Class 5 - Expose App, Scale App and Update App

Question 1

What are Kubernetes Nodes?

Answer 1

• A node is main worker machine
• AKA minions
• Could run on physical machine or VM
• Provides all necessary services to run pods
• Are managed by master

Question 2

Which are key services running on Node?

Answer 2

• Container Engine (docker, rkt)
• Kubelet
• Kube-proxy

Question 3

What happens when we do kubeadm join command to create a node?

Answer 3

Kubeadm collects metadata about the machine and stores that object in etcd.

Question 4

What happens when we delete the node?

Answer 4

On deleting the node, the object that is stored in etcd about that machine is removed. Actual VM is not removed.

Question 5

Categories of Kubernetes node status? (HINT there are 4 categories)

Answer 5

Kubernetes node status shows valuable information for planning and managing operations.

1. Address (internal or external IP) - Static
2. Condition (current state of node) - Dynamic
3. Capacity (current capacity of node) - Dynamic
4. Info - Static

Question 6

Which command can be used to view node status?

Answer 6

kubectl describe node

will show details about all 4 categories of status

Question 7

What is the condition category of node status?

Answer 7

Kubernetes keeps on getting current health check of node. That includes memory pressure, disk pressure, PID pressure etc.

Question 8

What is Ready condition of node?

Answer 8

Ready condition is true when all the other conditions are false. If any condition becomes true, the node status changes to either NotReady, MemoryOutOfBounds, etc.

Question 9

What information does Kubernetes node status - Capacity category provide?

Answer 9

Describes the resources available on the node. Using this information, you can decide on the number of pods that can be scheduled.
CPU, Memory, Storage are some capacity information available.

Question 10

Capacity vs Allocatable?

Answer 10

Capacity is the actual resources that are available on the node and allocatable shows how many are free for allocation at any point in time, after subtracting resources taken by OS, etc.

Question 11

What information does Kubernetes node status - System info provide?

Answer 11

It shows Kernel info, OS details, Kubernetes details (version, kubelet version, kube proxy version etc)

Question 12

In Kubernetes cluster is node created by Kubernetes itself?

Answer 12

No, a node is not created by Kubernetes. They are created outside of it like on a bare-metal, VM or public cloud.
On creating node in Kubernetes
- It creates an object to the present node
- It validates the object to quality it for running a Pod
- If it doesn’t qualify then it will keep the node in Invalid state unless it is deleted or fixed by admin to qualify.

Question 13

Which are the three ways to interact with the nodes?

Answer 13

• KubeController - kubectl
• Kubelet
• Node Controller

Question 14

Which command can be used to edit a node?

Answer 14

kubectl edit node

will allow changing node

Question 15

Who controls IP addresses of pods on a node?

Answer 15

NodeController controls IP addresses of pods running. Each node gets its block of IP address which it uses to allocate IP address.

Question 16

Which are the responsibility of Node Controller?

Answer 16

It is part of Kubernetes master

• Assign CIDR blocks to nodes
• Maintain list of nodes
• Monitor health of nodes

Question 17

What is Kubernetes Service?

Answer 17

Kubernetes service acts as a load balancer. A service can cater to one or more pods. Multiple pods point to single service resource.

Services are nothing but another type of resource which allows pods to be exposed to other pods in cluster or expose the pods to the external world.

Question 18

What are Kubernetes services equivalent to?

Answer 18

They are equivalent to IP Table rules.

Question 19

How to decide which pod should be assigned to which service? What are the conventions?

Answer 19

Ideally one service per applciation type.

Question 20

Which IP address is assigned to service resource?

Answer 20

Service resource are assigned a totally different IP than pod CIDR service.

Question 21

Is service resource static or dynamic resource and can it fail?

Answer 21

Service resource is static resource and it cannot fail. It has fixed IP.

Question 22

What type of Service resource will you create when you want a application to be available within cluster?

Answer 22

ClusterIP service resource can be used.

Question 23

Do we care which IP address the service is provided?

Answer 23

Not really, because pod can connect to the service using DNS name which is service name.

Question 24

Is pod to pod direct communication possible using pod name?

Answer 24

No a pod to pod communication is not possible directly using pod name, only through service can this be done.

Question 25

Suppose we want expose a pod to the external world, which are the ways to do that?

