Which two package management tools can be used to configure and install applications on Kubernetes? (Choose two.)
Grafana
Fluent bit
Carvel
Helm
Multus
Two package management tools that can be used to configure and install applications on Kubernetes are:
References: : https://carvel.dev/ : https://docs.vmware.com/en/VMware-Tanzu-Kubernetes-Grid/1.6/vmware-tanzu-kubernetes-grid-16/GUID-tkg-carvel.html : https://helm.sh/ : https://docs.vmware.com/en/VMware-Tanzu-Kubernetes-Grid/1.6/vmware-tanzu-kubernetes-grid-16/GUID-tkg-helm.html
What is the role of Prometheus in a VMware Tanzu Kubernetes Grid cluster?
Provide the functionality of a lightweight log processor and forwarder that allows you to collect data and logs from different sources.
Collect metrics from target clusters at specified intervals, evaluate rule expressions, display the results, and trigger alerts if certain conditions arise.
Inject time-series database (TSDB) data into high-quality graphs and visualizations.
Extend the open-source Docker distribution by adding the functionalities usually required by users such as security and identity control and management.
Prometheus is an open-source systems monitoring and alerting toolkit that can collect metrics from target clusters at specified intervals, evaluate rule expressions, display the results, and trigger alerts if certain conditions arise8. Tanzu Kubernetes Grid includes signed binaries for Prometheus that users can deploy on workload clusters to monitor cluster health and services9. Prometheus uses a pull model to scrape metrics from various sources, such as Kubernetes nodes, pods, services, and endpoints. Prometheus stores the collected metrics in a time-series database and allows users to query them using PromQL, a powerful query language. Prometheus also supports defining alert rules based on metric values and sending notifications to external systems, such as Alertmanager8.
The other options are incorrect because:
References: Prometheus Overview, Implement Monitoring with Prometheus and Grafana, Fluent Bit, What is Grafana?, Harbor Overview
What is the key benefit of Tanzu Service Mesh Autoscaler feature?
Autoscale microservices
Autoscale persistant volumes
Autoscale Supervisor control plane VMs
Autoscale Tanzu Kubernetes Grid cluster
The key benefit of Tanzu Service Mesh Autoscaler feature is to autoscale microservices that meet changing levels of demand based on metrics, such as CPU or memory usage. These metrics are available to Tanzu Service Mesh without needing additional code changes or metrics plugins1. Tanzu Service Mesh Autoscaler supports configuring an autoscaling policy for services inside a global namespace through the UI or API, or using a Kubernetes custom resource definition (CRD) for services directly in cluster namespaces2. Tanzu Service Mesh Autoscaler also supports two modes: performance mode, where services are scaled up but not down, and efficiency mode, where services are scaled up and down to optimize resource utilization2. References: VMware Aria Operations for Applications, Tanzu Service Mesh Service Autoscaling Overview - VMware Docs
What is the purpose of a service mesh?
Provides dynamic application load balancing and autoscaling across multiple clusters and multiple sites.
Provides a centralized, global routing table to simplify and optimize traffic management.
Provides service discovery across multiple clusters.
Provides an infrastructure layer that makes communication between applications possible, structured, and observable.
A service mesh is a dedicated infrastructure layer that you can add to your applications to provide capabilities like observability, traffic management, and security, without adding them to your own code. A service mesh consists of network proxies paired with each service in an application and a set of management processes. The proxies are called the data plane and the management processes are called the control plane. The data plane intercepts calls between different services and processes them; the control plane is the brain of the mesh that configures and monitors the data plane1. A service mesh makes communication between applications possible, structured, and observable by providing features such as load balancing, service discovery, encryption, authentication, authorization, routing, retries, timeouts, fault injection, metrics, logs, and traces2.
The other options are incorrect because:
References: What’s a service mesh?, The Istio service mesh, Service mesh - Wikipedia
What steps are required to deploy an application to a Kubernetes cluster using VMware Tanzu Mission Control (TMC) catalog?
From the TMC Console, in Catalog, select the package to install, select Install Package
From the TMC Console, in Catalog, from Available Tanzu Packages, specify the target cluster and the package to install
Using the Tanzu CLI, enter the command tanzu package install
Using the TMC CLI, enter the command tmc cluster tanzupackage create
VMware Tanzu Mission Control (TMC) is a centralized management platform for consistently operating and securing your Kubernetes infrastructure and modern applications across multiple teams and clouds1. TMC provides a catalog of curated open-source software packages that you can deploy to your clusters with a few clicks2. To deploy an application to a Kubernetes cluster using TMC catalog, you need to follow these steps3:
The other options are incorrect because:
References: VMware Tanzu Mission Control Overview, Catalog Overview, Install a Package from Catalog, Tanzu CLI Overview, TMC CLI Overview
Which two statements about the NSX Advanced Load Balancer are correct? (Choose two.)
