Architecture

Cluster Architecture Quiz

Quiz

Question 1 of 30 (0 answered)

Question 1

What are the two main parts of a Kubernetes cluster?

Control Plane & Worker Nodes Master & Slave API Server & kubelet etcd & Pods

✓

Correct!

A Kubernetes cluster consists of two main parts: the Control Plane (the ‘brain’ that manages the cluster) and Worker Nodes (the ‘muscle’ that runs application workloads).

✗

Incorrect

A Kubernetes cluster consists of two main parts: the Control Plane (the ‘brain’ that manages the cluster) and Worker Nodes (the ‘muscle’ that runs application workloads).

Think about management vs execution layers.

Question 2

Which component is responsible for assigning pods to nodes?

kube-controller-manager kube-scheduler kubelet kube-proxy

✓

Correct!

The kube-scheduler is responsible for assigning pods to nodes. It watches for newly created pods that have no node assigned and selects a node for them to run on.

✗

Incorrect

The kube-scheduler is responsible for assigning pods to nodes. It watches for newly created pods that have no node assigned and selects a node for them to run on.

The name gives away its primary function.

Question 3

The kubelet connects to the API server (not the reverse).

True False

✓

Correct!

Correct! The kubelet on each worker node initiates and maintains a connection to the API server using a watch mechanism. The API server does not initiate connections to kubelets.

✗

Incorrect

Correct! The kubelet on each worker node initiates and maintains a connection to the API server using a watch mechanism. The API server does not initiate connections to kubelets.

Consider which direction the persistent connection is established.

Question 4

The _____ component stores all cluster data as a distributed key-value store.

✓

Correct!

etcd is the distributed key-value store that stores all cluster data. It is the single source of truth for the cluster state.

✗

Incorrect

etcd is the distributed key-value store that stores all cluster data. It is the single source of truth for the cluster state.

It’s a four-letter word and acts as the cluster’s database.

Question 5

Which namespace contains Kubernetes system components like CoreDNS and kube-proxy?

default kube-system kube-public kube-node-lease

✓

Correct!

The kube-system namespace contains Kubernetes system components including CoreDNS, kube-proxy, CNI plugins, and metrics-server.

✗

Incorrect

The kube-system namespace contains Kubernetes system components including CoreDNS, kube-proxy, CNI plugins, and metrics-server.

It has ‘system’ in the name.

Question 6

Which of the following are Control Plane components?

kube-api-server kubelet kube-scheduler kube-proxy etcd kube-controller-manager

✓

Correct!

Control Plane components include: kube-api-server, kube-scheduler, etcd, and kube-controller-manager. The kubelet and kube-proxy are Worker Node components.

✗

Incorrect

Control Plane components include: kube-api-server, kube-scheduler, etcd, and kube-controller-manager. The kubelet and kube-proxy are Worker Node components.

Worker nodes run pods; control plane manages the cluster.

Question 7

Which resources are namespace-scoped (not cluster-scoped)?

Pods Nodes Services PersistentVolumes Deployments StorageClasses Secrets

✓

Correct!

Namespace-scoped resources include: Pods, Services, Deployments, and Secrets. Cluster-scoped resources include Nodes, PersistentVolumes, and StorageClasses.

✗

Incorrect

Namespace-scoped resources include: Pods, Services, Deployments, and Secrets. Cluster-scoped resources include Nodes, PersistentVolumes, and StorageClasses.

Think about resources that belong to specific teams or projects.

Question 8

In Kubernetes pod-to-pod communication, pods use NAT (Network Address Translation) to communicate.

True False

✓

Correct!

False! Kubernetes uses direct IP connectivity without NAT. Each pod gets its own IP address and can communicate directly with any other pod using that IP, with the CNI plugin handling routing.

✗

Incorrect

False! Kubernetes uses direct IP connectivity without NAT. Each pod gets its own IP address and can communicate directly with any other pod using that IP, with the CNI plugin handling routing.

Kubernetes networking follows a flat network model.

Question 9

What happens when the kube-api-server fails in a cluster?

All pods stop immediately No new changes possible, but workloads keep running All data is lost Worker nodes shut down

✓

Correct!

When the API server fails, no new changes are possible, but existing workloads keep running. Running pods continue to operate because kubelet manages them independently, but you cannot make any cluster modifications.

✗

Incorrect

Think about the separation between control plane and data plane.

Question 10

For an etcd cluster with 3 nodes, the quorum formula (N/2) + 1 means it can tolerate _____ failure(s).

✓

Correct!

With 3 nodes, the quorum is (3/2) + 1 = 2 nodes. This means the cluster can tolerate 1 failure and still maintain quorum with 2 healthy nodes.

✗

Incorrect

With 3 nodes, the quorum is (3/2) + 1 = 2 nodes. This means the cluster can tolerate 1 failure and still maintain quorum with 2 healthy nodes.

