How to disable Ingress in Kubernetes (K8s)

 Introduction

There are multiple ways you can disable Ingress in Kubernetes / K8s. Here are the 5 different ways you can directly or indirectly disable the Ingress

1. Deleting the Ingress Resource

If you need to completely remove ingress functionality from your Kubernetes cluster, the most straightforward approach is to delete the ingress resource. This stops all traffic from being routed through it.

Command

kubectl delete ingress <ingress-name> -n <namespace>

For example :

kubectl delete ingress my-ingress -n default

2. Scaling Down the Ingress Controller

If you only want to temporarily stop ingress traffic without removing anything permanently, you can scale down the ingress controller to zero replicas. This effectively halts ingress without deleting the controller.

    (i) First, identify the ingress controller deployment:

kubectl get deployments -n <controller-namespace>

    (ii) Then, scale the deployment down to zero replicas:

kubectl scale deployment <controller-deployment-name> --replicas=0 -n <controller-namespace>

    For example :

kubectl scale deployment <controller-deployment-name> --replicas=0 -n <controller-namespace>

3. Modifying Network Access

Another way to disable ingress traffic is by adjusting the network access or firewall settings at the external level. For example, you can modify the load balancer settings or block access via firewall rules to prevent any external traffic from reaching the ingress controller.

4. Editing the Ingress Configuration

If you want to disable certain routes or services but keep the ingress resource active, you can edit the configuration directly. Simply comment out or remove the paths you want to disable in the rules section of the ingress YAML file:

rules:
  - host: example.com
    http:
      paths:
        # - path: /old-path
        #   backend:
        #     service:
        #       name: old-service
        #       port:
        #         number: 80
        - path: /new-path
          backend:
            service:
              name: new-service
              port:
                number: 80

    Once you've updated the file, apply the changes:

kubectl apply -f <ingress-file>.yaml

5. Using Ingress Annotations

Some ingress controllers, like NGINX, allow you to control the availability of specific rules or the entire ingress resource using annotations. To disable an ingress resource entirely, you can add the following annotation:

metadata:
  annotations:
    nginx.ingress.kubernetes.io/enable: "false"

    Once you've updated the file, apply the changes:

kubectl apply -f <ingress-file>.yaml

Based on the scenario, we can choose one solution to disable ingress in Kubernetes.

Think You Know Kubernetes? Test Yourself with These 60 Questions

Kubernetes, often abbreviated as K8s, is a powerful open-source platform for automating the deployment, scaling, and management of containerized applications. Originally developed by Google, it is now maintained by the Cloud Native Computing Foundation (CNCF).

At its core, Kubernetes helps organizations run applications reliably across clusters of machines by abstracting infrastructure complexities. It enables features like automatic scaling, self-healing, load balancing, and seamless rollouts/rollbacks. With its rich ecosystem of tools and integrations, Kubernetes has become the backbone of modern DevOps and cloud-native architectures.

Whether you're managing a microservices-based application or scaling a monolithic app, Kubernetes provides the flexibility and control needed to operate in dynamic, production-grade environments.

Kubernetes Knowledge Boost: 60 Advanced Questions Explained

Here is a list of 60 advanced Kubernetes questions with concise answers. They cover architecture, concepts, troubleshooting, security, and more:

---

Kubernetes Architecture and Core Concepts

1. What is a Kubernetes control plane?

   • The control plane manages the Kubernetes cluster, maintaining the desired state via components like kube-apiserver, etcd, kube-scheduler, kube-controller-manager, and cloud-controller-manager.

2. What is etcd, and why is it important?

   • etcd is a distributed key-value store that Kubernetes uses to store all cluster data, such as configurations, secrets, and states.

3. Explain how a Kubernetes scheduler works.

   • The scheduler assigns Pods to nodes by evaluating resource requirements, policies, and constraints, ensuring an optimal placement.

4. What is a Pod? Why is it the smallest deployable unit in Kubernetes?

   • A Pod is a group of one or more containers sharing the same network namespace and storage. It encapsulates the application and its dependencies, making it the basic unit of deployment.