It can only be used if Antrea CNI is installed on the workload cluster.
It can be configured as the VIP endpoint for the management cluster on vSphere.
It only supports the service type LoadBalancer.
It is natively integrated with Tanzu Kubernetes Grid Amazon Web Services EC2 deployments.
It can be configured as a load balancer for workloads in the clusters that are deployed on vSphere.
Two statements about the NSX Advanced Load Balancer are correct:
The other options are incorrect because:
References: Configure the VIP Endpoint for the Management Cluster, Deploy and Configure NSX Advanced Load Balancer as a Load Balancer for Workload Clusters, Supported CNI Plugins, Service Types, Load Balancing on AWS
Which statement describes a Global Namespace in VMware Tanzu Service Mesh?
Apply a single policy to multiple namespaces across multiple clusters.
Automatic placement of the workload to any global cluster based on traffic demand.
Define an application boundary and provides consistent traffic routing, connectivity, resiliency, and security for applications across multiple clusters.
Provide distributed ingress and egress services to support multiple namespaces across multiple clusters.
The statement that correctly describes a global namespace in VMware Tanzu Service Mesh is that it defines an application boundary and provides consistent traffic routing, connectivity, resiliency, and security for applications across multiple clusters. A global namespace is a logical abstraction of an application from the underlying infrastructure that spans across multiple clusters and clouds4. A global namespace connects the resources and workloads that make up the application into one virtual unit and manages their identity, discovery, connectivity, security, and observability4. A global namespace also enables automatic service discovery and cross-cluster communication within the application boundary4. References: Global Namespaces - VMware Docs
What is the correct resource hierarchy order in VMware Tanzu Mission Control?
Root -> Cluster Groups -> Clusters
Organization -> Cluster Groups -> Namespaces
Organization -> Clusters -> Cluster Groups
Organization -> Cluster Groups -> Clusters
The correct resource hierarchy order in VMware Tanzu Mission Control is Organization -> Cluster Groups -> Clusters. An organization is the root of the resource hierarchy and represents a customer account in Tanzu Mission Control. A cluster group is a logical grouping of clusters that can be used to apply policies and manage access. A cluster is a Kubernetes cluster that can be attached or provisioned by Tanzu Mission Control. A cluster belongs to one and only one cluster group, and a cluster group belongs to one and only one organization. References: VMware Tanzu Mission Control Concepts, Resource Hierarchy
What is the Kubernetes component that is responsible for workload creation?
API Sep/er
Scheduler
etcd
Kubelel
The Scheduler is the Kubernetes component that is responsible for workload creation. The Scheduler is responsible for assigning pods to nodes based on various factors, such as resource availability, node affinity, taints and tolerations, and pod priority. The Scheduler watches for newly created pods that have no node assigned, and selects a suitable node for them to run on. The Scheduler then informs the API server of its decision, and the API server binds the pod to the node. References: Scheduling | Kubernetes, Kubernetes Components | Kubernetes
Which Container Network Interface (CNI) is selected by default in a VMware Tanzu Kubernetes Grid workload cluster?
Multus CNI
Antrea
Flannel
Calico
Antrea is the default CNI for new Tanzu Kubernetes Grid workload clusters8. Antrea is an open-source Kubernetes networking solution that implements the Container Network Interface (CNI) specification and uses Open vSwitch (OVS) as the data plane9. Antrea supports various features such as network policies, service load balancing, NodePortLocal, IPsec encryption, IPv6 dual-stack, and more10.
The other options are incorrect because:
References: Tanzu Kubernetes Grid Cluster Networking, Antrea, Antrea Features, Multus CNI, Flannel, Calico
What two steps are required to visualize API connectivity and enable API protection in VMware Tanzu Service Mesh? (Choose two.)
