C_KYMD_01 Exam Dumps - SAP Certified Development Associate - Side-by-Side Extensibility based on SAP BTP Kyma runtime

• A DaemonSet ensures that all (or some) Nodes run a copy of a Pod. As nodes are added to the cluster, Pods are added to them. As nodes are removed from the cluster, those Pods are garbage collected. Deleting a DaemonSet will clean up the Pods it created2.
• Some typical uses of a DaemonSet are: running a cluster storage daemon on every node, running a logs collection daemon on every node, running a node monitoring daemon on every node2.
• DaemonSets are ideal in a variety of real-world use cases: Running Node monitoring agents, Running log collection agents, Running network plugins, Running service meshes3.

References:

• Kubernetes DaemonSet - What It is & How to Use It (Example)
• DaemonSet | Kubernetes
• Kubernetes Daemonset: A Practical Guide - Spot.io

To pull a container image from a private registry, you need to create a secret with the type “kubernetes.io/dockerconfigjson” and provide the credentials in the pod manifest via “imagePullSecrets” in spec.template.spec. This way, the kubelet can use the secret to authenticate with the private registry and pull the image. The secret type “Opaque” is not suitable for this purpose, as it is a generic type that can store any data. The pod manifest does not support providing credentials via “imagePullSecrets” in spec.template.metadata.annotations, as this is not a valid field. References: Side-by-Side Extensibility Based on SAP BTP, Kyma Runtime - Unit 3 - Lesson 2: Using Secrets, [Kubernetes Documentation - Pull an Image from a Private Registry]

 The service mesh solution in SAP BTP, Kyma runtime is based on Istio, which is one of the most popular service mesh solutions. Istio uses the Sidecar proxy pattern, which means that a proxy is deployed as a sidecar container next to each service. This way, the proxy can intercept and manage the traffic between the services, without requiring any changes in the application code. The proxy also communicates with the Istio control plane, whichprovides configuration and policies for the service mesh. The other options are not valid proxy patterns for the service mesh solution in SAP BTP, Kyma runtime. References: Discovering the Service Mesh - SAP Learning, Istio Documentation - What is Istio?

 The kubectl command to list pods with the exact label “env-dev” is kubectl get pods -l env=dev. The -l or --selector flag allows you to filter pods by label selectors, which are key-value pairs that are attached to pods. The = operator matches pods that have the exact label value specified. The -L or --label-columns flag adds a column with the value of the specified label(s) to the output, but does not filter the pods. The -I or --ignore-not-found flag returns an exit code of 0 when no resources are found, but does not affect the output. The -l env-dev flag is invalid, as it does not specify a label value. References: 6, 7, 9

 A CronJob is a workload type that creates Jobs on a repeating schedule, based on the Cron syntax. A Job is a workload type that runs a task to completion, just once. A Deployment is a workload type that manages a set of Pods that are created from the same template. A StatefulSet is a workload type that manages a set of Pods that have stable identities and persistent storage. References: CronJob, Jobs, Workloads.

When you delete a pod managed by a Replica Set, the Replica Set will schedule a new pod to replace the deleted one. This is because the Replica Set’s purpose is to maintain a stable set of replica pods running at any given time. As such, it is often used to guarantee the availability of a specified number of identical pods1. The Replica Set controller monitors the number of pods it owns and creates or deletes pods as needed to reach the desired number. The Replica Set identifies its pods by using a selector that matches the pods’ labels2. Therefore, deleting a pod will reduce the number of pods that match the selector, and trigger the Replica Set to create a new pod with the same pod template3.

References:

• 1: ReplicaSet | Kubernetes
• 2: Labels and Selectors | Kubernetes
• 3: Pods, Deployments and Replica Sets: Kubernetes Resources Explained

 SAP BTP, Kyma runtime uses Fluent Bit as the tool for log collection. Fluent Bit is an open-source log processor and forwarder that allows you to collect data and logs from different sources, enrich them with filters, and send them to multiple destinations. Fluent Bit is deployed as a DaemonSet on every node of the Kyma runtime cluster, and collects logs from the containers running on the node. Fluent Bit forwards the logs to Loki, a log aggregation system that is compatible with Prometheus12. References: Fluent Bit, Logging | SAP Help Portal.

SAP BTP, Kyma runtime uses the following open-source projects to expose and analyze in-cluster telemetry data:

• Loki: Loki is a log aggregation system that collects logs from various sources and stores them in a scalable and queryable way. Loki is integrated with Grafana to provide a unified interface for log analysis1.
• Prometheus: Prometheus is a time-series database that collects metrics from instrumented applications and stores them in a time-series database. Prometheus is a pull-based system, which means that applications need to expose an endpoint from which Prometheus can scrape the metrics2.
• Grafana: Grafana is a visualization and analysis tool to visualize and query time-series data. With Grafana, you can create dashboards that show the current state of your applications. Grafana can easily visualize data from Prometheus, Loki, and other sources2.

