grep: A tool for searching text using patterns (regular expressions).
sed: A stream editor used for text substitution and formatting.
awk: A powerful tool for processing and analyzing text data.
cut: A command used to extract specific columns or fields from text.
These tools can be combined to perform complex text manipulation, such as filtering text with grep, extracting columns with awk, replacing content with sed, and extracting portions of lines with cut.
Common error codes:
404: Resource not found.
500: Internal server error.
502: Bad gateway (backend service unavailable or timed out).
403: Forbidden access.
Long connection: A persistent TCP connection across multiple requests, used in database connections.
Short connection: A connection that closes after each request. Commonly used in HTTP requests.
WebSocket: Enables two-way real-time communication over a single connection. Used in chat applications, live stock updates, etc.
Adjust worker_processes and worker_connections.
Use reverse proxy caching.
Enable gzip compression.
Use keepalive for connection reuse.
LVS: Layer 4 load balancer based on IP and port, suitable for high-performance needs.
Nginx: Layer 7 load balancer, based on HTTP protocol, suitable for application layer proxy.
HAProxy: Supports both Layer 4 and Layer 7 load balancing, ideal for high-concurrency scenarios.
A process that has completed execution but whose parent process hasn't read its exit status, leaving it consuming resources. It can be cleaned up by using the wait function.
Process: The basic unit of resource allocation by the operating system.
Thread: A unit of execution within a process that shares process resources.
Coroutine: Lightweight user-space threads managed by the program rather than the operating system.
Nginx uses an event-driven model to handle requests in a non-blocking manner, improving concurrency by allowing I/O operations to be processed asynchronously.
Use ping and traceroute to check network paths.
Check for interface errors and dropped packets using ifconfig or ip commands.
Use tcpdump or wireshark to capture and analyze network traffic.
top, htop, vmstat, iostat, sar, strace, tcpdump, netstat, lsof, etc.
Process interruption: Interrupts a process to allow the system to perform other tasks.
Soft interrupt: Used to handle asynchronous events, such as network packet processing.
Hard interrupt: Triggered by hardware, such as peripherals requesting CPU attention.
A process waiting for I/O completion, which cannot be killed.
Stack memory: Automatically managed memory used for local variables and function calls.
Heap memory: Dynamically allocated memory managed by the programmer.
States include R (running), S (sleeping), D (uninterruptible), Z (zombie), T (stopped).
A virtual filesystem that contains process, kernel, and hardware information, such as /proc/cpuinfo and /proc/meminfo.
Load: Reflects the number of processes waiting to be executed by the CPU.
CPU usage: The percentage of time the CPU is busy processing tasks.
The Address Resolution Protocol (ARP) is used to map IP addresses to MAC addresses in a local network.
RAID 0: Striping, high performance, no redundancy.
RAID 1: Mirroring, redundancy but lower performance.
RAID 5: Striping with parity, balance between performance and redundancy.
RAID 10: Combination of striping and mirroring, offering both performance and redundancy.
Use pvcreate, vgcreate, and lvcreate commands to create physical volumes, volume groups, and logical volumes.
Use jstat, jmap, and jvisualvm to monitor memory usage. Optimize using flags like -Xmx, -Xms, and -XX:PermSize.
Use sysctl to view and modify kernel parameters.
Modify /etc/security/limits.conf or /etc/sysctl.conf to adjust these settings.
du reports file and directory usage, while df shows the entire filesystem usage. Discrepancies may occur due to unfreed or locked files.
Buffers: Cache for block devices (I/O).
Cached: Cache for filesystem data.
Display open files, network connections, and used ports, helping diagnose resource leakage.
Pipes, message queues, signals, shared memory, and sockets, each used for different communication needs.
The following are the usage differences among pipes, message queues, signals, shared memory, and sockets:
Pipes are mainly used for communication between processes with a kinship relationship.
Purpose:
Usually used to transfer data between parent and child processes. For example, a parent process generates some data and passes it to the child process for further processing through a pipe.
Suitable for simple data transfer scenarios. The data flow is unidirectional. If bidirectional communication is needed, two pipes need to be established.
