[Golden Kubestronaut] KCNA Extra 30 Practice Questions - Advanced Cloud Native

Answer: C) Backstage

Backstage is a CNCF Incubating project. Prometheus, Envoy, and containerd are all Graduated projects. CNCF projects progress through three maturity levels: Sandbox, Incubating, and Graduated.

Answer: B) Config should be injected through environment variables

The 12-Factor App's III. Config principle recommends completely separating config from code and injecting it through environment variables. This allows the same codebase to be deployed across different environments (development, staging, production).

Answer: B) Deploys log collection, proxy, and monitoring agents alongside the main container

The Sidecar pattern deploys auxiliary containers in the same Pod as the main application container to provide supplementary features like logging, proxying, and config synchronization. Istio's Envoy proxy is a classic example.

Answer: A) Acts as a proxy mediating the application's external communication

The Ambassador pattern mediates communication with external services on behalf of the application. It handles connection retries, logging, authentication, and is used for legacy protocol translation or circuit breaker implementation.

Answer: B) Actually processes network traffic beside each service instance

A service mesh consists of a control plane and data plane. The data plane (e.g., Envoy proxy) is deployed beside each service instance to handle actual network traffic routing, load balancing, mTLS, and observability.

Answer: B) It uses Git as the single source of truth and synchronizes to the cluster using a Pull-based approach

GitOps uses the Git repository as the Single Source of Truth for the desired state, and agents (e.g., Flux, ArgoCD) continuously synchronize cluster state with Git. Unlike push-based CI/CD, the cluster itself pulls the desired state.

Answer: B) It is a technology that enables running programs safely inside the Linux kernel

eBPF enables running sandboxed programs within the Linux kernel without modifying kernel source code or loading kernel modules. It allows implementing networking, security, and observability features. Cilium, Falco, and Tetragon leverage eBPF.

Answer: B) Provides millisecond-level cold starts and sandbox isolation

Wasm provides millisecond cold starts, small binary sizes, and strong sandbox isolation. Through SpinKube, WasmEdge, and similar tools, Wasm workloads can run on Kubernetes, making it ideal for serverless and edge computing.

Answer: B) Internal Developer Portal (IDP) that provides unified management of service catalogs, templates, and documentation

Backstage is a CNCF Incubating project started at Spotify, serving as a framework for building internal developer portals. It provides core features like the Software Catalog, Software Templates, and TechDocs, and is extensible through a plugin system.

Answer: B) Declaratively provisions and manages cloud infrastructure through the Kubernetes API

Crossplane extends Kubernetes as a universal control plane to manage cloud resources from AWS, GCP, Azure, and others as Kubernetes custom resources. Through Compositions, it can provide team-specific infrastructure abstractions.

Answer: B) Provides building blocks (state management, Pub/Sub, service invocation) for distributed applications as a sidecar

Dapr is a runtime that simplifies microservice development using the sidecar pattern to provide language-agnostic building blocks for state management, Pub/Sub messaging, service invocation, bindings, and the actor model.

Answer: B) Terraform

The Provisioning category in the CNCF Landscape includes infrastructure automation, container registries, security, and compliance tools. Terraform is an infrastructure provisioning tool, while Prometheus is for monitoring, Jaeger for distributed tracing, and Fluentd for logging.

Answer: D) Orchestration Spec

OCI defines three specifications: Image Spec (container image format), Runtime Spec (container runtime behavior), and Distribution Spec (image distribution API). Orchestration is not within OCI's scope.

Answer: A) Knative

Knative is a platform for deploying, managing, and scaling serverless workloads on Kubernetes. It consists of Serving (auto-scaling, scale-to-zero) and Eventing (event-driven architecture) components and is a CNCF Incubating project.

Answer: A) Helm chart and Kustomize-based GitOps deployment

Both Flux and ArgoCD are GitOps tools that synchronize Helm charts, Kustomize, and plain YAML manifests to Kubernetes clusters based on Git repositories. ArgoCD provides a web UI by default, while Flux focuses on Git-based automation.

