Advanced Topics

Advanced Topics Quiz

Quiz

Question 1 of 30 (0 answered)

Question 1

What is the primary purpose of a Finalizer in Kubernetes?

To speed up resource deletion To block deletion until cleanup tasks are completed To automatically scale resources To encrypt resource data

✓

Correct!

A Finalizer is a metadata key that blocks Kubernetes from deleting a resource until the controller has completed its cleanup tasks. It ensures graceful deletion by allowing cleanup of external resources, closing connections, etc.

✗

Incorrect

Think about what happens when you need to release external resources before deletion.

Question 2

Creating a Custom Resource Definition (CRD) automatically provisions the underlying infrastructure (like pods or services) for that resource.

True False

✓

Correct!

CRDs alone only define the schema - they don’t create actual infrastructure. To automate actions when CRD instances are created, you need a controller/operator that watches for those resources and creates the necessary Kubernetes objects.

✗

Incorrect

Consider what happens when you apply a Database CRD without any operator installed.

Question 3

Which of the following are true about the relationship between Operators and CRDs?

An Operator combines a CRD with a Controller CRDs can function independently without Operators Operators encapsulate domain-specific operational knowledge Operators can only manage database applications

✓

Correct!

Operator = CRD + Controller. CRDs can exist independently (just storing data in etcd), but Operators add automation. Operators encapsulate domain knowledge and can manage any type of application, not just databases.

✗

Incorrect

Think about what each component does independently and together.

Question 4

Arrange the deletion flow with Finalizers in the correct order:

Drag to arrange in the correct order

⋮⋮ User runs kubectl delete

⋮⋮ deletionTimestamp is set, resource enters Terminating state

⋮⋮ Controller detects deletionTimestamp and performs cleanup

⋮⋮ Controller removes finalizers after cleanup completes

⋮⋮ Resource is removed from etcd

✓

Correct!

The finalizer flow is: deletion initiated → deletionTimestamp set → controller performs cleanup → finalizers removed → actual deletion from etcd.

✗

Incorrect

The finalizer flow is: deletion initiated → deletionTimestamp set → controller performs cleanup → finalizers removed → actual deletion from etcd.

Question 5

In admission webhook execution, which type of webhook runs first?

Validating webhooks run first Mutating webhooks run first They run simultaneously The order depends on webhook priority

✓

Correct!

Mutating webhooks run first to modify the object (inject sidecars, set defaults), then validating webhooks run to approve or reject the (possibly modified) object before it’s persisted to etcd.

✗

Incorrect

Mutating webhooks run first to modify the object (inject sidecars, set defaults), then validating webhooks run to approve or reject the (possibly modified) object before it’s persisted to etcd.

Consider why you’d want one type to see the results of the other.

Question 6

In Istio, what CRD is used to control routing and define where traffic goes (e.g., for canary deployments)?

✓

Correct!

VirtualService controls routing decisions - where traffic goes. It’s used for traffic splitting (canary deployments), URL-based routing, and more. DestinationRule, in contrast, defines how traffic behaves at the destination.

✗

Incorrect

It’s a two-word resource that describes the ‘virtual’ nature of the service routing.

Question 7

What does this kubectl command do?

kubectl patch pod my-pod -p '{"metadata":{"finalizers":[]}}' --type=merge

What will this code output?

Adds a new finalizer to the pod Removes all finalizers from the pod (force cleanup) Lists all finalizers on the pod Restarts the pod with new finalizers

✓

Correct!

This command manually removes all finalizers by setting an empty array. This is typically used when a resource is stuck in ‘Terminating’ state because the controller that should remove the finalizer is not functioning.

✗

Incorrect

Setting an empty array effectively clears all existing values.

Question 8

Service Mesh primarily handles north-south (ingress/egress) traffic rather than east-west (service-to-service) traffic.

True False

✓

Correct!

Service Mesh primarily handles east-west (service-to-service) traffic within the cluster through sidecar proxies. North-south traffic handling is an optional integration typically through gateway components like Istio Ingress Gateway.

✗

Incorrect

Think about what ‘mesh’ implies - connections between many services.

Question 9

Which features does a Service Mesh typically provide?

Mutual TLS (mTLS) encryption between services Circuit breaker patterns Container image building Distributed tracing Pod scheduling decisions

✓

Correct!

Service Mesh provides mTLS for encryption, circuit breakers for resilience, and distributed tracing for observability. Container image building and pod scheduling are handled by other components (CI/CD and kube-scheduler respectively).

✗

Incorrect

Focus on features related to service-to-service communication and observability.

Question 10

What is the key difference between a Validating Webhook and a Mutating Webhook?

Validating webhooks run before mutating webhooks Validating webhooks can modify requests, mutating webhooks cannot Mutating webhooks can modify requests, validating webhooks can only approve/reject They serve identical purposes with different naming conventions

✓

Correct!

