Quiz Which command lists all Pods in the current namespace?kubectl get pods [why: This is the standard command to list all Pods in the current namespace.]kubectl list pods [why: There is no list subcommand in kubectl.]kubectl pods [why: pods is a resource, not a standalone command.]kubectl ps [why: ps is a Linux process listing command, not a Kubernetes command.]Submit The kubectl get pods command lists all Pods in the current namespace by default. Add -A to show Pods across all namespaces. Which object is responsible for ensuring the desired number of Pods are running?DaemonSet [why: Ensures one Pod per node, not a specific count.]StatefulSet [why: Manages ordered, persistent Pods but not generic counts.]ReplicaSet [why: It maintains a specified number of identical Pods by creating or deleting them as needed.]Job [why: Ensures completion of tasks, not persistent Pod count.]Submit ReplicaSets monitor and maintain the number of replicas specified in their configuration to match the desired state. What does the kubectl describe pod command do?Shows detailed information about a specific Pod, including events and status [why: It provides verbose details like labels, containers, IPs, and recent events.]Shows only Pod names [why: That’s what kubectl get pods does, not describe.]Deletes the Pod [why: The delete command is used to remove resources.]Creates a new Pod [why: apply or create are used to add resources, not describe.]Submit kubectl describe provides detailed resource information useful for debugging Pod failures or scheduling issues. Which controller ensures a Pod runs on every node?ReplicaSet [why: Ensures a set number of Pods exist globally, not per node.]Deployment [why: Manages ReplicaSets and rolling updates, not one-per-node Pods.]DaemonSet [why: Deploys one Pod per node, commonly used for logging and monitoring agents.]StatefulSet [why: Provides stable identifiers and volumes, not per-node deployment.]Submit DaemonSets are ideal for node-level agents such as log shippers, metrics collectors, and network tools. What is the smallest deployable unit in Kubernetes?Pod [why: A Pod is the smallest unit that can be deployed and managed in Kubernetes.]Node [why: A node runs Pods but is not deployed via Kubernetes workloads.]Container [why: Containers are part of Pods; Pods are the actual deployable units.]ReplicaSet [why: Controls Pods but isn’t itself a workload unit.]Submit Pods encapsulate one or more containers, storage, and networking resources as the basic execution unit. What is the default namespace in Kubernetes?kube-system [why: Reserved for system-level components.]kube-public [why: Used for cluster-wide public resources.]default [why: User-created resources without a specified namespace go here by default.]kube-node-lease [why: Used for node heartbeats, not user workloads.]Submit The default namespace is where Kubernetes places user workloads when no namespace is specified. Which command shows the cluster’s API resources?kubectl api-resources [why: Lists all resource kinds supported by the API server.]kubectl get api [why: There’s no such subcommand.]kubectl describe api [why: Doesn’t list resource types; used for describing specific resources.]kubectl resources [why: Not a valid command.]Submit kubectl api-resources displays all resource types and their short names, namespaces, and API groups. Which object provides stable network identity for a set of Pods?Deployment [why: Ensures rollout of Pods, not networking identity.]Service [why: Provides a consistent virtual IP and DNS name for Pods.]ReplicaSet [why: Manages Pod replicas but doesn’t handle networking.]Ingress [why: Handles external HTTP/S access, not internal service discovery.]Submit Services provide stable internal networking and load balancing for Pods, even when Pods are replaced. Which Kubernetes resource is used to store confidential data?Secret [why: Stores sensitive data like tokens or passwords, encoded and mounted securely.]ConfigMap [why: Stores non-sensitive configuration data.]PersistentVolume [why: Provides storage, not configuration or secrets.]Role [why: Used for RBAC permissions, not data storage.]Submit Secrets keep sensitive information separate from code, and can be injected into Pods via environment variables or volumes. Which file defines how a Kubernetes object should be created?Manifest file [why: A YAML or JSON file describing object metadata, spec, and desired state.]kubeconfig [why: Configures client connection, not objects.]Dockerfile [why: Builds container images, not Kubernetes resources.]ServiceAccount [why: Controls access, not object definition.]Submit Kubernetes manifests define