Calculate: how many nodes remain if one fails? Is that enough for quorum?

Question 11

What is the first status a namespace enters during deletion?

Deleted Terminating Removing Finalizing

✓

Correct!

When you delete a namespace, it first enters the Terminating status. During this phase, admission controllers prevent new resource creation, all resources are deleted, finalizers are processed, and finally the namespace is removed.

✗

Incorrect

It’s similar to pod deletion status.

Question 12

Arrange these steps in the correct order when creating a Deployment:

Drag to arrange in the correct deployment creation workflow

⋮⋮ User submits deployment manifest

⋮⋮ kubectl sends to API Server

⋮⋮ API Server validates & stores in etcd

⋮⋮ Scheduler assigns Pods to Nodes

⋮⋮ Deployment Controller creates ReplicaSet

⋮⋮ kubelet starts containers

✓

Correct!

The correct workflow is: User submits → kubectl sends to API Server → API Server validates & stores in etcd → Deployment Controller creates ReplicaSet → Scheduler assigns Pods to Nodes → kubelet starts containers.

✗

Incorrect

Question 13

A pod in the ‘app’ namespace needs to connect to a service called ‘postgres’ in the ‘database’ namespace. Which DNS name should it use?

postgres postgres.database postgres.database.svc.cluster.local database.postgres

✓

Correct!

For cross-namespace service access, use the fully qualified DNS name: <service-name>.<namespace-name>.svc.cluster.local. In this case: postgres.database.svc.cluster.local. You can also use the short form postgres.database.

✗

Incorrect

Format: <service-name>.<namespace-name>.svc.cluster.local

Question 14

Namespaces provide complete security boundaries and network isolation by default.

True False

✓

Correct!

False! Namespaces are NOT security boundaries by default. They provide logical separation but not network isolation. Network policies are required for true isolation between namespaces.

✗

Incorrect

False! Namespaces are NOT security boundaries by default. They provide logical separation but not network isolation. Network policies are required for true isolation between namespaces.

Think about what additional resources you need for network isolation.

Question 15

Which of the following are valid reasons to use separate clusters instead of namespaces?

Different teams working on projects Strict security requirements Different Kubernetes versions needed Resource organization Regulatory compliance requirements

✓

Correct!

Use separate clusters for: strict security requirements, different Kubernetes versions, and regulatory compliance. Different teams and resource organization can be handled with namespaces.

✗

Incorrect

When do namespaces become insufficient?

Question 16

Complete this ResourceQuota to limit a namespace to 50 pods and 20Gi memory:

Fill in the missing field name

apiVersion: v1
kind: ResourceQuota
metadata:
  name: compute-quota
spec:
  _____:
    pods: "50"
    requests.memory: 20Gi

Your answer:

✓

Correct!

The hard field in a ResourceQuota spec defines the maximum resource limits that can be consumed in a namespace.

✗

Incorrect

The hard field in a ResourceQuota spec defines the maximum resource limits that can be consumed in a namespace.

Question 17

Your namespace deletion is stuck in ‘Terminating’ status. What is the MOST likely cause?

Network connectivity issues Resources with finalizers Insufficient permissions etcd is full

✓

Correct!

The most common cause of stuck namespace deletion is resources with finalizers that haven’t been properly cleaned up. Other causes include unavailable API services or custom resources without proper cleanup.

✗

Incorrect

What prevents Kubernetes from completing the deletion process?

Question 18

What is the primary difference between stacked and external etcd deployment?

Stacked etcd runs on the same nodes as control plane components, making it simpler but less resilient.

External etcd uses a dedicated cluster separate from control plane nodes, providing better isolation and resilience but with more complexity to manage.

Did you get it right?

✓

Correct!

✗

Incorrect

Question 19

In a production multi-node cluster, control plane nodes should run user workloads to maximize resource utilization.

True False

✓

Correct!

False! In production, control plane nodes should NOT run user workloads. They should be dedicated to cluster management to ensure stability and isolation from worker node failures.

✗

Incorrect

False! In production, control plane nodes should NOT run user workloads. They should be dedicated to cluster management to ensure stability and isolation from worker node failures.

Think about best practices for HA and stability.

Question 20

A LimitRange is configured in the ‘dev’ namespace with a maximum container CPU of 2. A user tries to create a pod requesting 3 CPUs. What happens?

apiVersion: v1
kind: LimitRange
metadata:
  name: limits
  namespace: dev
spec:
  limits:
  - type: Container
    max:
      cpu: 2
      memory: 2Gi

What will this code output?

Pod is created successfully Pod creation is rejected Pod runs with 2 CPUs automatically Warning shown but pod created

✓

Correct!

Pod creation is rejected. When a pod requests resources exceeding the LimitRange maximum, the admission controller rejects the request before the pod is created.

