pivotal cloud foundry interview questions
1) What is the Cloud Foundry?
A) Cloud Foundry is an open source cloud computing platform originally developed in-house at VMware. It is now owned by Pivotal Software, which is a joint venture made up of VMware, EMC, and General Electric.
2) Why do we need Cloud Foundry?
A) Cloud Foundry (CF) has become the industry standard. It is an open source platform that you can deploy to run your apps on your own computing infrastructure, or deploy on an IaaS like AWS, vSphere, or OpenStack. You can also use a PaaS deployed by a commercial CF cloud provider.
3) What is a Buildpack?
A) Buildpack is a core link in the chain of the Cloud Foundry deployment process. It automates detection of an application framework, application compilation and running. Being a happy user of Cloud Foundry for a long time, I haven’t had any troubles while using the official build packs for Ruby, Java, and Python projects.
4) What is the use of Cloud Foundry?
A) Cloud Foundry is an open source cloud platform as a service (PaaS) on which developers can build, deploy, run and scale applications.
5) Is Cloud Foundry a PAAS?
A) Cloud Foundry is an open source, multi-cloud application platform as a service (PaaS) governed by the Cloud Foundry Foundation, a 501(c)(6) organization.
6) What is Cloud Foundry’s container-based architecture?
A) Cloud Foundry’s container-based architecture runs apps in any programming language over a variety of cloud service providers. This multi-cloud environment allows developers to leverage the cloud platform that suits specific app workloads and move those workloads as necessary within minutes with no changes to the app.
7) What is Open Service Broker API?
A) Applications deployed to Cloud Foundry access external resources via a Open Service Broker API.
8) What are services in Cloud Foundry?
A) In a Cloud Foundry platform, all external dependencies such as databases, messaging systems, files systems and so on are considered Services.
Pivotal Cloud Foundry Interview Questions
9) What is Pivotal Cloud Foundry (PCF)?
A) A commercial version called Pivotal Cloud Foundry (PCF) is available from Pivotal. It provides extra tools for installation and administration not included in the open software product.
10) What is BOSH in Cloud Foundry?
A) BOSH creates and deploys virtual machines (VMs) on top of a physical computing infrastructure, and deploys and runs Cloud Foundry on top of this cloud.
Cloud Foundry Interview Questions # 11) What is the Cloud Controller?
A) The CF Cloud Controller runs the apps and other processes on the cloud’s VMs, balancing demand and managing app lifecycles.
Cloud Foundry Interview Questions # 12) What is the router?
A) The router routes incoming traffic from the world to the VMs that are running the apps that the traffic demands, usually working with a customer-provided load balancer.
Cloud Foundry Interview Questions # 13) What is User Authentication and Authorization in CF?
A) CF manages user accounts through two User Authentication and Authorization (UAA) servers, which support access control as OAuth2 services and can store user information internally, or connect to external user stores through LDAP or SAML.
Cloud Foundry Interview Questions # 14) Where CF Stores Resources?
A) Cloud Foundry uses the git system on GitHub to version-control source code, buildpacks, documentation, and other resources.
Cloud Foundry Interview Questions # 15) What is OAuth2 Server (UAA) and Login Server?
A) The OAuth2 server (the UAA) and Login Server work together to provide identity management.
Cloud Foundry Interview Questions # 16) What are the components of Cloud Foundry?
A) Cloud Foundry components include a self-service application execution engine, an automation engine for application deployment and lifecycle management, and a scriptable command line interface (CLI), as well as integration with development tools to ease deployment processes.
Cloud Foundry has an open architecture that includes a buildpack mechanism for adding frameworks, an application services interface, and a cloud provider interface.
Cloud Foundry Interview Questions # 17) List out the components of Cloud Foundry?
A) The list of Cloud Foundry components:
Cloud Foundry Components
• Routing – Router
• Authentication – OAuth2 Server (UAA) and Login Server
• App Lifecycle – Cloud Controller and Diego Brain, nsync, BBS, and Cell Reps
• App Storage and Execution – Blobstore, Diego Cell
• Services – Service Brokers
• Messaging – Consul and BBS
• Metrics and Logging – Loggregator
18) Cloud Controller maintains which records?