resources declaratively so they can be version-controlled and applied with kubectl apply. What is the purpose of kubectl apply?Deletes a resource [why: delete removes resources, not apply.]Creates or updates resources declaratively from manifests [why: It compares desired vs actual state and reconciles them.]Lists resources [why: get lists, apply manages configuration.]Runs a Pod interactively [why: run is used to launch a Pod directly.]Submit kubectl apply declaratively manages configuration, enabling continuous reconciliation of resource definitions. What is the default network model in Kubernetes?Flat, routable Pod network [why: All Pods can communicate directly without NAT by default.]NAT-based network [why: Kubernetes avoids NAT between Pods for simplicity.]Segmented per-node network [why: Not the default; overlays or policies can add segmentation.]External-only network [why: Pods need internal networking to function.]Submit Kubernetes networking assumes every Pod can reach every other Pod directly using its IP. Which command displays cluster node information?kubectl get pods [why: Lists Pods, not nodes.]kubectl get nodes [why: Shows node names, status, roles, and versions.]kubectl describe cluster [why: Not a valid command.]kubectl show nodes [why: No show command in kubectl.]Submit kubectl get nodes lists the nodes registered in your cluster along with their status and roles. Which controller ensures completed Pods don’t restart?Deployment [why: Used for long-running workloads.]ReplicaSet [why: Ensures Pod count, not job completion.]Job [why: Runs Pods to completion and doesn’t restart successful ones.]StatefulSet [why: Manages ordered Pods with persistent identity.]Submit Jobs are ideal for one-time tasks like batch processing or migrations. What is the difference between a ReplicaSet and a Deployment?They’re identical [why: A Deployment manages ReplicaSets but adds rollout control.]Deployment manages ReplicaSets and handles rolling updates [why: Deployments add versioning, rollback, and declarative updates.]ReplicaSet handles rollbacks [why: It doesn’t; Deployments do.]ReplicaSet manages multiple Deployments [why: Reverse relationship; Deployments manage ReplicaSets.]Submit Deployments provide a higher-level abstraction for updates and rollbacks on top of ReplicaSets. Which Kubernetes component schedules Pods to nodes?kubelet [why: Runs Pods on nodes but doesn’t schedule them.]kube-scheduler [why: Assigns Pods to nodes based on constraints and resources.]kube-controller-manager [why: Handles replication and other controllers, not scheduling.]etcd [why: Key-value store for cluster state, not scheduling.]Submit The kube-scheduler evaluates resource availability and assigns Pods to suitable nodes. Which API resource provides cluster configuration for users?ConfigMap [why: Stores configuration for applications, not cluster access.]Secret [why: Stores sensitive data, not kubeconfig information.]kubeconfig [why: Defines cluster connection details, authentication, and context for users.]ServiceAccount [why: Grants in-cluster access for Pods, not external users.]Submit kubeconfig files store credentials, cluster API URLs, and contexts for user access. What is a ServiceAccount used for?Assigning RBAC roles to users [why: RBAC Roles are bound to Subjects; ServiceAccounts are for Pods.]Providing Pods with in-cluster identity [why: Enables Pods to authenticate with the API server.]Managing network policies [why: NetworkPolicies define traffic rules, not access credentials.]Storing environment variables [why: That’s done via ConfigMaps or Secrets.]Submit ServiceAccounts are automatically mounted into Pods to provide secure in-cluster authentication tokens. What does kubectl logs show?Output from a container running in a Pod [why: Displays standard output and error logs for debugging.]Event history for a Pod [why: kubectl describe pod shows events.]Node system logs [why: Node logs are external to kubectl logs.]Resource usage metrics [why: Use kubectl top for metrics.]Submit kubectl logs retrieves container logs directly from the Kubernetes API. Which command runs a temporary Pod for debugging?kubectl logs [why: Shows logs but doesn’t create Pods.]kubectl run -it --rm [why: Creates an interactive Pod that deletes itself afterward.]kubectl debug node [why: Used to debug node issues, not ephemeral Pods.]kubectl exec -it [why: Executes into existing Pods, doesn’t create new ones.]Submit kubectl run -it --rm launches a throwaway interactive container useful for quick debugging. Which command allows you to execute a command inside a running Pod?kubectl exec -it pod-name -- command [why: Executes an