✗

Incorrect

Pod creation is rejected. When a pod requests resources exceeding the LimitRange maximum, the admission controller rejects the request before the pod is created.

LimitRange is enforced at admission time.

Question 21

For high availability, you need an etcd cluster that can tolerate 2 failures. How many etcd nodes should you deploy?

3 4 5 7

✓

Correct!

You need 5 nodes. With 5 nodes, quorum is (5/2)+1 = 3. If 2 nodes fail, you still have 3 healthy nodes, which meets the quorum requirement.

✗

Incorrect

You need 5 nodes. With 5 nodes, quorum is (5/2)+1 = 3. If 2 nodes fail, you still have 3 healthy nodes, which meets the quorum requirement.

Use the formula: (N/2) + 1 for quorum. You need quorum even after 2 failures.

Question 22

Which components are REQUIRED for pod networking to function properly?

CNI Plugin CoreDNS kube-proxy Ingress Controller Metrics Server

✓

Correct!

CNI Plugin (for pod networking) and kube-proxy (for service networking) are required. CoreDNS is highly recommended but technically optional. Ingress Controller and Metrics Server are optional add-ons.

✗

Incorrect

What’s needed for basic pod-to-pod and service communication?

Question 23

Arrange the communication flow when a user runs kubectl get pods:

Drag to arrange in the correct order

⋮⋮ kubectl authenticates with API Server

⋮⋮ API Server sends response to kubectl

⋮⋮ API Server queries etcd

⋮⋮ etcd returns pod data

⋮⋮ User sees pod list

✓

Correct!

The flow is: kubectl authenticates → API Server queries etcd → etcd returns data → API Server responds → User sees results. All cluster operations flow through the API Server.

✗

Incorrect

The flow is: kubectl authenticates → API Server queries etcd → etcd returns data → API Server responds → User sees results. All cluster operations flow through the API Server.

Question 24

The control plane component that handles cloud provider integration (like load balancers and storage) is called _____.

✓

Correct!

The cloud-controller-manager is an optional component that integrates with cloud provider APIs to manage cloud-specific features like load balancers, storage volumes, and routes.

✗

Incorrect

The cloud-controller-manager is an optional component that integrates with cloud provider APIs to manage cloud-specific features like load balancers, storage volumes, and routes.

It has ‘cloud’ and ‘controller’ in its name.

Question 25

When a worker node’s kubelet fails, all pods running on that node immediately stop.

True False

✓

Correct!

False! When kubelet fails, pods keep running because the container runtime continues to operate. However, the pods are no longer managed—kubelet won’t restart failed containers or report status to the control plane.

✗

Incorrect

Think about the separation between container runtime and kubelet.

Question 26

Which component is described as the ‘front-end for the control plane’?

kube-scheduler kube-controller-manager kube-api-server etcd

✓

Correct!

The kube-api-server is the front-end for the control plane. It exposes the Kubernetes API and handles all cluster operations—all communication goes through it.

✗

Incorrect

The kube-api-server is the front-end for the control plane. It exposes the Kubernetes API and handles all cluster operations—all communication goes through it.

It’s the component that all other components and users interact with.

Question 27

What are the three key responsibilities of Worker Nodes?

Run pods (application containers)
Monitor pod health and report status
Provide networking for pods and communicate with control plane

Worker nodes execute workloads while the control plane makes decisions.

Did you get it right?

✓

Correct!

✗

Incorrect

Question 28

What is the best practice for namespace usage in production?

Use the ‘default’ namespace for all workloads Create one namespace per pod Avoid using ‘default’ namespace; create dedicated namespaces Use only ‘kube-system’ for production

✓

Correct!

Best practice is to avoid using the ‘default’ namespace for production workloads. Instead, create dedicated namespaces for different environments (dev, staging, prod) or teams.

✗

Incorrect

Best practice is to avoid using the ‘default’ namespace for production workloads. Instead, create dedicated namespaces for different environments (dev, staging, prod) or teams.

Organization and separation are key in production.

Question 29

All cluster operations must go through the API server for authentication and authorization.

True False

✓

Correct!

True! The API server is the only entry point for all cluster operations. Every request (from kubectl, components, or controllers) must go through the API server where authentication and authorization are enforced.

✗

Incorrect

Think about the centralized control pattern.

Question 30

The component on each worker node that maintains network rules for service routing is called _____.

✓

Correct!

kube-proxy is the network proxy that runs on each worker node. It maintains network rules for service routing and enables pod-to-service communication.

✗

Incorrect

kube-proxy is the network proxy that runs on each worker node. It maintains network rules for service routing and enables pod-to-service communication.

It has ‘proxy’ in its name and handles networking.

Quiz Results

Score

0/0

Accuracy

Right

Wrong

Skipped

Last updated on February 7, 2026

Introduction to K8s Control Plane