L8 - Platform as a Service (PaaS) - Kubernetes 2/2

Question 1

What are web containers supported by?

Answer 1

A helper container that pulls the latest content.

Question 2

How do pods create the environment for containers?

Answer 2

• unique IP address, shared memory etcs.
• containers inside a Pod use ports on the Pods’ localhost interface

Question 3

How do pods have their own network namespace

Answer 3

Single IP address, single range of TCP ports and a routing table

Question 4

How does external access to a container in a Pod take place?

Answer 4

• Pod IP address combined with the port of the container

Question 5

How does container-to-container communication in a Pod work?

Answer 5

localhost adapter and port number

Question 6

4 characteristics of pods

Answer 6

1. Units of scheduling (scaling through adding or removing pods)
2. Atomic units (starting or stopping pods will start and stop all containers)
3. Mortal (a replacement Pod will have a new ID and IP and might run on another node)
4. Managed by higher-level controllers (deployment, daemonSet, StatefulSet)

Question 7

What does daemonSet do?

Answer 7

Ensures a Pod is running on each node

Question 8

What does StatefulSet do?

Answer 8

StatefulSet is a Kubernetes object that manages a set of replicated pods, ensuring that each pod has a unique, persistent network identity and that the pods are deployed in a predictable order. StatefulSets are used for applications that require stable, unique network identities and persistent storage, such as databases, message brokers, and caches.

Adds guarantees and ordering and uniqueness of Pods

Question 9

What is a Pod Network?

Answer 9

• for Pod-to-Pod communication
• K8s sets up bridge networks and routing tables such that Pods can reach other Pods via their IP address

Question 10

What are examples of Pod Networks?

Answer 10

AWS VPC Container Network Interface (CNI), Calico

Question 11

How are a Pod’s resources limited?

Answer 11

Through cgroups.

Question 12

What do cgroups do?

Answer 12

• specify the resource limits for CPU, RAM, IOPS

Question 13

What are the resource limits of Pods?

Answer 13

The aggregated limits of the containers plus possibly some Pod overhead

Question 14

How is a pod created?

Answer 14

1. Define a Pod in a manifest
2. POST manifest to API server
3. Schedule a Pod on a cluster

Question 15

4 characteristics of Pod deployment

Answer 15

1. Self-healing: failed Pods are replaced
2. Scaling: # of replicas in ReplicaSet can be adapted as required & current state is adapted to match desired one
3. Rolling update
4. Versioned rolling update

Question 16

How does a rolling update take place?

Answer 16

• POST a new version of the deployment YAML file with a new version of a container image
• K8s creates a new ReplicaSet
• When a new Pod is created in the ReplicaSet then an old Pod from the previous ReplicaSet is deleted –> zero downtime

Question 17

What is a versioned rolling update?

Answer 17

• The old ReplicaSet still exists with the old configuration
• Rolling back simply winds up the old ReplicaSet

Question 18

What do “Services” do for Pods?

Answer 18

• provide a reliable networking for a set of Pods
• stable DNS name, IP address and port
• service discovery through K8s DNS service
• LB across Pods
• Pods are connected to a service via labels and selector

Question 19

What does the Endpoints object in a service do?

Answer 19

It is a dynamic list of Pods that match the label selector and balances requests over the Pods in the Endpoints.

Question 20

4 types of Services

Answer 20

1. ClusterIP Service
2. NodePort Service
3. LB Service
4. ExternalName Service

Question 21

What does the clusterIP Service do?

Answer 21

• IP address and port are only accessible inside of the cluster

A ClusterIP Service in Kubernetes is a type of service that exposes a set of pods to other parts of the cluster. A ClusterIP service provides a stable IP address and ports that are accessible only within the cluster.

Question 22

What does the NodePort Service do?

Answer 22

• service has an additional port called the NodePort
• can be reached by sending a request to the IP address of any cluster node on the NodePort
• kube-proxy listens to that port and replaces target by the cluster IP of the service and its port. Then it is a cluster local request

The NodePort Service in Kubernetes is a type of service that exposes a application running on a cluster to external network traffic by assigning a static port on each node of the cluster. The traffic to this static port is then forwarded to the corresponding pod serving the application. NodePort is the simplest and most primitive way of exposing a service, it is useful for testing or simple use cases where load balancing is not needed.

Question 23

LB Service

Answer 23

• extension of NodePort Service
• allows clients to reach Pods via LBs

Question 24

ExternalName Service

Answer 24

• allows to route traffic to systems outside of your K8s cluster
• the service is implemented outside of the cluster and accessible through a domain name which is specified in the service YAML

Question 25

How does Service Discovery work?

Answer 25

a service request is handled on the node by rewriting the service IP address obtained from Cluster DNS into the IP address of a Pod in the Endpoints object of the service. This rewriting is setup by the kube-proxy process.

Question 26

How is Kubernetes Storage built up?

Answer 26

1. Persistent Volume
2. Persistent volume (PV) subsystem
3. Container Storage Interface (CSI)

Question 27

What does PV subsystem allow?

Answer 27

• persistent volume (PV) object allows to map external storage onto the cluster

Question 28

Two autoscalers

Answer 28

• Horizontal Pod autoscaler
• Vertical Pod autoscaler

Question 29

What is the horizontal Pod autoscaler?

Answer 29

• controller for ReplicaSet
• modifies the desired # of replicas within declared bounds
• resource metrics are typically collected through the metrics-server and accessible from the APIserver through the Metrics API

Question 30

What is Vertical Pod Autoscaler?

Answer 30

Vertical Pod Autoscaler (VPA) is a Kubernetes extension that provides automatic scaling for the resources (such as CPU and memory) used by individual pods. VPA works by analyzing the resource utilization of pods over time, and adjusting the resource requests and limits specified in the pod definitions to ensure that the pods receive the resources they need to operate optimally.

VPA operates at the pod level, which allows it to provide more fine-grained control over resource allocation compared to traditional horizontal pod autoscalers, which scale the number of replicas of a pod based on demand. With VPA, the resources requested by a pod can be increased or decreased based on actual utilization, which helps to optimize resource utilization and minimize waste.

Calculates the resource requests for Pods based on usage.
Specification of the Vertical Pod Autoscaler includes:
- deployment or StatefulSet
- Update Policy
- ResourcePolicy
- Recommendations based on historic and current usage

Question 31

What is the Update Policy in vertical Pod autoscaling?

Answer 31

How the changes in resources are applied to the pods
- off: resources are not modified
- initial: assign the resources only at the start of the Pod
- Recreate: deletion and recreation of a Pod
- Auto: can use any method

Question 32

What is the ResourcePolicy in vertical Pod autoscaling?

Answer 32

Computes resource requirements for a container in the Pod. Different policies can be used for different containers.
Limited by min and max allowed resources
Recommendations are given as interval of recommended resources.

Question 33

What is the cluster autoscaler?

Answer 33

• adapts the number of nodes of the K8s cluster and runs the Master Node
• scaling through the cloud provider interface
• if Pods cannot be scheduled due to a shortage of resources, the number of nodes is increased.