Mutating webhooks can modify the request (inject sidecars, set defaults) while validating webhooks can only approve or reject the request. Mutating runs first so validating can check the final modified object.

✗

Incorrect

The names indicate their primary action: mutate (change) vs validate (check).

Question 11

In Helm terminology, what is a running instance of a chart called?

✓

Correct!

A Release is an instance of a chart running in the cluster. You can have multiple releases of the same chart (e.g., my-postgres-dev and my-postgres-prod from the same postgresql chart).

✗

Incorrect

A Release is an instance of a chart running in the cluster. You can have multiple releases of the same chart (e.g., my-postgres-dev and my-postgres-prod from the same postgresql chart).

Think about what happens when you ‘install’ a chart.

Question 12

Complete the Helm command to install a chart with custom values:

Fill in the flag to specify a values file

helm install my-postgres bitnami/postgresql _____ values.yaml

Your answer:

✓

Correct!

The -f or --values flag specifies a YAML file containing custom values to override chart defaults.

✗

Incorrect

The -f or --values flag specifies a YAML file containing custom values to override chart defaults.

Question 13

Arrange these Helm hook types in their typical execution order during an upgrade:

Drag to arrange in the correct order

⋮⋮ pre-upgrade

⋮⋮ post-upgrade

⋮⋮ pre-rollback

⋮⋮ post-rollback

✓

Correct!

During an upgrade: pre-upgrade runs before upgrade, post-upgrade runs after. If rollback is needed: pre-rollback runs before rollback, post-rollback runs after.

✗

Incorrect

During an upgrade: pre-upgrade runs before upgrade, post-upgrade runs after. If rollback is needed: pre-rollback runs before rollback, post-rollback runs after.

Question 14

In Kustomize, what is the purpose of an ‘overlay’?

To define the common base configuration To apply environment-specific customizations on top of the base To generate ConfigMaps and Secrets To validate YAML syntax

✓

Correct!

An overlay applies environment-specific customizations (dev/staging/prod) on top of the base configuration. This avoids duplication by keeping common config in base and only differences in overlays.

✗

Incorrect

An overlay applies environment-specific customizations (dev/staging/prod) on top of the base configuration. This avoids duplication by keeping common config in base and only differences in overlays.

Think of it as a ’layer’ that goes on top of something else.

Question 15

Kustomize is built into kubectl and doesn’t require installation of a separate tool.

True False

✓

Correct!

Kustomize is built into kubectl. You can use kubectl apply -k or kubectl kustomize directly without installing any additional tools.

✗

Incorrect

Kustomize is built into kubectl. You can use kubectl apply -k or kubectl kustomize directly without installing any additional tools.

Consider the ‘-k’ flag available in kubectl commands.

Question 16

Which are valid use cases for Kustomize Components?

Optional features that can be enabled in multiple environments Bundling related resources that are enabled/disabled together Replacing Helm charts entirely Avoiding duplication of configuration across overlays

✓

Correct!

Components are for optional, reusable features (like monitoring) that can be enabled across environments. They bundle related resources and avoid duplication. Kustomize and Helm serve different purposes and aren’t direct replacements.

✗

Incorrect

Think about features that are optional but might be needed in multiple environments.

Question 17

What is the fundamental principle of GitOps?

All deployments must use GitHub Actions Git repository is the single source of truth for infrastructure state Manual kubectl commands are preferred over automation Infrastructure changes should never be version controlled

✓

Correct!

GitOps treats Git as the single source of truth. All changes are made via commits, and operators automatically sync the cluster state to match what’s defined in Git, providing audit trails and easy rollbacks.

✗

Incorrect

Consider what makes Git valuable for tracking changes over time.

Question 18

In Istio, what resource type configures traffic policies like connection pools and circuit breakers for a destination?

✓

Correct!

DestinationRule configures how traffic behaves at the destination - connection pools, circuit breakers, load balancing, and subsets. VirtualService controls where traffic goes, DestinationRule controls how it behaves.

✗

Incorrect

It’s a rule that applies to the destination of traffic.

Question 19

What is the relationship between CRDs, Controllers, and Operators?

Operator = CRD + Controller

CRD: Extends Kubernetes API with custom resource types (defines the schema)
Controller: Watches for resources and takes action to reconcile actual state with desired state
Operator: Combines both to automate complex application management, encapsulating domain-specific operational knowledge

Did you get it right?

✓

Correct!

✗

Incorrect

Question 20

What does this Kustomize command do?

kubectl diff -k overlays/production

What will this code output?

Deletes the production overlay Shows differences between current cluster state and what would be applied Creates a diff file for the overlay Compares two different overlays

✓

Correct!

The kubectl diff -k command shows what changes would be made if you applied the kustomization, comparing the desired state (from overlays/production) with the current cluster state. Useful for reviewing changes before applying.