interactive shell or command inside an existing container.]kubectl run [why: Creates a new Pod; does not exec into an existing one.]kubectl attach [why: Attaches to output of the main process; doesn’t start a new command.]kubectl connect [why: Not a valid kubectl subcommand.]Submit kubectl exec is used to run commands inside containers for debugging or manual inspection. What is the role of the kubelet?Ensures containers described in PodSpecs are running [why: It monitors Pods on its node and reports status to the API server.]Assigns Pods to nodes [why: That’s the scheduler’s job.]Stores cluster state [why: etcd stores state, not the kubelet.]Controls networking between nodes [why: Managed by CNI plugins, not kubelet.]Submit The kubelet is the node agent that makes sure containers are healthy and running as expected. Which component stores the cluster’s configuration and state?kube-scheduler [why: Handles scheduling, not persistent storage.]etcd [why: Serves as the distributed key-value store backing all cluster data.]kubelet [why: Manages Pods on nodes, not cluster state.]API server [why: Fronts the control plane but persists state in etcd.]Submit etcd stores all configuration and state data that define the cluster’s desired and current state. Which command lists available contexts in your kubeconfig?kubectl get contexts [why: Not a valid subcommand; use config view or get-contexts.]kubectl config get-contexts [why: Lists contexts with cluster, user, and namespace info.]kubectl show-contexts [why: Doesn’t exist.]kubectl config list [why: Not a valid config verb.]Submit kubectl config get-contexts shows all contexts defined in your kubeconfig file. Which type of Service exposes an application on a static IP outside the cluster?ClusterIP [why: Exposes only internally within the cluster.]NodePort [why: Exposes on each node’s port, not a stable external IP.]LoadBalancer [why: Provisions an external IP via the cloud provider for external access.]ExternalName [why: Maps a DNS name to an external service, not a load balancer IP.]Submit LoadBalancer Services integrate with cloud provider APIs to expose apps externally with stable IPs. Which Kubernetes object defines access rules within a namespace?Role [why: Grants permissions to resources within a single namespace.]ClusterRole [why: Applies cluster-wide, not limited to a namespace.]ServiceAccount [why: Represents an identity, not permissions.]ConfigMap [why: Stores configuration data, not permissions.]Submit Roles specify allowed actions on resources within a namespace, paired with RoleBindings. What is the difference between a Role and a ClusterRole?Role is cluster-wide [why: False; Role is namespace-scoped.]ClusterRole is namespace-scoped [why: Incorrect; it’s cluster-scoped.]Role applies to one namespace, ClusterRole applies cluster-wide [why: That’s the correct scope distinction.]They are identical [why: They differ in their scope and where they’re bound.]Submit ClusterRoles grant permissions across all namespaces; Roles are confined to a single namespace. What does a ConfigMap store?Non-sensitive key-value configuration data [why: Used for environment variables, config files, and command arguments.]Secrets [why: Secrets store sensitive data separately.]Pod logs [why: Logs are transient output, not configuration.]Node metrics [why: Metrics are runtime data, not configuration.]Submit ConfigMaps separate configuration from container images to improve portability. Which command deletes a resource?kubectl stop [why: Deprecated command; replaced by delete.]kubectl delete [why: Removes resources specified by name, file, or label selector.]kubectl remove [why: Not a valid kubectl subcommand.]kubectl clear [why: Doesn’t exist; deletion handled by delete.]Submit kubectl delete cleanly removes resources, triggering appropriate cleanup controllers. Which controller manages the rollout and rollback of application versions?Deployment [why: Automates rolling updates and version rollbacks using ReplicaSets.]ReplicaSet [why: Manages Pods but not version history.]StatefulSet [why: Focuses on ordered deployment with persistence.]DaemonSet [why: Ensures one Pod per node, not version control.]Submit Deployments abstract ReplicaSets to enable declarative versioned updates to applications. Which Kubernetes resource defines how Pods communicate externally via HTTP/HTTPS?Service [why: Provides stable internal networking but doesn’t manage HTTP routing.]Ingress [why: Manages HTTP routing, SSL termination, and host/path-based rules.]ConfigMap [why: Used for configuration, not networking routes.]Role [why: Manages permissions, not traffic.]Submit Ingress controllers handle