Services & Networking

Question 1

What is the purpose of a service?

Answer 1

An abstract way to expose an application running on a set of Pods as a network service. Allows other applications or users to connect to an application running on Kubernetes.

Question 2

What are the types of service?

Answer 2

• NodePort
• ClusterIP
• LoadBalancer
• ExternalName

Question 3

What is a NodePort service type?

Answer 3

Exposes the Service on each Node’s IP at a static port (the NodePort). A ClusterIP Service, to which the NodePort Service routes, is automatically created.

Question 4

How is a NodePort service accessed?

Answer 4

nodeIP:nodePort

Question 5

What is a ClusterIP service type?

Answer 5

Exposes the Service on a cluster-internal IP. Choosing this value makes the Service only reachable from within the cluster. This is the default ServiceType.

Question 6

What is a LoadBalancer service type?

Answer 6

Exposes the Service externally using a cloud provider’s load balancer. NodePort and ClusterIP Services, to which the external load balancer routes, are automatically created.

Question 7

What is the default node port range?

Answer 7

30000 to 32767

Question 8

What is the Service definition spec for a NodePort. e.g. node port 30000, exposing a Pod labelled foo=bar on port 80

Answer 8

spec:
type: NodePort
ports:
- targetPort: 80
port: 80
nodePort: 30000
selector: foo:bar

Question 9

For a NodePort, how does the port field differ from targetPort field?

Answer 9

targetPort is the port on the Pod which is being exposed. port is the corresponding port in the service which connects to the exposed targetPort. port is the only mandatory field.

Question 10

What happens in a NodePort spec if the targetPort is not explicitly specified?

Answer 10

targetPort defaults to the value of port

Question 11

What happens in a NodePort spec if the nodePort is not explicitly specified?

Answer 11

A free port number in the valid range (30000 to 32767) is automatically allocated.

Question 12

What is the imperative command for listing all Services in the default namespace?

Answer 12

kubectl get svc

Question 13

How does a NodePort deal with multiple pods in a Node which match the selector?

Answer 13

The Service selects all the matching pods. The Service then balances load across the matching pods, using a random balancing algorithm.

Question 14

How does a NodePort behave when there are multiple nodes in the cluster?

Answer 14

The port is exposed on all of the nodes, and the service can be accessed via the IP for any of the nodes. The service selects matching pods across the entire cluster, and automatically load balances between them.

Question 15

What is the Service definition spec for ClusterIP? (e.g. for a Service reachable on port 8080 which exposes port 80 on Pods with label foo=bar)

Answer 15

spec: ports: - targetPort: 80 port: 8080 selector: foo: bar

Question 16

What is ingress?

Answer 16

An API object that manages external access to the services in a cluster, typically HTTP. Ingress may provide load balancing, SSL termination and name-based virtual hosting.

Question 17

What Service Types allow Ingress to be exposed outside the cluster?

Answer 17

• NodePort
• LoadBalancer

Question 18

What products are available for providing Ingress resources?

Answer 18

An Ingress Controller produces Ingress Resources. Kubernetes does not have an Ingress Controller by default. Third party tools such as GCE (google’s load balancer), nginx, haproxy, istio, and traefik are available.

Question 19

What is the apiVersion of an Ingress controller?

Answer 19

apps/v1 (it is deployed as a Deployment)

Question 20

What is the image used for an nginx Ingress controller?

Answer 20

quay.io/kubernetes-ingress-controller/nginx-ingress-controller

Question 21

In the Ingress Controller definition, what are the args required to start an nginx ingress controller?

Answer 21

spec: template: spec: containers: - args: - /nginx-ingress-controller - --configmap=$(POD_NAMESPACE)/nginx-configuration

Question 22

In the Ingress Controller definition, what are the environment variables required to be defined?

Answer 22

POD_NAME and POD_NAMESPACE
spec: template: spec: containers: - env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace

Question 23

What other resources are required for the Ingress controller?

Answer 23

• Service
• ConfigMap
• ServiceAccount
• Roles
• ClusterRoles
• RoleBindings

Question 24

What is the apiVersion of an Ingress resource?

Answer 24

networking.k8s.io/v1beta1

Question 25

In an Ingress resource definition, how are backend services connected? e.g. a path / on a host foo.org, to a service named svc1, and port 80

Answer 25

spec: rules: - host: foo.org http: paths: - path: / backend: serviceName: svc1 servicePort: 80

Question 26

By default what restrictions are there on network traffic between Pods/Services in a cluster?

Answer 26

By default Kubernetes is “All Allow”, and all pods and services within a cluster and namespace can reach each other by their IP or Pod/Service FQDN.

Question 27

What is the purpose of NetworkPolicy resource?

Answer 27

NetworkPolicies allow you to specify how a pod is allowed to communicate with various network entities over the network. It allows you to control traffic flow at the IP address or port level (OSI layer 3 or 4).

Question 28

What is the apiVersion of NetworkPolicy?

Answer 28

networking.k8s.io/v1

Question 29

In the NetworkPolicy definition, how is an ingress rule applied? (e.g. TCP traffic on port 3000, from a Pod labelled foo:bar to a Pod labelled role:target

Answer 29

spec: podSelector: matchLabels: role: target policyTypes: - Ingress ingress: - from: - podSelector: matchLabels: foo: bar