Nodes Flashcards
What should be unique in a Node
Node name should be unique and we register with k8s with a unique node name. No 2 nodes can have the same node name
What are the two ways you can register nodes with k8s apiserver
Self registration and manual registration
What is required for a kubelet on a node to self register
kubeconfig to identify and authenticate to API server for registration. Flag –register-node set to true for automatically register the node.
What is the flag –node-ip used for
It provides a list of ip address (v4 or v6) to contact the node. You can only register a single ip for each family for example only 1 per IPV4 and 1 for IPV6.
What is the –node-labels used for
This will provide labels to assign to the node on registration.
how can you ensure a node is added with certain taints that will stop it from running certain pods
use the flag –register-with-taints for self registration
What is the best practice to change –node-labels for a node
It is always recommended to re-register the node to API server when changing node labels to avoid incorrect pod scheduling
How can you find how much resources a node has
kubectl describe node will provide the capacity and allocatable
Explain different conditions of the node
Ready - normal operating mode
Disk pressure - True if pressure on disk size meaning if the disk capacity goes low this will be set to True
Memory pressure - If node memory is low
PID pressure - if there are too many processes on the node
NetworkUnavaiable - If the network is not correctly configured
How to use a different hostname for kubelet than what is configured in the node operating system
–host-name-override option can be used with kubelet.
How long does the API server wait for before marking the node as unschedulable
node-monitor-grace-period which is 40 seconds by default
What happens when a node is not reachable by the api server.
API server marks the node with taints based on the type of condition
Node is not reachable - Mark with taint node.kubernetes.io/unreachable for Unknown Status
Kubelet not responding - Mark node.kubernetes.io/not-ready taint
What tain will cause the pods from a node to be evicted
NoExecute taint which is set will evict the pods that were running on the node
Why daemonsets are not evicted when you cordon a node
Scheduler decides to evict pods based on the taints attached to the node, daemonset controller when scheduling a pod adds a bunch of tolerations to the pod such as node.kubernetes.io/unreachable:NoExecute etc… these tolerations will allow the pod to run even though the nodes have been tainted
What is one of the field, the scheduler considers before scheduling a pod on a node
Scheduler looks for taints on the node to decide if the pod can be scheduled on the node.
What is the default no. of pods that a node can run and how can you check that no.
node describe will show the Capacity which is 110 pods by default
How do you find kubelet and kubeproxy version of a node
describe has it in Info column including kernel and containerd version
How much of the resources are allocatable in a node
Allocatable = Capacity - Kube-reserved - system-reserved - eviction threshold
Does kubelet enforce if pods use more than the allocatable
Kubelet can be configured to enforce allocatable limits with flag –enforce-node-allocatable flag, values are pods,system-reserved and kube-reserved
What is the use of eviction threshold
If bad pods leak memory or storage it could cause the host OS to run out of resources and cause OOM which will affect all the pods and host OS for this purpose eviction thresholds can be defined in the kubelet which will evict pods when the threshold is hit. Flag name is –eviction-hard
Show an example to evict pods when available memory on a node goes < 500Mi
–eviction-hard=memory.available<500Mi