inbound HTTP/S traffic routing to Services inside the cluster. What does the kubectl top command display?CPU and memory usage for Pods or nodes [why: Uses Metrics Server to show resource utilization.]Disk usage [why: Kubernetes doesn’t report disk stats with top.]Events [why: Use kubectl get events for that.]Logs [why: Use kubectl logs instead.]Submit kubectl top helps monitor resource consumption for capacity planning and performance debugging. Which resource defines persistent storage in Kubernetes?PersistentVolume [why: Abstracts storage backend and provides lifecycle-managed storage resources.]ConfigMap [why: Stores configuration, not storage.]Pod [why: Consumes storage, doesn’t define it.]Service [why: Provides networking, not storage.]Submit PersistentVolumes decouple storage provisioning from Pods, allowing reuse across workloads. Which resource requests specific storage for a Pod?PersistentVolume [why: Defines storage supply, not demand.]PersistentVolumeClaim [why: Represents a request for storage by a Pod.]StorageClass [why: Defines dynamic provisioning behavior, not the claim itself.]Secret [why: Stores credentials, not storage requests.]Submit PersistentVolumeClaims abstract how Pods request storage independently from the underlying infrastructure. What is a StatefulSet primarily used for?Managing stateful applications needing stable identity [why: Provides predictable names and persistent volumes per Pod.]Stateless workloads [why: Use Deployments for that.]Batch jobs [why: Use Jobs or CronJobs for that purpose.]Node agents [why: DaemonSets run node-level agents.]Submit StatefulSets guarantee stable Pod names and persistent storage for databases and stateful workloads. What does a Kubernetes Taint do?Prevents Pods from being scheduled unless tolerated [why: It marks nodes to repel certain Pods unless a matching Toleration exists.]Forces Pods onto a node [why: That’s an Affinity rule, not a Taint.]Deletes unresponsive nodes [why: Node controller handles that, not Taints.]Changes Pod priority [why: PriorityClasses handle scheduling priority.]Submit Taints and Tolerations work together to control which Pods can be scheduled on specific nodes. Which concept defines Pod scheduling preference rather than enforcement?Taint [why: Prevents scheduling unless tolerated.]Node Affinity (preferredDuringSchedulingIgnoredDuringExecution) [why: Expresses soft scheduling preferences that the scheduler tries to honor.]Toleration [why: Allows Pods onto tainted nodes but doesn’t express preference.]Selector [why: Filters resources, doesn’t define preference strength.]Submit Preferred affinities allow gentle steering of Pods toward specific nodes without hard enforcement. Which command upgrades a running Deployment to a new image?kubectl set image deployment/myapp mycontainer=newimage:tag [why: Updates the container image field in the Deployment.]kubectl rollout undo [why: Rolls back to a previous version, not upgrade.]kubectl apply -f pod.yaml [why: Creates or updates individual Pods; not used for Deployment rolling updates.]kubectl edit node [why: Modifies node config, not workloads.]Submit Use kubectl set image to trigger a rolling update for Deployments. Which object ensures recurring job execution on a schedule?Job [why: Runs once to completion, not scheduled.]CronJob [why: Wraps Jobs and schedules them using cron syntax.]Deployment [why: Maintains long-running Pods, not scheduled Jobs.]DaemonSet [why: Runs Pods per node, not per time schedule.]Submit CronJobs are ideal for periodic tasks like backups, cleanup, or reports. Which resource defines policies controlling network traffic between Pods?Role [why: Manages RBAC, not networking.]NetworkPolicy [why: Specifies allowed ingress and egress traffic between Pods.]ConfigMap [why: Holds configuration, not firewall rules.]Ingress [why: Handles external traffic, not Pod-to-Pod security.]Submit NetworkPolicies enable fine-grained network segmentation and zero-trust design inside clusters. What is the function of an Admission Controller?Intercepts API requests to enforce policies or mutate objects [why: Validates and modifies requests before persistence in etcd.]Schedules Pods [why: Scheduler handles placement, not admission.]Controls node networking [why: Not its function; CNI handles that.]Manages user authentication [why: Handled earlier by API server authentication chain.]Submit Admission Controllers enforce governance, security, and compliance at resource creation time. What does kubectl rollout undo do?Reverts a Deployment to its previous revision [why: It rolls back to the last successful ReplicaSet version.]Deletes the Deployment [why: That’s