5. How do you ensure high availability in a Kubernetes cluster?

   • By setting up a multi-master architecture, load balancers for the API server, and using tools like kubeadm, Kops, or managed Kubernetes services.

---

Advanced Networking

6. What is a Kubernetes Service?

   • A Service abstracts a set of Pods, providing stable networking and load balancing. Types include ClusterIP, NodePort, LoadBalancer, and ExternalName.

7. How does kube-proxy work?

   • kube-proxy maintains network rules to allow communication between Pods and Services using IP tables, IPVS, or user-space proxies.

8. What is the role of CNI in Kubernetes?

   • Container Network Interface (CNI) is a standard for configuring container networking, enabling plugins like Flannel, Calico, and Weave.

9. What are Network Policies?

   • Network Policies control traffic between Pods or Pods and external endpoints, using rules to allow or deny ingress and egress.

10. How do you expose an application in Kubernetes to external traffic?

    • Use a Service of type LoadBalancer or NodePort, or an Ingress resource with an Ingress controller.

---

Storage

11. What is Persistent Volume (PV) and Persistent Volume Claim (PVC)?

    • PV is a storage resource in the cluster, while PVC is a request for storage by a user. PVCs bind to PVs for dynamic or static provisioning.

12. How does dynamic volume provisioning work?

    • StorageClasses define storage types, and when a PVC is created, Kubernetes dynamically provisions a matching PV.

13. What is CSI in Kubernetes?

    • The Container Storage Interface (CSI) standardizes storage plugin management for dynamic provisioning and attaching volumes.

14. What is ephemeral storage?

    • Temporary storage tied to the Pod lifecycle, used for caching, logs, or temporary files.

15. How can you back up and restore etcd?

    • Use etcdctl commands to take snapshots and restore the data to another etcd cluster.

---

Security

16. What is RBAC, and how does it work?

    • Role-Based Access Control (RBAC) manages access to Kubernetes resources using roles and bindings.

17. What are Kubernetes Secrets, and how are they used?

    • Secrets store sensitive data like credentials securely, referenced by Pods via volumes or environment variables.

18. What is Pod Security Admission (PSA)?

    • PSA enforces security standards for Pods by controlling privilege levels like baseline or restricted.

19. How do you secure the API server?

    • By using TLS, enabling RBAC, restricting anonymous access, and enabling audit logs.

20. What are Pod security contexts?

    • Security contexts define Pod-level permissions, such as running as a non-root user or mounting filesystems as read-only.

---

Troubleshooting

21. How do you troubleshoot Pod CrashLoopBackOff?

    • Check logs using kubectl logs, inspect events using kubectl describe pod, and validate container configurations.

22. How do you debug network issues in Kubernetes?

    • Use tools like kubectl exec, network policies, traceroute, or external tools like cilium and tcpdump.

23. What is the significance of Node Conditions?

    • Node Conditions (e.g., MemoryPressure, DiskPressure) indicate health and resource status, guiding scheduler decisions.

24. How do you handle etcd failure?

    • Restore from a backup and ensure quorum by adding healthy nodes.

25. What tools can you use for Kubernetes observability?

    • Prometheus, Grafana, Fluentd, ELK stack, and Jaeger.

---

Scaling and Performance

26. How does Kubernetes autoscaling work?

    • Kubernetes supports horizontal (HPA), vertical (VPA), and cluster autoscaling based on resource utilization or custom metrics.

27. What is a ReplicaSet, and how does it differ from a Deployment?

    • A ReplicaSet ensures a specified number of Pod replicas, while Deployments manage ReplicaSets for updates and rollbacks.

28. How do you optimize resource usage in a cluster?

    • Define resource requests/limits, monitor usage with tools like Prometheus, and right-size workloads.

29. What is pod affinity and anti-affinity?

    • Affinity defines Pod co-location preferences, while anti-affinity enforces separation.

30. How do you handle resource contention in a cluster?

    • Use priorities, preemption, and resource quotas.

---

Custom Resources and Operators

31. What are Custom Resource Definitions (CRDs)?

    • CRDs enable users to define and manage custom Kubernetes objects.