A) The Cloud Controller also maintain records of orgs, spaces, user roles, services, and more.
Cloud Foundry Interview Questions # 19) What are nsync, BBS, and Cell Reps?
A) To keep applications available, cloud deployments must constantly monitor their states and reconcile them with their expected states, starting and stopping processes as required.
The nsync, BBS, and Cell Rep components work together along a chain to keep apps running. At one end is the user. At the other end are the instances of applications running on widely-distributed VMs, which may crash or become unavailable.
Pivotal Cloud Foundry Software Engineer Interview Questions
Cloud Foundry Interview Questions # 20) How the nsync, BBS, and Cell Rep components work together?
A) nsync receives a message from the Cloud Controller when the user scales an app. It writes the number of instances into a DesiredLRP structure in the Diego BBS database.
BBS uses its convergence process to monitor the DesiredLRP and ActualLRP values. It launches or kills application instances as appropriate to ensure the ActualLRP count matches the DesiredLRP count.
Cell Rep monitors the containers and provides the ActualLRP value.
Cloud Foundry Interview Questions # 21) What is Blobstore?
A) The blobstore is a repository for large binary files, which Github cannot easily manage because Github is designed for code. The blobstore contains the following:
• Application code packages
22) What is Diego Cell?
A) Application instances, application tasks, and staging tasks all run as Garden containers on the Diego Cell VMs. The Diego cell rep component manages the lifecycle of those containers and the processes running in them, reports their status to the Diego BBS, and emits their logs and metrics to Loggregator.
Cloud Foundry Interview Questions # 23) What are Service Brokers?
A) Applications typically depend on services such as databases or third-party SaaS providers. When a developer provisions and binds a service to an application, the service broker for that service is responsible for providing the service instance.
Cloud Foundry Interview Questions # 24) What are Consul and BBS?
A) Cloud Foundry component VMs communicate with each other internally through HTTP and HTTPS protocols, sharing temporary messages and data stored in two locations:
A Consul server stores longer-lived control data, such as component IP addresses and distributed locks that prevent components from duplicating actions.
Diego’s Bulletin Board System (BBS) stores more frequently updated and disposable data such as cell and application status, unallocated work, and heartbeat messages. The BBS stores data in MySQL, using the Go MySQL Driver.
Cloud Foundry Interview Questions # 25) What is Loggregator?
A) The Loggregator (log aggregator) system streams application logs to developers.
Cloud Foundry Interview Questions # 27) What is Diego in CF?
A) Diego is a self-healing container management system that attempts to keep the correct number of instances running in Diego Cells to avoid network failures and crashes. Diego schedules and runs Tasks and Long-Running Processes (LRP).
Cloud Foundry Interview Questions # 28) What are the components of Diego architecture?
A) Diego architecture consists of below components:
1. Diego Cell Components
2. Diego Brain Components
3. Database VMs
4. Access VMs
5. Cloud Controller Bridge Components
7. App Lifecycle Binaries
Cloud Foundry Interview Questions # 29) What is Diego Brain?
A) Diego Brain distribute Tasks and LRPs to Diego Cells and corrects discrepancies between Actual and Desired counts to ensure fault-tolerance and long-term consistency.
Cloud Foundry Interview Questions # 30) What is CC-Bridge?
A) The CC-Bridge translate app-specific requests from the Cloud Controller to the BBS.
Advanced Cloud Foundry Interview Questions
31) What are the CC-Bridge components?
A) The CC-Bridge components are:
Stager, CC-Uploader, Nsync Bulker, Nsync Listener, TPS Listener, and TPS Watcher.
32) How Diego Balances App Processes?
A) Diego balances app processes over the virtual machines (VMs) in a Cloud Foundry (CF) installation using the Diego Auction. When new processes need to be allocated to VMs, the Diego Auction determines which ones should run on which machines. The auction algorithm balances the load on VMs and optimizes app availability and resilience.
33) What are the SSH Components in CF?
A) The Cloud Foundry SSH includes the following central components, they are:
An implementation of an SSH proxy server.
A lightweight SSH daemon.
34) What is SSH Daemon?
A) The SSH daemon is a lightweight implementation that is built around the Go SSH library. It supports command execution, interactive shells, local port forwarding, and secure copy. The daemon is self-contained and has no dependencies on the container root file system.
