, and Telepresence

Q: Do you write code in the inner or outer dev loop?

A: Inner

Q: Do you run integration tests in the inner or outer dev loop?

A: Outer

Q: Why would someone introduce Skaffold into their inner dev loop?

A: High fidelity dev environment

Q: What command do you use to start skaffold in development mode?

A: skaffold dev

Q: Why would someone introduce Telepresence into their inner dev loop?

A: Fast feedback loops when writing code

Q: What command connects your local machine to the remote cluster?

A: telepresence connect

Continuous Integration with GitHub Actions

Q: What problem did continuous integration solve?

A: Infrequent integrations caused too many problems, integrating all the time made it less painful

Q: Are all of the CI tools shown in the CNCF landscape open source?

A: No tools can be listed in the CNCF landscape because they play a vital role in the Cloud Native ecosystem.

Q: Why did Jenkins X get developed when Jenkins still exists?

A: To better support Cloud Native applications running in Kubernetes.

Ship Module Challenges

GitOps: Continuous deployment best practices for Kubernetes

Q: What two properties of software are we generally trying to achieve as a team/company from implementing effective continuous delivery (CD)?

A: Speed and stability

Q: With a Docker-based CD pipeline what would be the typical artifact that is stored in a registry and used for all of the testing and verification steps?

A: A container image with the application installed

Q: Name one mechanism/pattern that can be used to separate deployment and release of an application

A: blue/green or canary

Q: What four Kubernetes objects can you use to deploy an application via a CD pipeline?

A: ReplicaSet, Deployment, StatefulSet, DaemonSet

Q: What is the best Kubernetes object to use to run a one-off task, such as a database migration, when releasing an application

A: Job or CronJob

Q: Where should configuration be stored when adopting a GitOps model? When deploying to Kubernetes as part of a GitOps CD pipeline, should you apply this configuration using a CLI tool like kubectl?

A: Git (or version control), and no

Q: What two features of Kubernetes are useful for defining custom configuration and synchronizing (converging) from config stored in a repository to the state of a cluster?

A: Custom Resource Definitions (CRDs); and Operators

Understanding progressive delivery and deploying apps with ArgoCD

Q: Does Flux allow individual RBAC configuration for target deployment environments?

A: Yes

Q: List three supported manifest formats for ArgoCD

A: Kustomize, Hel, Ksonnet, YAML, "Any custom config management tool configured as a config management plugin"

Q: What other software build/delivery feature does Jenkins X support in addition to continuous delivery (CD)

A: Continuous Integration (CI)

Getting deeper with progressive delivery and canary releases

Q: Why do we need Argo Rollouts? What are the disadvantages of the default deployment methods built into Kubernetes?

A: Argo Rollouts enables fine-grained canary releasing via ingress or service mesh traffic management. The default deployment methods only allow pod-level canary releasing

How do blue/green deployments work? Pros/cons with canary deployments?

A: Create a new deployment and route all traffic to this. Easier to implement, but provides less safety

Q: How do canary deployments work? Pros/cons with blue/green deployments?

A: Create a new deployment and incrementally route all traffic to this over a number of iterations (checking for success/failure at each increment)

GitOps and canary releasing: Joining the dots by combining Argo CD and Rollouts

Q: What is the standard practice for GitOps rollbacks? Should a GitOps tool be able to rewrite the configuration?

A: (Trick question) There is no standard practice. And the community is still debating whether GitOps tools should be able to rewrite config :)

Q: In the opinion of the Soluto team, what is a “good traffic percentage” to give a canary?

A: A canary should handle between 5% to 10% of your total traffic.

Q: Provide two examples of good metrics to measure when canarying?

A: Success rate, error rate, latency, throughput, processing time

Q: What is the purpose of a smoke test in a CD pipeline?

A: Verify the complete application works (before releasing into production)

Run Module Challenges

K8s Traffic Management: Emissary-ingress + Linkerd

Q: What is Linkerd's ingress mode and why is it that Emissary users don't need it?

A:

  • Ingress mode overrides ingress routing decisions to redirect to Kubernetes services. Emissary's default behavior is to route to Kubernetes services by default.
  • Ingress mode supercharges the proxy and allows for faster responses. Emissary is already so fast it doesn't need it.
  • Ingress mode overrides ingress routing decisions to redirect to kubernetes services. Emissary already chooses endpoints via consul and we don't want to interfere with that.

Day 2 Operations

Q: Name three topics that are important in day 2 operations

A: Any three of automation, security, reliability, observability, shared ownership (dev, ops, and SRE)

Q: What are game days?

A: A game day simulates a failure or event to test systems, processes, and team responses. The purpose is to actually perform the actions the team would perform as if the failure or event happened and learn how to improve.

Q: Name three issues or situations that would benefit from a development team running a blameless postmortem

A:

  • Major outages that affect end users
  • Repeated incidents
  • Failed deployments
  • Security breaches
  • Data loss
  • Missed deadlines

Observability with Prometheus and Grafana

Q: Explain at least three benefits of being able to observe components in your Kubernetes Cluster:

A: Visibility of system, understanding of performance, troubleshooting etc

Q: In your own words, describe how Prometheus and Grafana work together in a Kubernetes Cluster

A: Prometheus scrapes metrics from the Kubernetes API, middleware/data stores, and a developer’s services and applications. Grafana can be used to display these metrics visually using customizable dashboards

Adding Service Metadata with K8s Annotations

Full service ownership

Q: Who should take ownership for software when it's running in production?

A: Everyone (or not just ops)

Q: Name three types of metadata that should be associated (and easily accessible) with a service running in production.

A: Name, owner, comms, runbook, dashboards etc

Q: In order to embrace full cycle development the Netflix team say that "Knowledge is necessary but not sufficient" What other things do they believe are essential?

A: Tools for deployment pipelines and monitoring