References:

• 1: Accessing the built-in observability tools of Kyma runtime
• 2: Describing Observability in Kyma

The command kubectl get pods -n  lists the pods in a specific namespace. This command uses the -n flag to specify the namespace and the get pods subcommand to retrieve the pod resources. The output shows the name, status, restarts, and age of each pod in the namespace1. You can also use the -o wide flag to show more details, such as the node where the pod is running2. References:

• 1: Get a Shell to a Running Container
• 2: List pods per namespace in kubernetes

The SAP BTP Service Operator for Kubernetes is a Kubernetes operator that enables you to consume SAP BTP services from your Kubernetes cluster using Kubernetes-native tools. It communicates with the Service Manager, which acts as an intermediary for the Kubernetes API server to negotiate the initial provisioning and retrieve the credentials necessary for the application to use a managed service. The Service Manager uses the Open Service Broker API to communicate with service brokers, which are responsible for managing the lifecycle of service instances and bindings12. The following diagram illustrates the architecture of the SAP BTP Service Operator for Kubernetes1:

As you can see, the architecture of the SAP BTP Service Operator for Kubernetes consists of the following parts12:

• API server: The API server is the main component of the Kubernetes control plane. It exposes the Kubernetes API and handles the requests from the clients, such as kubectl or the SAP BTP Service Operator. The API server also interacts with the etcd, which is the persistent storage for the cluster data.
• SAP BTP Service Operator: The SAP BTP Service Operator is a custom controller that watches the Kubernetes API server for changes to the custom resources (CRs) that represent the SAP BTP service instances and bindings. It reconciles the desired state of the CRs with the actual state of the SAP BTP services by calling the Service Manager API.
• Service Manager: The Service Manager is a component of SAP BTP that acts as a proxy between the SAP BTP Service Operator and the service brokers. It provides a unified API for managing service instances and bindings across different platforms and environments. It also handles the authentication and authorization of the requests from the SAP BTP Service Operator.
• Service Broker: The service broker is a component that implements the Open Service Broker API and provides the logic for provisioning, deprovisioning, binding, and unbinding service instances. The service broker can be either a native SAP BTP service broker or a third-party service broker that is registered in the Service Manager. References: Introducing SAP BTP Service Operator | SAP Blogs, Working with SAP BTP Service Operator | SAP Help Portal, SAP/sap-btp-service-operator - GitHub

 A Kubernetes cluster is a set of machines, either physical or virtual, that run Kubernetes agents and are managed by the control plane1. A cluster consists of at least one control plane node and one or more worker nodes. The control plane node runs the processes that control the cluster, such as the API server, the scheduler, and the controller manager. The worker nodes run the pods that host the containerized applications. Machines can be grouped into node pools, which are sets of machines that share the same configuration, such as size, type, or labels2. References: 1(https://kubernetes.io/docs/concepts/overview/components/),  2(https://www.redhat.com/en/topics/containers/what-is-a-kubernetes-cluster)

 In a Kubernetes cluster, services are assigned a DNS name based on the following pattern: ..svc.cluster.local. This allows pods to access services within the same namespace or across namespaces using the fully qualified domain name (FQDN). The svc.cluster.local part is the default domain for the cluster, but it can be customized by the cluster administrator. References: Kubernetes Services, DNS for Services and Pods

 The Kyma Eventing process uses the following technologies:

• HTTP-post requests: HTTP requests are delivered via POST-requests in terms of sending and receiving the events1.
• Jet Stream: Jet Stream provides the back end for the Kyma Eventing process1.
• NATS: NATS is an open source messaging system that is used for the Kyma Eventing process12. References: Discovering Kyma Eventing - SAP Learning, In-cluster eventing in SAP BTP, Kyma runtime | SAP Blogs

Kyma uses Kubernetes secrets as the secret and configuration management feature. A secret is an object that contains sensitive data, such as passwords, tokens, or keys, that can be accessed by authorized pods or users. Secrets can be created manually, generated dynamically, or imported from external sources. Kyma provides a custom resource (CR) called ServiceBinding that allows you to create secrets for service instances and inject them into your workloads. You can also use the Service Catalog UI or the Service Management CLI to manage your secrets123. References: Secrets | Kubernetes, Service Binding | SAP Help Portal, Service Catalog | SAP Help Portal, Service Management CLI | SAP Help Portal

Stateless workloads are workloads that do not store any data or application state on the host that serves the requests. Instead, they rely on the information provided by the client or an external service, such as a database, to process each request independently. Stateless workloads do not keep any references to past transactions or interactions, and they can be handled by any available server. Stateless workloads are more scalable, fault-tolerant, and easier to manage than stateful workloads, which require persistent storage and session management. Some examples of stateless workloads are web servers, print servers, or microservices. References: Stateful vs stateless - Red Hat, Create stateless workloads | Google Distributed Cloud Hosted - Google Cloud, Stateless vs Stateful Kubernetes - WEKA