Features:
Can only be used between processes with a common ancestor.
Data can only flow in one direction. If bidirectional communication is needed, two pipes need to be established.
The capacity of pipes is limited, generally several KB to several MB.
A message queue is a message linked list in the kernel, identified by a message queue identifier.
Purpose:
Used to transfer messages between different processes. Multiple processes can send messages to the same message queue and can also receive messages from the same message queue.
Suitable for scenarios where processes need asynchronous communication. The sending process can continue to execute other tasks after sending a message, and the receiving process reads the message when needed.
Features:
Message queues can achieve asynchronous communication between multiple processes.
Messages have types and specific messages can be received according to types.
The messages in the message queue are formatted and can contain different types of data.
Signals are used to notify a process that a certain event has occurred.
Purpose:
Used for notifying abnormal situations, such as illegal memory access, division by zero error, etc.
Can also be used for simple communication between processes. For example, one process sends a specific signal to another process to trigger a certain behavior.
Features:
Signals are an asynchronous communication method. The process sending the signal does not know when the receiving process will handle the signal.
There are a limited number of signal types, and each signal has a specific meaning.
Signal processing can be interrupted and resumed.
Shared memory is a physical memory area shared by multiple processes.
Purpose:
Suitable for scenarios that require efficient data sharing. Multiple processes can read and write data in shared memory simultaneously to achieve rapid data exchange.
Often used in applications that require a large amount of data interaction, such as scientific computing, image processing, etc.
Features:
The access speed of shared memory is very fast because it operates directly in memory.
Processes need to perform synchronization control by themselves to avoid data conflicts.
Once created, shared memory can be accessed by multiple processes simultaneously.
Sockets are mainly used for communication between processes on different hosts.
Purpose:
Widely used in network communication to achieve data transmission between processes on different computers.
Can be used to implement various network applications, such as client-server mode application programs.
Features:
Supports communication between different hosts and has a wide communication range.
Can use different protocols such as TCP, UDP, etc.
Provides rich network programming interfaces.
Use nice and renice commands to set and modify the priority of processes.
Paging: Divides memory into fixed-size pages.
Segmentation: Divides memory into logical segments such as code, data, and stack.
Create .service files defining how a service should start, stop, and restart. Place the files in /etc/systemd/system/.
Use modprobe to load modules and rmmod to unload them. Kernel modules are stored in /lib/modules.
Ansible roles are used for managing complex configurations, such as adding multiple machines to a Kubernetes cluster in bulk.
Here is the English version of the Kubernetes interview question summary:
Explanation of Kubernetes as an open-source container orchestration platform for automating deployment, scaling, and managing containerized applications.
Overview of components: API Server, etcd, Controller Manager, Scheduler, kubelet, kube-proxy, and worker nodes.
Explanation of how the API server processes a request, validates it, stores it in etcd, and how the scheduler assigns the Pod to a node.
Steps from API call to pod termination, including graceful shutdown signals sent to containers.
Description of how Pods communicate using the CNI (Container Network Interface) and network plugins like Calico or Flannel.
Lack of available resources, such as CPU or memory, insufficient node capacity, or missing network configurations.
Deployment: Manages stateless applications with pod replicas.
StatefulSet: Manages stateful applications with persistent storage and stable network identities.
Handles network traffic routing in the cluster, managing IP-based rules for load balancing.
Use IPVS mode to route traffic, manage ipvsadm rules for load balancing and failover.
IPVS operates at a higher layer with more optimized performance for handling large volumes of requests, compared to iptables' linear matching.
run command: kubectl describe pods xxx Or kubectl logs -f pods-xxx
Verify network policies,
inspect the CNI plugin
check DNS resolution,
validate Pod IPs.
Describes how Kubernetes Network Policies control traffic flow between Pods using labels, selectors, and rules for ingress/egress traffic.
Liveness probe: Checks if the Pod is running.
Readiness probe: Checks if the Pod is ready to serve traffic.
Startup probe: Checks if the application inside the Pod has started successfully.