kubectl delete.]Pauses a rollout [why: kubectl rollout pause handles that.]Shows rollout status [why: kubectl rollout status reports progress.]Submit Rollback restores a Deployment’s prior configuration, useful after a bad release. Which field in a Pod manifest specifies resource limits?resources.limits [why: Defines maximum CPU/memory usage per container.]spec.replicas [why: Used in Deployments, not Pods.]spec.containers.env [why: Defines environment variables, not resources.]spec.volumes [why: Defines volumes, not resource constraints.]Submit Resource limits prevent any single container from consuming excessive CPU or memory. Which command shows all API versions supported by the cluster?kubectl api-versions [why: Lists API groups and versions exposed by the API server.]kubectl get versions [why: Not a valid subcommand.]kubectl version [why: Shows client/server version info, not API groups.]kubectl get api [why: Invalid subcommand.]Submit kubectl api-versions lists available API groups to verify supported resource versions. Which resource defines storage provisioning templates?StorageClass [why: Describes how volumes are dynamically provisioned and reclaimed.]PersistentVolumeClaim [why: Requests storage, doesn’t define how to create it.]Secret [why: Stores sensitive data, not storage settings.]Pod [why: Consumes storage but doesn’t define storage classes.]Submit StorageClasses enable dynamic storage provisioning and abstract backend details like disk type or performance. What is the function of kube-proxy?Manages virtual networking and Service IP routing on nodes [why: Maintains iptables/ipvs rules for Services.]Schedules Pods [why: The scheduler does that.]Stores cluster config [why: etcd holds cluster state.]Controls container runtime [why: kubelet interfaces with the runtime, not kube-proxy.]Submit kube-proxy maintains network rules so Services and Pods can communicate reliably. What is a Pod Security Policy (PSP)?A deprecated policy for defining allowed security contexts [why: PSP restricted Pod privilege levels and was replaced by Pod Security Standards.]A NetworkPolicy type [why: NetworkPolicy controls traffic, not security contexts.]A RoleBinding [why: RBAC manages permissions, not security posture.]An Admission Controller plugin [why: PSPs were enforced via admission, but not identical.]Submit PSPs controlled Pod-level security but are deprecated in favor of PodSecurity admission controls. Which Kubernetes feature limits resource consumption per namespace?ResourceQuota [why: Defines maximum CPU, memory, and object counts per namespace.]LimitRange [why: Sets per-Pod or per-container min/max, not namespace-wide totals.]NetworkPolicy [why: Controls traffic, not resources.]Role [why: Manages permissions, not resource usage.]Submit ResourceQuotas ensure fair resource distribution and prevent namespace overconsumption. Which command displays running controllers and their versions?kubectl get deployment -n kube-system [why: Shows controllers running as Deployments in the system namespace.]kubectl controllers [why: Invalid subcommand.]kubectl describe nodes [why: Describes nodes, not controllers.]kubectl get pods [why: Shows Pods but not specifically controllers.]Submit System controllers often run as Deployments inside the kube-system namespace. Which scheduling concept prevents Pods with specific labels from sharing the same node?Pod Anti-Affinity [why: Ensures Pods with matching labels avoid co-location on a single node.]Taint [why: Repels Pods globally, not label-based co-location.]NodeSelector [why: Forces placement on matching nodes but doesn’t separate Pods.]Toleration [why: Lets Pods tolerate taints; doesn’t enforce anti-placement.]Submit Pod Anti-Affinity helps distribute workloads for redundancy and high availability. Which Kubernetes command displays current cluster context?kubectl config current-context [why: Prints the active context name from kubeconfig.]kubectl show context [why: Not a valid subcommand.]kubectl get-context [why: Missing the correct prefix (config).]kubectl use-context [why: Switches context; doesn’t display it.]Submit Contexts represent combinations of cluster, user, and namespace in the kubeconfig file. Which field defines the restart behavior for failed containers?restartPolicy [why: Controls whether a container restarts on failure; valid values: Always, OnFailure, Never.]livenessProbe [why: Detects failure but doesn’t control restart policy directly.]readinessProbe [why: Determines traffic eligibility, not restarts.]backoffLimit [why: Used by Jobs, not general Pods.]Submit restartPolicy dictates how Kubernetes handles container restarts within a Pod.