Explore fundamental concepts and practical details of Google Kubernetes Engine with this focused quiz. Enhance your understanding of GKE architecture, node management, networking, and security for efficient containerized application deployment.
In a Google Kubernetes Engine cluster, which component is primarily responsible for scheduling pods and maintaining the desired state as defined in deployments?
Explanation: The control plane is responsible for managing cluster-wide decisions, such as scheduling pods and ensuring the cluster remains in the desired state based on deployment specifications. Node pools provide the worker nodes but do not make scheduling decisions. ReplicaSet ensures a specific number of pod replicas but does not handle scheduling at the cluster level. A container registry is a storage location for container images and does not directly control cluster operations.
When scaling workloads in GKE, what is the main advantage of using multiple node pools within a single cluster?
Explanation: Using multiple node pools allows you to have different machine types and configurations within one cluster, which lets you tailor resources according to workload requirements. This makes the environment more flexible but does not directly increase pod startup speed. Network encryption is not managed through node pools, and namespaces are still needed for resource isolation and organization.
Which GKE resource would you typically use to expose an application to external internet traffic, for example, providing public access to a web service?
Explanation: LoadBalancer Service provisions an external load balancer that routes internet traffic to the application, making it accessible from outside the cluster. ConfigMap is for configuration data, not networking. DaemonSet ensures a copy of a pod runs on each node, primarily for background tasks. Job is used for running batch or finite tasks rather than handling network exposure.
What is the main purpose of enabling Workload Identity in a GKE environment running sensitive data processing applications?
Explanation: Workload Identity allows each workload to assume a unique identity, controlling access to other services and enabling secure access based on least privilege. It does not disable service accounts but integrates with them for secure authentication. Pod scheduling speed is unrelated, and Workload Identity does not change traffic permissions between clusters.
Suppose you observe that some pods are repeatedly being evicted due to lack of memory. Which GKE setting should you adjust to reduce the likelihood of such evictions?
Explanation: Setting appropriate memory requests and limits ensures that pods get enough memory to run, reducing the chance of eviction. Decreasing the replica count may reduce total resource use but doesn’t address the core issue for each pod. Changing the cluster endpoint affects API accessibility, not memory allocation. Reducing the node pool size may worsen resource shortages and lead to more evictions.