Kubernetes Advanced Quiz
← Back to Kubernetes Quiz
Welcome! ☸️
Instructions :
Select the best answer for each question.
Your score will be shown at the end.
Aim for 100% to earn the Kubernetes Expert status!
Helm is the package manager for Kubernetes meant for managing complex applications via Charts.
What is a Taint and Toleration used for?
Taints repel pods. Tolerations allow pods to schedule on tainted nodes.
NetworkPolicy acts as a firewall for pods, controlling traffic flow at the IP address or port level (Layer ¾).
What is RBAC in Kubernetes?
RBAC regulates access to computer or network resources based on the roles of individual users.
Which component is the single source of truth for the cluster?
etcd is the consistent, highly-available key-value store for all cluster data.
What is a Sidecar container?
A Sidecar runs in the same Pod, sharing the network and storage, assisting the main app (e.g., logging, proxy).
What is the purpose of a Horizontal Pod Autoscaler (HPA)?
HPA scales the number of Pod replicas (horizontal scaling).
What is a CRD (Custom Resource Definition)?
CRDs extend the K8s API with your own object types.
What command would you use to drain a node for maintenance?
kubectl drain safely evicts all pods from a node, respecting PDBs.
What is a PodDisruptionBudget (PDB)?
PDBs ensure high availability during voluntary disruptions (like node maintenance) by ensuring a minimum number of pods remain running.
What happens if you have both HPA and VPA (Vertical Pod Autoscaler) on the same metric?
Running HPA and VPA on the same metric (e.g., CPU) is not recommended as they will fight over the resource size vs replica count.
In Kubernetes Networking, what is the role of CNI (Container Network Interface)?
CNI plugins (Calico, Flannel) are responsible for inserting a network interface into the container namespace and assigning it an IP address.
What is the effect of automountServiceAccountToken: false in a Pod spec?
Disabling automounting prevents the Pod from accessing the API server unless explicitly configured, which reduces the attack surface.
What is OOMKilled (Exit Code 137)?
OOMKilled means "Out Of Memory". The process was terminated by the Linux OOM Killer because it exceeded its cgroup memory limit.
What is the purpose of an Admission Controller?
Admission Controllers (Validating/Mutating) intercept requests after authentication/authorization but before the object is saved to etcd. They can reject requests or modify objects (e.g., injecting sidecars).
What is the readOnlyRootFilesystem security context used for?
This security setting hardens the container by preventing writes to the root filesystem, thwarting many persistent attacks.
How does etcd maintain consistency?
etcd uses the Raft consensus algorithm to ensure data consistency across the cluster quorum.
What is an Operator in Kubernetes?
An Operator is a software extension that uses custom resources to manage applications and their components (encoding operational knowledge into software).
If a Node goes into NotReady state, how long does Kubernetes wait before evicting pods (default)?
The pod-eviction-timeout defaults to 5 minutes . After this, the controller manager will taint the node to evict pods.
What is kube-proxy's "IPVS" mode?
IPVS mode scales much better than iptables for clusters with thousands of Services because it uses hash tables instead of linear lists.
Quiz Progress
0 / 0 questions answered
(0% )
0 correct
Quiz Complete!
0%
Reset quiz
📚 Study Guides
📬 Weekly DevOps, Cloud & Gen AI quizzes & guides