Assess your understanding of key Kubernetes objects, including Services, ConfigMaps, and Secrets, with scenario-based questions designed to reinforce core concepts. Sharpen your skills by identifying how these resources manage networking, configuration, and sensitive data within Kubernetes clusters.
Which type of Kubernetes Service should you use to expose an application running in your cluster to external clients on the internet?
Explanation: The LoadBalancer Service type automatically provisions an external IP and routes traffic from outside the cluster to the designated pods, making it ideal for exposing applications to the internet. ClusterIP restricts access to within the cluster, NodePort exposes apps on each node's IP and a static port (not directly scalable), and Headless creates no load balancer or ClusterIP, primarily serving for direct pod-to-pod communication or stateful sets.
When deploying an application that needs non-sensitive configuration data, which Kubernetes object is recommended for storing this information?
Explanation: ConfigMaps are specifically designed for storing non-sensitive, configuration-related key-value pairs that pods can consume at runtime. Secrets, on the other hand, are meant for sensitive data like passwords. ServiceAccounts manage workload identities, while PersistentVolume stores persistent data rather than configuration or credentials.
If your application requires access to a database password and you need to keep it private, which Kubernetes resource should be used for storing this credential?
Explanation: Kubernetes Secrets are intended for storing sensitive information, such as passwords or tokens, and they encode data to provide a basic layer of security. ConfigMaps are not intended for confidential data since they are stored in plain text. Services are networking abstractions and do not hold configuration or credentials, and ReplicaSets handle pod replication, not secrets management.
Suppose you have multiple versions of the same application running as separate sets of pods; how does a Kubernetes Service determine which pods to send traffic to?
Explanation: Services use label selectors to determine which pods should receive network traffic, enabling routing to specific versions or sets of pods. Matching by IPs is not feasible due to dynamic IP assignment. Resource limits are used for scheduling, not for service selection, and container image tags are not directly referenced by Services in traffic routing.
If you update a ConfigMap that is already being consumed by running pods, how will those pods automatically receive the updated configuration by default?
Explanation: By default, pods do not immediately receive updates from a changed ConfigMap; they need to be restarted or recreated to load the new values. While mounted ConfigMaps can update files in some cases, most applications will not automatically reload the configuration. The ConfigMap does not block updates, and updating pods only on special nodes is not standard Kubernetes behavior.