Answer 25

There are two types of service resource that allow us to do that

1) NodePort - which is same as docker port mapping, where in internal container port will be mapped with host machine port.
2) LoadBalancer - it is same as NodePort with the difference is that it assigns external IP address. This is only available for cloud deployments and not available for on-premise deployments. Only on Managed Kubernetes Services.

Question 26

Example command to expose a nginx pod using ClusterIP service type?

Answer 26

kubectl expose pod –port= –type=ClusterIP
When we don’t provide external port then Kubernetes itself assigns.

The cluster IP will be static IP and will be different than Pod network CIDR.

Question 27

Which command can be used to display Kubernetes service?

Answer 27

kubectl get svc
or
kubectl get services

Question 28

Can service by service name be accessible from outside the pod?

Answer 28

No, the service DNS mapping in internal to pod cluster and will not be accessible outside the cluster.

Question 29

Command to view details of service?

Answer 29

kubectl describe svc

Question 30

How to find which endpoints are connected to a particular service?

Answer 30

kubectl describe svc

will have Endpoints which will have IP:port of multiple pods that are pointing to same service.

Question 31

Command to delete a service?

Answer 31

kubectl delete svc

Question 32

Command to create a NodePort service?

Answer 32

kubectl expose pod –port=80 –type=NodePort

On doing this kubernetes will automatically assign an external port in configurable range.
So after doing that the service can be reached by using
kmaster: or knode1: etc.

Question 33

Where are the external ports occupied when creating NodePort resource?

Answer 33

The external port is occupied on whole cluster. So on all nodes firing netstat will how port occupied by kube-proxy service.

Question 34

Command to quickly run nginx image using Kubernetes?

Answer 34

kubectl run nginx –image=nginx

Question 35

Where are labels defined in Kubernetes?

Answer 35

It is inside the metadata section of kubernetes yaml file.

Question 36

Where are labels defined in Kubernetes?

Answer 36

It is inside the metadata section of kubernetes yaml file.

Question 37

What can be kept in label?

Answer 37

Label is any key value pair that makes sense to devops team, etc.

Question 38

What happens if you have two pods (nginx and mysql) with same labels and when you expose nginx pod with ClusteIP type service called nginx?

Answer 38

On doing
kubectl describe svc nginx
You will find that endpoints have two entries, one for nginx and other for mysql even though we didn’t expose mysql pod.

Question 39

Why does creating service resource on a particular pod with same label as some other pod, expose both the pods?

Answer 39

Because in Kubernetes whenever you create a resource, they don’t work on top of pods. They don’t map to the pod, they map to the LABEL of the pod.

Question 40

What does resources in Kubernetes map to? Pods or Labels?

Answer 40

Resources in Kubernetes map to labels of pods and not pods.

Question 41

What are labels?

Answer 41

• Key value pairs
• Attached to pods, replication controllers
• used to identify and organize objects
• Can be created at time of creation of pod
• Can be added or modified after pod creation as well

Question 42

What happens if there is no label and we try to create a service resource?

Answer 42

If there is no label associated with a particular pod, then the service will FAIL and say that there is no label.

Question 43

What are labels and resources assigned to?

Answer 43

Labels -> Pods

Selectors -> Resources (like service)

Question 44

What are selectors?

Answer 44

Labels don’t provide uniqueness

• With selectors, application/user can pick group of objects by it’s label
• Core grouping mechanism in Kubernetes

Question 45

How many types of selectors are supported in Kuberntes?

Answer 45

2 types

• Equality based selector
• Set based selector

Question 46

What can be given in equality based selectors?

Answer 46

Useful for filtering by key-value maching
Only == and != operators can be used.
You cannot give expression such as
app=v1 & app=v2 and such

Question 47

Can we give expression like && and || in Equality based selector?

Answer 47

No we can only give simple == or != check in equality based selector.

Question 48

What capability we have in set based selector?

Answer 48

Allows filtering of keys based on set of values

• Three operators are supported
• in
• not in
• exists

this allows fine grained control over selection.

e.g. team in (HR, training)
This will match for team value equal to HR or training

exists(Club)
Club: matches all resources with label ‘club’. No values are matched.

Question 49

Difference between Replication controller and Replica Set?

Answer 49

Replication controller only supports equality based selectors
Replica set supports set based selector so it is much more powerful.

