(azure) kubernetes (service) Flashcards
what is the difference between a deployment and service?
a deployment is used to keep a set of pods running by creating pods from a template a service is used to allow network access to a set of pods
a service is an abstract way to expose an application running on a set of Pods as a network service.
what do targetport and port enable in a service?
kind: Service
metadata:
name: vanilla-webapp
spec:
type: LoadBalancer
ports:
- port: 80
targetPort: 5000
targetport
port to listen to (internally) against any container with label ‘vanilla-webapp’
port
port to listen to and expose to outside world
what is a container orchestrator?
centralised management layer for containerised applications
what is a cluster?
- a cluster is a group of compute/nodes working together as a single system
- shared networking
- centralised management
what is in the control plane?
kube-apiserver
- communication hub in and out of cluster
- exposes k8s API
- cluster gateway
- gatekeeper for authentication
- user entry point for user requests (ui, api, cli)
e.g. user request -> apiserver validates request -> scheduler -> kublet
etcd
- a key-value backing store that holds stated of the entire cluster
- the “cluster brain”
- records all cluster state changes
scheduler
- “intelligent decision-maker”
- determines the best location on the nodes for pods/containers
- affinity and anti-affinity
controller
- monitors and responds to events to maintain desired state
- detects cluster changes
- attempts to recover cluster state to desired state ASAP
e.g. controller -> scheduler -> kublet
what is a clusterIP?
internal IP to pod
what is a nodePort?
static port to pod
what is a loadBalancer?
cloud provided loadBalancer for external access
what is an ephemeral volume?
- lasts lifetime of the pod
- will not lose data if pod is destroyed
- eg. caching
what is a persistent volume?
- lifetime does not follow lifetime of pod
- will live on after pod destroyed
- eg. databases and messages queues
what is a namespace?
- Namespaces help pod-to-pod communication using the same namespace.
- Namespaces are virtual clusters that can sit on top of the same physical cluster.
- They provide logical separation between the teams and their environments.
- Everything in the default or a single namespace would get complex and confusing
- Group resources into namespaces (similar to resource groups)
- Officially: don’t bother if you have a smaller project with less than 10 users
- Unofficially: use namespaces always as a best practice
- Multiple teams is another good use case
- Allows same named applications to co-exist as they are in different namespaces
- Different environments in the same cluster
- This way you can deploy common resources eg: elasticstack, nginx once
- Blue/green deployment
- Access and resource limits on namespaces
- Two teams working on same cluster different namespaces
- Allow access to ONLY their own namespace
- Limit resources on each namespace
- Consider:
- CANT access MOST resources from another namespace
- Each namespace must define its own configmap, secret
- CAN share a service across namespaces
- Some components can NOT be added to a namaespace and must remain global
- Kubectl api-resources –namespaced=false
- Can change active (default) namespace using
kubensapplication
what is a configMap used for?
storing non-sensitive configuration data
what is a headless service?
a “stateful” service.
think quorum and leaders.
think zookeeper.
a service that has a master and slave nodes
the master must commit before the slaves
this is useful for when you want to scale a resource that is replicated, requires ACID transactions, must remain consistent like a database