✗

Incorrect

The ‘diff’ subcommand typically compares current vs proposed state.

Question 21

Which patching strategy in Kustomize is best for adding a sidecar container to a deployment?

JSON 6902 Patch Strategic Merge Patch Inline Patch Binary Patch

✓

Correct!

Strategic Merge Patch is best for adding/modifying large sections like containers, volumes, or complex nested structures. JSON 6902 Patch is better for precise modifications of single values.

✗

Incorrect

Strategic Merge Patch is best for adding/modifying large sections like containers, volumes, or complex nested structures. JSON 6902 Patch is better for precise modifications of single values.

Consider which approach handles complex nested structures more naturally.

Question 22

In Helm, the helm template command applies resources directly to the cluster.

True False

✓

Correct!

helm template only renders the templates locally and outputs the generated YAML - it doesn’t apply anything to the cluster. Use helm install or helm upgrade to actually deploy resources.

✗

Incorrect

helm template only renders the templates locally and outputs the generated YAML - it doesn’t apply anything to the cluster. Use helm install or helm upgrade to actually deploy resources.

Think about what ’template’ implies - generating output vs taking action.

Question 23

Which are valid GitOps benefits?

Complete audit trail of all changes Easy rollbacks using git revert Faster container builds Reproducible deployments Reduced manual errors

✓

Correct!

GitOps provides audit trails (git history), easy rollbacks (git revert), reproducible deployments (same commit = same state), and fewer manual errors (automation). Container builds are handled by CI/CD, not GitOps specifically.

✗

Incorrect

Focus on benefits related to using Git as source of truth for infrastructure.

Question 24

When should you use Kustomize vs Helm?

Use Kustomize when:

Managing multiple environments (dev/staging/prod)
Simple overlay/patch patterns needed
Want to avoid templating complexity
Team prefers pure YAML
GitOps workflows

Use Helm when:

Complex applications with many parameters
Need reusable packages across teams
Dependency management required
Installing third-party applications
Want package versioning

Did you get it right?

✓

Correct!

✗

Incorrect

Question 25

What happens when a GitOps operator detects that the cluster state differs from what’s defined in Git?

It alerts the user and waits for manual intervention It automatically applies changes to make the cluster match Git It updates Git to match the current cluster state It deletes the affected resources

✓

Correct!

GitOps operators (like FluxCD or ArgoCD) automatically reconcile the cluster state to match the desired state defined in Git. Git is the source of truth, so the cluster is updated to match Git, not the other way around.

✗

Incorrect

In GitOps, which direction does the synchronization flow?

Question 26

What Helm command would you use to revert to a previous release version?

✓

Correct!

The helm rollback command reverts a release to a previous revision. For example: helm rollback my-release 1 reverts to revision 1.

✗

Incorrect

The helm rollback command reverts a release to a previous revision. For example: helm rollback my-release 1 reverts to revision 1.

Think about what action undoes an upgrade.

Question 27

Complete the kubectl command to apply a Kustomize overlay:

Fill in the flag that specifies a kustomization directory

kubectl apply _____ overlays/production

Your answer:

✓

Correct!

The -k or --kustomize flag tells kubectl to process the directory as a kustomization and apply the rendered output.

✗

Incorrect

The -k or --kustomize flag tells kubectl to process the directory as a kustomization and apply the rendered output.

Question 28

In a Service Mesh like Istio, sidecar proxies are automatically injected into pods when the namespace has the label istio-injection: enabled.

True False

✓

Correct!

Istio uses a mutating admission webhook to automatically inject Envoy sidecar proxies into pods created in namespaces labeled with istio-injection: enabled.

✗

Incorrect

Istio uses a mutating admission webhook to automatically inject Envoy sidecar proxies into pods created in namespaces labeled with istio-injection: enabled.

Think about how Istio gets sidecars into pods without modifying deployment manifests.

Question 29

Which command shows the actual Kubernetes manifests that were deployed by a Helm release?

helm show manifest my-release helm get manifest my-release helm template my-release helm list --manifest my-release

✓

Correct!

helm get manifest shows the actual rendered manifests that were deployed for an existing release. helm template renders templates locally without deploying, and helm show displays chart information, not deployed resources.

✗

Incorrect

You want to ‘get’ information about an existing release.

Question 30

What is the difference between East-West and North-South traffic in the context of Service Mesh?

East-West Traffic (Primary Service Mesh Focus):

Service-to-service communication within the cluster
Pod A ↔ Pod B ↔ Pod C
Handled by sidecar proxies

North-South Traffic (Optional Integration):

Traffic entering or leaving the cluster
External clients → Ingress → Services
Services → External APIs/Databases
Handled by optional gateway components

Did you get it right?

✓

Correct!

✗

Incorrect

Quiz Results

Score

0/0

Accuracy

Right

Wrong

Skipped

Last updated on January 6, 2026

Observability