Answer: B) Completed security audit and at least 2 production use cases

CNCF Graduated projects must complete an independent security audit and demonstrate production use cases across diverse organizations. They also require multi-organization maintainers, healthy governance structure, and community engagement.

Answer: B) Metrics, Logs, Distributed Traces

The three pillars of observability are Metrics (numerical measurements of system state), Logs (event records), and Distributed Traces (tracking the full path of requests). OpenTelemetry is the CNCF project that unifies these three.

Answer: B) It is a vendor-neutral observability data collection framework

OpenTelemetry (OTel) is a vendor-neutral framework for generating, collecting, and transmitting metrics, logs, and distributed traces. It provides SDKs, APIs, and Collectors, and is one of the most active CNCF projects after Kubernetes.

Answer: B) Transforms the main container's output into a standard format

The Adapter pattern uses a sidecar container to transform the main container's output (logs, metrics, etc.) into a standard format required by external systems. For example, it can convert custom application logs to JSON format or expose them in Prometheus metric format.

Answer: B) They run sequentially before the main container starts, and must complete before the main container can begin

Init Containers run in order before main containers, and each must complete successfully before proceeding to the next step. They are used for database migrations, configuration file generation, dependency waiting, and more.

Answer: C) Monolithic Architecture Required

CNCF defines Cloud Native as an approach to building systems that are loosely coupled, resilient, manageable, and observable, leveraging containers, service mesh, microservices, immutable infrastructure, and declarative APIs.

Answer: A) Helm is template-based, Kustomize is overlay (patch) based

Helm creates parameterized charts using Go templates, while Kustomize applies overlays (patches) on top of base YAML to manage environment-specific configurations. Kustomize is built into kubectl, and both tools can be used together.

Answer: B) An interface that standardizes communication between kubelet and container runtimes

CRI defines a standardized gRPC interface for kubelet to communicate with various container runtimes (containerd, CRI-O, etc.). Since Kubernetes 1.24, Docker no longer directly implements CRI, so dockershim was removed.

Answer: B) Assigns network interfaces and IP addresses to Pods

CNI (Container Network Interface) is a standard for managing container network connectivity. CNI plugins like Calico, Cilium, Flannel, and Weave assign network interfaces to Pods, provide IP addresses, and enable Pod-to-Pod communication.

Answer: B) Enables storage vendors to develop storage plugins independently from Kubernetes

CSI is a standard interface that allows storage vendors to develop and deploy their own storage drivers without modifying Kubernetes core code. Longhorn, Rook-Ceph, and EBS CSI Driver implement CSI.

Answer: B) Provides service mesh functionality without sidecars through ztunnel and waypoint proxies

Istio Ambient Mesh is a new data plane mode without sidecars. It uses node-level ztunnel (L4 processing, mTLS) and optional waypoint proxies (L7 processing) to reduce resource overhead and simplify operations.

Answer: B) Building self-service Internal Developer Platforms (IDPs) to improve developer experience and productivity

Platform Engineering abstracts infrastructure and tool complexity to build Internal Developer Platforms (IDPs) where developers can use needed resources via self-service. Backstage, Crossplane, and ArgoCD are components used in IDPs.

Answer: B) Kernel-level networking and observability using eBPF

Cilium leverages eBPF technology to handle networking, security, and observability at the kernel level. Instead of using iptables, it performs packet processing with eBPF programs, providing high performance and fine-grained policy control.

Answer: B) Scales down the workload's Pod count to 0 when there are no requests to save resources

Scale to Zero means reducing the number of Pods to 0 when there is no traffic, and automatically starting Pods when new requests arrive. Knative Serving provides this feature, and KEDA also supports similar functionality for specific event sources.

Answer: B) Provides guidelines, recommendations, and ecosystem direction for specific technical domains

CNCF TAGs (Technical Advisory Groups) provide guidelines and recommendations to the community for specific technical domains such as security, observability, network, runtime, and app delivery. Examples include TAG Security, TAG Observability, and TAG Network.