Activate API Discovery for the Global Namespace
Create API Security Policy for the Global Namespace
Enable Threat Detection Policy for the Global Namespace
Set a Distributed Firewall policy for the Global Namespace
Create an Autoscaling policy for API for the Global Namespace
To visualize API connectivity and enable API protection in VMware Tanzu Service Mesh, the administrator needs to perform two steps:
References: 1: https://docs.vmware.com/en/VMware-Tanzu-Service-Mesh/services/tanzu-service-mesh-enterprise/GUID-E6FB9FB3-FDB3-4D2B-B5CB-614608EEF537.html 2: https://docs.vmware.com/en/VMware-Tanzu-Service-Mesh/services/tanzu-service-mesh-enterprise/GUID-5B635420-3BD2-4EC1-B67E-2015F991A91C.html
What is the object in Kubernetes used to grant permissions to a cluster wide resource?
ClusterRoleBinding
RoleBinding
RoleReference
ClusterRoleAccess
The object in Kubernetes used to grant permissions to a cluster-wide resource is ClusterRoleBinding. A ClusterRoleBinding is a cluster-scoped object that grants permissions defined in a ClusterRole to one or more subjects, such as users, groups, or service accounts5. A ClusterRole is a cluster-scoped object that defines a set of permissions on cluster-scoped resources (like nodes) or namespaced resources (like pods) across all namespaces5. For example, a ClusterRoleBinding can be used to allow a particular user to run kubectl get pods --all-namespaces by granting them the permissions defined in a ClusterRole that allows listing pods in any namespace6. References: Using RBAC Authorization | Kubernetes, Cluster Roles and Cluster Roles Binding in Kubernetes | ANOTE.DEV
What are the three Cluster API providers being used in VMware Tanzu Kubernetes Grid? (Choose three.)
CAPI
CAPz
CAPM
CAP
CAPV
CAPA
Cluster API is a Kubernetes project that provides declarative APIs for cluster creation, configuration, and management. Cluster API uses a set of custom resource definitions (CRDs) to represent clusters, machines, and other objects. Cluster API also relies on providers to implement the logic for interacting with different infrastructure platforms. VMware Tanzu Kubernetes Grid uses Cluster API to deploy and manage Kubernetes clusters on various platforms. The three Cluster API providers being used in VMware Tanzu Kubernetes Grid are:
References: VMware Tanzu Kubernetes Grid Documentation, Taking Kubernetes to the People: How Cluster API Promotes Self … - VMware
Which statement describes a Container Storage Interface (CSI) in VMware Tanzu Kubernetes Grid?
It is a plug-in that onlyworks with vSphere object storage.
It is a plug-in that is only used for clusters which require cloud native storage.
It is a plug-in that allows providers to expose storage as persistent storage.
It is a plug-in that is required for ephemeral storage.
A Container Storage Interface (CSI) in VMware Tanzu Kubernetes Grid is a plug-in that allows providers to expose storage as persistent storage for Kubernetes clusters. CSI is a standard interface that defines an abstraction layer for container orchestrators to work with storageproviders3. VMware Tanzu Kubernetes Grid supports StorageClass objects for different storage types, provisioned by Kubernetes internal (“in-tree”) or external (“out-of-tree”) plug-ins. Two of the supported storage types are vSphere Cloud Native Storage (CNS) and Amazon EBS, which use the vSphere CSI driver and the AWS EBS CSI driver respectively4. References: Tanzu Kubernetes Storage Class Example - VMware Docs, Deploying and Managing Cloud Native Storage (CNS) on vSphere - VMware Docs
Which steps are required to create a vSphere Namespace?
In the vSghere web client, select Supervisor, select Namespaces tab. and click Create Namespace
Create the Namespace usinq the Tanzu CLI
In the vSphere web client, select Workload Management, select Namespaces tab. and click Create Namespace
In the vSghere web client, select Supervisor, select Workload, select Namespaces tab. and click Create Namespace
To create a vSphere Namespace, the correct steps are to use the vSphere web client, select Workload Management, select Namespaces tab, and click Create Namespace. A vSphere Namespace is a logical grouping of Kubernetes resources that can be used to isolate and manage workloads on a Supervisor Cluster1. To create a vSphere Namespace, a user needs to have the vSphere Client and the required privileges to access the Workload Management menu and the Namespaces tab2. From there, the user can select the Supervisor Cluster where to place the namespace, enter a name for the namespace, configure the network settings, set the resource limits, assign permissions, and enable services for the namespace2. References: Create and Configure a vSphere Namespace - VMware Docs, vSphere with Tanzu Concepts - VMware Docs
TESTED 18 May 2024