Common issues include misconfiguration of probes, networking issues, or insufficient resources.
An abstraction that defines a logical set of Pods and a policy to access them, allowing for service discovery and load balancing.
Explains how metrics-server scrapes resource usage metrics from the kubelet API on each node and exposes them through the Kubernetes API.
Service discovery using DNS, headless services, or through the Kubernetes API.
Running, Pending, Failed, Succeeded, CrashLoopBackOff, and Unknown.
PreStop, PostStart hooks used to run code at certain points in the Pod's lifecycle.
Calico: Uses BGP for L3 networking, supports Network Policies.
Flannel: Simple overlay network, focuses on L3 routing but does not natively support Network Policies.
Calico uses an L3 approach with BGP or IP-in-IP for routing, providing a highly scalable solution for large clusters.
Use to secure traffic between Pods, enforce egress/ingress rules, and isolate services.
Opens an interactive session into a running container using a WebSocket connection to the kubelet.
Control CPU resource allocation using cgroups with cpu.shares, cpu.cfs_quota_us, and cpu.cfs_period_us.
Specifies cluster, user credentials, contexts, and configurations for accessing Kubernetes.
Pods resolve DNS queries using CoreDNS service that handles DNS resolution for services and pods within the cluster.
Traefik provides dynamic routing, easier configuration with Kubernetes, and supports additional features like metrics and tracing.
Harbor includes components like Docker registry, Harbor core, Job Service, Clair (for vulnerability scanning), and Notary (for image signing).
Use of external databases, Redis for session persistence, and a load balancer to ensure high availability across multiple Harbor instances.
Increase performance by tuning etcd memory settings, using SSDs, managing compaction, and ensuring proper backups.
Ensure proper etcd scaling, optimize the scheduler and controller-manager, monitor network latency, and ensure resource quotas and limits.
Network issues, kubelet crash, insufficient resources, or misconfiguration. Can cause Pods to be unscheduled or degraded.
Service selects Pods based on labels and creates corresponding Endpoints that map IPs of the selected Pods.
Deployment manages ReplicaSets for rolling updates, ensuring consistent state across the cluster.
Scheduler watches unassigned Pods, evaluates available resources, and assigns Pods to appropriate nodes based on affinity, taints, and tolerations.
Uses metrics from the metrics-server to adjust the number of replicas based on CPU or custom metrics.
Kubernetes uses cgroup to enforce CPU/memory limits by throttling or killing containers that exceed their limits.
Helm is a package manager for Kubernetes that simplifies application deployment through reusable templates called charts.
Rollbacks involve updating resources to a previous release by fetching the corresponding chart and values.
Velero backs up cluster resources and persistent volume data, enabling restore in the case of failures.
Bridge, Host, None, and Overlay, each with different networking setups for container communication.
Docker is a platform for managing containers, while containers are isolated instances running within an OS.
Use multi-stage builds, minimize layers, clear cache, and avoid installing unnecessary packages.
Centralized logging with Fluentd, Logstash, or Loki to collect and manage logs from all nodes and containers.
Used to hold the network namespace for a Pod, enabling communication between containers in the same Pod.
Use kubeadm to renew certificates or manually update them in /etc/kubernetes/pki.
BestEffort, Burstable, and Guaranteed, determined by the resource requests and limits set on the Pod.
Drain the node to move running Pods, apply security patches, and monitor workloads during the maintenance period.
ClusterIP: Provides an internal IP for accessing services.
Headless: Does not allocate a cluster IP and allows direct access to the underlying Pods.
Containers rely on namespaces, cgroups, and chroot for isolation and resource control.
Affinity, anti-affinity, taints, tolerations, and resource-based scheduling.
Manages external access to services using routing rules defined by Ingress resources.
All components (Scheduler, Controller Manager, kubelet, etc.) communicate via RESTful API to manage resources and ensure desired state.
Kubelet monitors node health, reports status to the API server, and ensures that containers are running as expected.
Mount the host’s timezone into the container, or explicitly set the timezone using environment variables.
This structure covers a broad range of Kubernetes topics that are often asked in technical interviews.
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。