32. What is a Kubernetes Operator?

    • An Operator automates operational tasks for applications using custom controllers and CRDs.

33. How do you extend Kubernetes functionality?

    • Use CRDs, admission controllers, or plugins like CNI and CSI.

34. How do you write a custom controller?

    • Use Kubernetes client libraries (e.g., client-go) to reconcile the desired and actual states of resources.

35. What are finalizers in Kubernetes?

    • Finalizers delay resource deletion until specific cleanup tasks complete.

---

Cluster Administration

36. How do you upgrade a Kubernetes cluster?

    • Upgrade control plane components first, then worker nodes, following the Kubernetes release cycle.

37. What is taint and toleration in Kubernetes?

    • Taints prevent Pods from scheduling on specific nodes unless they tolerate the taint.

38. How do you perform node maintenance in Kubernetes?

    • Drain the node (kubectl drain) and cordon it to prevent scheduling.

39. What is kubelet, and what is its role?

    • Kubelet is an agent running on each node, responsible for managing Pods and reporting to the control plane.

40. How does Kubernetes handle rolling updates?

    • Deployments update Pods incrementally, creating new Pods while scaling down old ones.

---

Advanced Scenarios

41. What is the difference between StatefulSets and Deployments?

    • StatefulSets manage stateful applications with stable network identities, while Deployments are for stateless applications.

42. How do you ensure consistency in StatefulSets?

    • Use headless services and persistent volumes.

43. What is a Helm chart, and how is it used?

    • Helm is a package manager for Kubernetes, and Helm charts define application configurations and resources.

44. What are the differences between DaemonSets and Deployments?

    • DaemonSets ensure one Pod runs on each node, while Deployments scale Pods across nodes.

45. How do you implement canary deployments?

    • Use multiple versions of Deployments with traffic splitting via Ingress or a Service mesh.

---

Security and Best Practices

46. What is a Pod disruption budget (PDB)?

    • PDB defines minimum available or maximum unavailable Pods during disruptions.

47. What is Kubernetes admission control?

    • Admission controllers validate and mutate API requests based on policies.

48. How do you implement encryption for Secrets?

    • Enable encryption at rest using Kubernetes encryption configuration.

49. What are the best practices for managing ConfigMaps and Secrets?

    • Use immutable ConfigMaps/Secrets, manage access with RBAC, and avoid exposing sensitive data in logs.

50. What are namespace quotas?

    • Quotas limit resource consumption in namespaces, ensuring fair resource distribution.

---

Miscellaneous

51. What is kubeadm, and how is it used?

    • Kubeadm bootstraps Kubernetes clusters by setting up the control plane and nodes.

52. What is the difference between a job and a cronjob?

    • A job runs a task to completion, while a cronjob schedules jobs at regular intervals.

53. What is kube-state-metrics?

    • It exposes Kubernetes resource states as Prometheus metrics for monitoring.

54. How do you use Service mesh in Kubernetes?

    • Service meshes like Istio or Linkerd add features like traffic routing, observability, and security to microservices.

55. What is Horizontal Pod Autoscaler (HPA)?

    • HPA scales Pods based on CPU/memory utilization or custom metrics.

---

Emerging Trends

56. How does Kubernetes integrate with serverless frameworks?

    • Use Knative or OpenFaaS to run serverless workloads on Kubernetes.

57. What is Kubernetes Federation?

    • Federation manages multiple clusters for global deployment and high availability.

58. What is the role of policy engines like OPA/Gatekeeper?

    • Open Policy Agent (OPA) enforces policies like security or compliance in Kubernetes.

59. What is KubeEdge?

    • KubeEdge extends Kubernetes to edge devices for IoT and edge computing.

60. What is Multi-tenancy in Kubernetes?

• Multi-tenancy isolates resources and workloads for different users or teams within a cluster.

That all for important advanced Kubernetes Questions and Answers that will help you in clearing DevOps Interviews.