35) What is SSH Proxy Authentication?
A) The SSH proxy hosts the user-accessible SSH endpoint and is responsible for authentication, policy enforcement, and access controls in the context of Cloud Foundry. After a user has successfully authenticated with the proxy, the proxy will attempt to locate the target container and create an SSH session to a daemon running inside the container. After both sessions have been established, the proxy will manage the communication between the user’s SSH client and the container’s SSH Daemon.
36) What is role-based access control (RBAC) system in CF?
A) CF uses a role-based access control (RBAC) system to grant Cloud Foundry users permissions appropriate to their role within an org or a space.
37) What are the security features available in Cloud Foundry?
A) Cloud Foundry implements the following measures to mitigate against security threats:
Minimizes network surface area
Isolates customer applications and data in containers
Uses role-based access controls, applying and enforcing roles and permissions to ensure that users can only view and affect the spaces for which they have been granted access
Ensures security of application bits in a multi-tenant environment
Prevents possible denial of service attacks through resource starvation
38) What are Isolation Segments?
A) Isolation segments provide dedicated pools of resources to which apps can be deployed to isolate workloads. Using isolation segments separates app resources as completely as if they were in different CF deployments but avoids redundant management components and unneeded network complexity.
39) Explain about Software Vulnerability Management in CF?
A) Cloud Foundry manages software vulnerability using releases and BOSH stemcells. New Cloud Foundry releases are created with updates to address code issues, while new stemcells are created with patches for the latest security fixes to address any underlying operating system issues.
Pivotal Cloud Foundry Interview Questions For Experienced
40) Can you describe about Container Security in CF?
A) Cloud Foundry (CF) secures the containers that host application instances on Linux.
Container Mechanics provides an overview of container isolation.
Inbound and Outbound Traffic from CF provides an overview of container networking and describes how CF administrators customize container network traffic rules for their deployment.
Container Security describes how CF secures containers by running application instances in unprivileged containers and by hardening them.
41) What measures CF can take for Container Security?
A) CF secures containers through the following measures:
Running application instances in unprivileged containers by default
Hardening containers by limiting functionality and access rights
Only allowing outbound connections to public addresses from application containers. This is the original default. Administrators can change this behavior by configuring ASGs.
42) What is Container-to-Container Networking?
A) The Container-to-Container Networking feature enables app instances to communicate with each other directly. Container-to-Container Networking integrates with Garden-runC in a Diego deployment. The Container-to-Container Networking BOSH release includes several core components, as well as swappable components.
43) What are the components of Container-to-Container Networking?
A) The Container-to-Container Networking BOSH release includes the following core components:
Cloud Foundry Command Line Interface (CF CLI) plugin
Garden External Networker
The Container-to-Container Networking BOSH release includes the following swappable components:
Silk CNI plugin
VXLAN Policy Agent
44) What is Zipkin Tracing?
A) Zipkin is a tracing system that enables app developers to troubleshoot failures or latency issues. Zipkin provides the ability to trace requests and responses across distributed systems.
45) What is a Stack?
A) A stack is a prebuilt root filesystem (rootfs) that supports a specific operating system. For example, Linux-based systems need /usr and /bin directories at their root. The stack works in tandem with a buildpack to support applications running in compartments. Under Diego architecture, cell VMs can support multiple stacks.
46) How do you deploy Cloud Foundry?
A) If installing Cloud Foundry for the first time, deploy with cf-deployment.
If you have an existing Cloud Foundry deployment that uses cf-release, migrate your deployment to cf-deployment.
47) How do you add a Buildpack?
A) To add a buildpack, run the cf create-buildpack BUILDPACK PATH POSITION [–enable|–disable] command.
48) How do you use Docker in Cloud Foundry?
A) By default, apps deployed with the cf push command run in standard Cloud Foundry Linux containers. With Docker support enabled, Cloud Foundry can also deploy and manage apps running in Docker containers.
To deploy apps to Docker, developers run cf push with the –docker-image option and the location of a Docker image to create the containers from.
To enable Docker support on a CF deployment, an operator must do the following:
Enable the diego_docker feature flag.
Configure access to any Docker registries that developers want to use images from.
pivotal cloud foundry interview questions