Question 50

What is replication controller?

Answer 50

It is a super set of pod and its job is to achieve the desired state by making sure desired state number of pods are always running

Question 51

What are jobs of replication controller?

Answer 51

• Achieve desired state
• Create new pod if existing one crashes or is killed
• Update or delete multiple pods with single command
• Helps to create, scale and maintain multiple pods as part of desired state.

Question 52

Is replication controller a dynamic or static thing?

Answer 52

Replication controller is just a resource in which desired state is defined.

Question 53

Command to delete all pods?

Answer 53

kubectl delete pods –all

Question 54

Sample yaml file to create Replication Controller

Answer 54

apiVersion: v1
kind: ReplicationController
metadata:
  name: myrc
  labels:
    app: replicationcontroller
spec:
  replicas: 5
  selector:
    app: myapp
  template:
    metadata:
      name: nginx
      labels:
        app: myapp
    spec:
      containers:
        - name: nginx
          image: nginx

Replication controller will govern all pods that have selector as app = myapp.

Question 55

What happens if you run replication controller which will govern app = myapp with replication of 5 and there are already 2 pods running with the selector?

Answer 55

If there are already two pods running with label app= myapp, it will only create 3 more pods. If replication controller cannot find any with defined selector then it will create 5.

Question 56

Command to view replication controller?

Answer 56

kubectl get replicationcontroller
or
kubectl get rc

Question 57

What information does kubectl get replicationcontroller show?

Answer 57

NAME, DESIRED, CURRENT, READY, AGE

myrc, 5, 5, 5, 14s

Question 58

Command to view detail information about a replication controller?

Answer 58

kubectl describe rc

Question 59

Can we create a service to expose ReplicationController?

Answer 59

Yes we can do that as far as the replication controller has a label associated with it.

Question 60

Command to expose a replication controller with NodePort type?

Answer 60

kubectl expose rc –port 80 –type=NodePort
This will expose the rc and firing describe on service will show n endpoints being exposed where n is the replication count.

Question 61

Replica Set vs Replication Controller

Answer 61

Exact same functionalities.
Replica Set supports set based selectors whereas Replication controller supports equality based selectors.
Replica set makes it easy to do blue-green deployments, canary based deployments.

Question 62

Does Replica Set support updates? Does Replication Controller support updates? Does Deployment controller support updates?

Answer 62

Replication Controller allows to update image names or image versions.
Replica Sets don’t allow updates.

“Updates are not feature of Replica Set”

Yes deployment controller does support updates.

Question 63

Sample yaml file for Replica Set

Answer 63

apiVersion: apps/v1
kind: ReplicaSet
metadata:
  name: mysqlrs
  labels:
    app: mysql
spec:
  replicas: 3
  selector:
    matchExpressions:
      - {key: app, operator: In, values: [mysql_1, mysql_2]}
    template:
      but with mysql_2 label

Question 64

Difference between matchExpressions vs matchLabels in ReplicaSet?

Answer 64

matchExpressions - set based selector

matchLabels - equality based selector

Question 65

Command to get list of replica sets

Answer 65

kubectl get replicaset
or
kubectl get rs

Question 66

Command to view detail of replica sets

Answer 66

kubectl describe replicaset

Question 67

Key uses of Deployment controller

Answer 67

• Rollout of new replicaset
• Rollback to earlier version
• Scale up to handle more load
• Define new state of the pods (update labels etc)

Question 68

Relation between ReplicationController, ReplicaSet and Deployment Controller

Answer 68

DeploymentController is superset of ReplicaSet, which is super set of ReplicationController

Question 69

Important properties of Deployment Controller

Answer 69

• revisionHistoryLimit : 5
  How many history (previous) instances of replicaset will be kept available for us to do rollback

rollingUpdate:
maxUnavailable: 1
maxSurge: 2

maxUnavailable means lets say system can handle full load using only n - 1 instances. So during the update one instance and only one instance can go down. Total no of pods that can go down during rolling update.

maxSurge means how many additional pods can come up on top of your replicas. So when we update one instance at a time (due to max unavailable as 1), deployment controller will spin up new ReplicaSet with 3 = (replicas: 3 - 1 (is down)) + maxSurge)
Once update finishes state goes back to 3 replicas as older replica set pods will be deleted.