Ultimate Ansible Interview Guide: 30 Advanced Questions and Solutions

 Ansible is a configuration management tools and it comes under continues delivery / deployment in DevOps Lifecycle

Here are few important Ansible questions and answers which will help you to crack interview easily. I have tried to cover all the important questions and Answers

Understanding Sealed Class in Java and its use-case

Introduction to Sealed Class and Interfaces

Sealed Class in Java are used to allow / permit specific named Class which can extend the Sealed Class. 

With Sealed Class, we can say that Class A can only be extended by Class B and Class C and not any other class, thus limiting who can extend a particular Java Class

Detailed Explanation and use-case

Let's start with a very simple example. Consider we are creating a base class name Animal which implements basic feature of animal like walking, running etc

Now, We want few classes to extend Animal class like Cat, Dog, Lion, Tiger etc which we can do it easily and implement specific respective feature

Since this Animal Class can be extended by any class, someone can accidentally extend Animal class for Pigeon too which is not correct

 In other words, Sealed Class / Interface permits (or restricts) which all Class / Interface can use them. It prevents misuse of Java Class / Interface

Advantage and Disadvantage of using Sealed Class

Lets discuss Advantage first

Advantage of Sealed Class and Interface:

• The developer of Sealed Class can manage who can use / or whose code can implement it
• If we compare with access modifier, Sealed Class provide a more declarative way to restrict use of super class
• Sealed Class and its permitted sub-class can be used as Pattern Matching using Switch statement

Disadvantage of Sealed Class and Interface

• If not properly designed / thought about its all permitted sub-class, need to revisit code of super class to add more permitted sub-class
• In few use-cases, unit testing would be difficult
• Permitted class uses cannot be detected at compile time, so if it has been used and its not in list of permitted sub-class, it cannot throw compile time error
• Limitation of usage of permitted sub-class within same module only

How to declare Sealed Class:

Sealed class can be declared with using the keyword sealed along with its permit sub-classes with keyword permits

Example of How to create Sealed Classes:

package com.tech693.java.examples.seal;

public sealed class Animal permits Cat, Dog {

    public void getIdentity(){

        System.out.println("Animal");
    }
}

Notice the sealed and permits keywords. Its mandatory to declare one sub-class using permits keyword when using sealed. 

By this we are declaring that only Cat and Dog sub-class can extend the Animal class and no other class is allowed to extend Animal class

Now, lets see how to create Cat and Dog class

Example of how to create Sealed sub-class:

package com.tech693.java.example.seal;

// Pls note its mandatory to declare sub class as either sealed or non-sealed or final
public non-sealed class Cat extends Animal { 
    
    public void getIdentity(){
        System.out.println("Cat");
    }    
}

package com.tech693.java.example.seal;

// Pls note its mandatory to declare sub class as either sealed or non-sealed or final
public final class Dog extends Animal {
    
    public void getIdentity(){
    System.out.println("Dog");
    }  
}

Also, the sub-class should directly extend the sealed class.

for eg.  Suppose, A is a sealed class which permits B to extend it and B is also a sealed class that permits C. In this scenario C cannot directly extend A

Its mandatory to declare sub class as either sealed or non-sealed or final which has different relevance

• Sub-class as Sealed: - Can only be further extended by sub-class permitted class
• Sub-class as final :- Cannot be further extended
• Sub-class as non-sealed - Can be extended further by any class
• The idea to have non-sealed is to know the developer that it extends the sealed class and is not accidently allowing further extended by its sub-class

Now lets run the above code using Main class as shown below:

package com.tech693.java.example.seal;

public class SealedClassExample {
    public static void main(String[] args) {
        Animal animal = new Cat();
        animal.getIdentity();

        Animal animal1 = new Dog();
        animal1.getIdentity();
    }
}

Output

So when Animal class is declared as cat, it will print Cat when getIdentity() is called

Here is the output of the above code :

Output:

Cat
Dog

Sealed Interface:

Sealed interface acts similarly as Sealed Class. The only difference is the difference between abstract class and interface (we have have some business logic code in abstract class but cannot have it in interface)

Sealed Interface Example:

Let's see some code example of implementing sealed as Interface

package com.tech693.java.examples.seal;

public sealed interface Animal permits Cat, Dog {

    public void getIdentity(){}
}

package com.tech693.java.example.seal;

// Pls note its mandatory to declare sub class as either sealed or non-sealed or final
public non-sealed class Cat implements Animal { 
    
    public void getIdentity(){
        System.out.println("Cat");
    }    
}

package com.tech693.java.example.seal;

// Pls note its mandatory to declare sub class as either sealed or non-sealed or final
public final class Dog implements Animal {
    
    public void getIdentity(){
    System.out.println("Dog");
    }  
}

Till now we have got the basic idea about Sealed Classes and its permitted sub-class.

Lets understand further in more depth about its use-case and how Java implemented Sealed class

Record class as permitted subclasses of a Sealed Class

Since Record class are implicitly final we can use record class in the permits clause of a Sealed Class or Interface. 

Here is an example of Record class as subclasses of a sealed class

package com.example.records.expressions;

sealed interface Expr permits ConstantExpr, PlusExpr, TimesExpr, NegExpr {
    public int eval();
}

record ConstantExpr(int i) implements Expr {
    public int eval() { return i(); }
}

record PlusExpr(Expr a, Expr b) implements Expr {
    public int eval() { return a.eval() + b.eval(); }
}

record TimesExpr(Expr a, Expr b) implements Expr {
    public int eval() { return a.eval() * b.eval(); }
}

record NegExpr(Expr e) implements Expr {
    public int eval() { return -e.eval(); }
}

Note that we haven't declare any modifier (final, non-sealed or sealed) to sub-class. This is because Record class are final by default.

Design considerations when using Sealed Classes and Interfaces

We should keep in mind following consideration while designing Sealed Classes or Interface

• Design Decision - We should carefully consider which class should be declared sealed before start implementing only. Sealed class / interface consideration often results in tightly coupled design instead of loosely coupled
• Backward Compatibility - If we plan to use sealing class, it can impact backward compatibility. Adding new permitted sub-class in future release can break existing code that depends on the sealed API
• Package / Module Arrangement - We should carefully construct Java Module / Package structure when used sealed classes or interface as the scope of sealed class and its permitted sub-class is scoped under a single module.

Sealed Class as Pattern Matching case:

This is very important to understand. The introduction of Sealed class in Java opens up a new paradigm of using Permitted classes as Pattern Matching in switch case

Let's first understand how Sealed Class is implemented in JDK. 

Although sealed is a class modifier, there is no ACC_SEALED flag in the ClassFile structure. Instead, the class file of a sealed class has a PermittedSubclasses attribute which implicitly indicates the sealed modifier and explicitly specifies the permitted subclasses:

PermittedSubclasses_attribute {

    u2 attribute_name_index;

    u4 attribute_length;

    u2 number_of_classes;

    u2 classes[number_of_classes];

Code Example: Consider above example of Animal as sealed class and Cat and Dog as its permitted sub class. 

Here is the example where we can use sealed class in switch case

private static String checkAnimal(Animal animal){                                     
    return switch (animal) {                                                          
        case Cat c -> c.getIdentity();                                                
        case Dog d -> d.getIdentity();                                                
        default -> throw new IllegalArgumentException("Unexpected Input: " + animal); 
    };                                                                                
}

Frequently Asked Question:

Why Sealed Class is introduced in Java, what problem does it solves?

 

The purpose of sealed class is to have more control on sub-class / interface hierarchy. It provides a way to create hierarchy of classes and its sub-classes. It also solves the problem of using sealed class as Pattern Matching using switch case

What is the difference between sealed and final class?

Final class means no other class can extend it whereas sealed class means only permitted sub-class can extend it

What is the difference between sealed and abstract class?

Sealed class can be used along with abstract keyword and its a good idea because in most of the use-case sealed class is abstract and its permitted sub-class has actual implementation. for eg - Shape sealed class can have Rectangle, Triangle as its permitted sub-class and the actual implementation of its area, radius, circumference and diameter code is in its permitted sub-class