DevOps Questions

1. What is maximum number of buckets can be created in an AWS account? (100)
2. Update a string in a 30GB file in Linux
3. Update Aurora Postgres RDS global cluster
4. What is userns in docker
   Docker info | grep <docker root dir>
   cat /etc/subuid
   cat /etc/subgid
5. What should be the starting instruction of dockerfile? FROM or ARG
6. What is datasynk and usecase for it?
7. What are the required alerts for a RDS
8. Copy / replicate a few table from a RDS? What AWS service we can use for this?
9. What is Trunk based development
10. What is the use of Git rebase and difference between git rebase and merge
11. By default how many pull request we can perform on docker hub as an anonymous user (100) and authenticated users (200). Whats needs to be done to increase the pull requests
12. What is lifecycle option in Terraform
13. How to direct custom script logs to Linux system logs i.e. /var/log/message (logger -t, eg. cat test.sh | bash | tee >(logger -t “test”))
14. What are the different types of security scans, one CI-CD should have to confirm DevSecOps functionality
15. See the content of an RPM without installing it. (repoquery -q -l — plugins <package_name>)
16. What is Gitlab Environment and label
17. Name couple of container scanners (trivy & grype)
18. Pod is in “ContainerCreating” state for long time. where to see the logs? (kubectl get events /kubectl describe pod/deployment)
19. Pod is not able to connect/reach to another pod what needs to be checked (k get netpol)
20. How to check type of file in Linux? (file command)
21. umask in Linux (/etc/profile and /etc/login.defs)
22. Log management in Linux
23. what is DR Planning and how to create it?
24. Installing/upgrading/deleting helm release
25. How to veriablised the pom.xml file
26. What is settings.xml file in maven built
27. Blacklist an IP which is continously hitting RDS, raising the CPU utilization. (NACL attached to that particular RDSVPC, orders does matters)
28. There is one use case, see if have any inputs for this:
    Currently service runs every 1 minute. Each run takes 30 seconds, meaning between multiple runs, there is only 30 seconds window.
    Problems statement:
    Currently if the deployment is triggered, it kills old POD without checking if the scheduler is in progress, this causes data issues, since POD is killed abruptly when deployment is triggered, and scheduler was in progress.
    Requirement:
    When deployment is triggered, check OLD POD, if scheduler is in progress, then wait for it to complete, once complete immediately kill the pod and spawn new pod with new deployment. (kubectl lifecycle)
29. Running ansible tasks out of the order
30. Significance of the IP 169.254.169.254
31. GITLAB JOB ERROR: The deployment job is older than the previously succeeded deployment job, and therefore cannot be run (https://forum.gitlab.com/t/multiple-deployment-jobs-per-environment/41301)
32. How k8 authenticates users
33. Checking logs of a container inside a Pod
34. what are the information required for VPC Peering (account number,region,vpcid,cidr to add in routetable and SG; make sure it do not overlap. Use the same route which has the object’s subnet attached. Update DNS to use it internally)
35. Usage lsof , netstat, set, unset, export
36. Lambda function can only access S3 buckets from same regions inside an account or cross account: true or false
37. what is the use of getopts
38. Pod cpu utilization is in good state but still grafana dashboard shows red what is the issue? (there are multiple queries and the alarm setup is not pointing to correct query)
39. Helm commands to see k8 objects created by it:
    => helm list -aq
    => helm uninstall <release_name>
    => helm get manifest RELEASE_NAME
    => helm get all RELEASE_NAME (https://helm.sh/docs/helm/helm_get/)
40. Use of N/W plugin in k8: without n/w plugin the pods on different nodes can have same IP that creates conflicts
41. GIT REBASE:
    git fetch origin
    git rebase origin/master
    [Conflicts came, resolve it]
    git add <filename>
    git status
    git rebase — continue
42. Enable S3 events (types: Lambda,SNS,SQS,Event bridge)
43. Lambda is a regional service and CDN is a global service. A Lambda function can serve to more than one service. Lambda requires two subnets for HA it means they are multi AZ
44. Terraform Template (blocks):
    terraform
    provider
    resource
    variable
    data
    output
45. CloudFormation Template:

AWSTemplateFormatVersion:
Description:
Parameters:
Conditions:
Mappings:
Resources:
Outputs:

45. Subnets can be assigned to only one route table. Route table can have multiple subnets.

46. Network Troubleshooting in K8:

#### Run debug pod in the required namespace
kubectl run -i --tty --rm debug --image=alpine:3.12 --restart=Never -- sh
#### all commands below will be executed inside of debug pod
/ # apk upgrade
/ # apk add bind-tools
#### sanity checks inside pod
/ # dig <FQDN/IP>
/ # nc -vz <FQDN/IP>
/ # exit

#### when we will exit from the pod - it will be terminated automatically

47. Postgres User Access:

docker run -d -p 5432:5432 -e POSTGRES_HOST_AUTH_METHOD=trust --name db_issue db:test
docker ps -a --no-trunc| grep postgres
docker exec -it --rm db_issue
# psql -U postgres
\l 
\du
\d
\q

psql -U postgres -d db_name -c "SELECT * FROM pg_catalog.pg_user;"
SELECT session_user, current_user;

 psql -U postgres -d db_name -c "ALTER ROLE role_name WITH CREATEDB;" 

48. Check usage of nodes and pods:

#Check namespace level quota:
kubectl get quota -o yaml
kubectl describe quota
kubectl describe limits

#Check current utilization of pods:
kubectl top pods

49. Error: UPGRADE FAILED: “app” has no deployed releases

#1. Check the status of the helm release
helm list -a
# Get the last release secret and edit the value for label "status" to deployed
kubectl -n app-namespace patch secret release-name.release-number --type=merge -p '{"metadata":{"labels":{"status":"deployed"}}}'
or k edit seceret <secret>
#Rerun installl the helm chart 

50. Helm template rendering:

#from chart dir
helm template . --output-dir helm_rendered_templt
helm template . --output-dir helm_rendered_templt -f values.yaml
helm template . --output-dir test  --set tolerations[0].effect=NoSchedule --set tolerations[0].key=node --set tolerations[0].operator=Exists --set tolerations[0].value=test_node

deployment example:
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ .Release.Name }}
  labels:
    app: {{ .Release.Name }}
    release: {{ .Release.Name }}
spec:
  replicas: {{ .Values.replicaCount }}
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 0
      maxSurge: 1
  selector:
    matchLabels:
      app: {{ .Release.Name }}
      release: {{ .Release.Name }}
  template:
    metadata:
      labels:
        app: {{ .Release.Name }}
        release: {{ .Release.Name }}
    spec:
    {{- with .Values.tolerations }}
      tolerations:
{{ toYaml . | indent 8 }}
    {{- end }}    
      containers:
        - name: {{ .Chart.Name }}
          image: {{ .Values.image.repository }}:{{ .Values.image.tag }}

60. What is “resource_group” and “environment” in Gitlab?

61. 503 error backend not available:

#Get A record
dig <url>
kubectl get all svc -o jsonpath="{range .items[*]}{.metadata.annotations.external-dns\.alpha\.kubernetes\.io/hostname}{'\t'}{.metadata.name}{'\t'}{.metadata.namespace}{'\n'}" | grep <record>.