Networking Flashcards
What is a service without selectors used for
Instead of using a selector for service, you can use endpoint objects directly to group a set of devices. The devices can be external to the cluster like a physical server outside k8s cluster.
When will endpoints have ip addresses
Endpoints object will be populated with pod ip addresses only after pod readiness probe succeeds.
How does node port routing work
If externaltrafficpolicy type is cluster then kube proxy will find all the endpoints behind the service that exposes node port and configure iptables rules to load balance the traffic to all the backend endpoints. If policy type is local then the traffic will not be load balanced only routed to the pods running on the node which received the traffic
What happened when you create a service
Kube proxy creates iptables rules based on the service created
Explain how can you use metallb and nginx for an ingress and the relationship between them. Explain in the context of Karbon
MetalLB in layer 2 mode can work as loadbalancer, the job of loadbalancer is to listen for kube service definitions of type Loadbalancer and allocate an IP address for the device. In Karbon metallb will run as pods, one of the speaker pods will take ownership of the allocated lb ip from an address pool defined in metallb configmap and will respond to any ARP requests. Now we have an IP to which no ports are bound. Install nginx ingress which will create a service called ingress-nginx-controller, this service should be of type LB so metalLB can allocate an ip for this service. Once ther ingress service is created it will redirect all the traffic received on the LB ip to the ingress controller pod which will them process the rules based on the ingress custom resource to route it to a proper backend service
How can you test if ingress is working with curl
Make curl request with header -H “HOST:<ingress_path>" to the NodePort or LBip that the ingress is configured with</ingress_path>
I have an application running on port 9200 and I don’t have an LB but I want to expose the application via the same port 9200 instead of a NodePort which will > 31000. Can i do it?
Yes if the worker node where the pod is running has the port free then create a service definition for the application as type NodePort and add an externalIps to the worker node ip where the pod is running, this will allow the application to be accessed via the worker node ip:9200 port
What is externalPolicyType
This defines if kube proxy should route the traffic always to the pods running on the worker node where the request was received or if it should route the traffic to all the pods in a round robin fashion
When communicating to a cluster up service how does the ip change to pod up
Kube proxy will configure rules in iptables which will translate cluster up to pod up and reverse the ips
A pod running on the same node is not able to reach another pod via service ip which is also running on the same node. what could be the problem. service type is cluster ip. packets are flowing between but the reply coming from pod ip instead of service ip
br_netfilter module could be missing causing snat failure
