Services & Networking Flashcards

1
Q

What is the purpose of a service?

A

An abstract way to expose an application running on a set of Pods as a network service. Allows other applications or users to connect to an application running on Kubernetes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the types of service?

A
  • NodePort
  • ClusterIP
  • LoadBalancer
  • ExternalName
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a NodePort service type?

A

Exposes the Service on each Node’s IP at a static port (the NodePort). A ClusterIP Service, to which the NodePort Service routes, is automatically created.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How is a NodePort service accessed?

A

nodeIP:nodePort

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a ClusterIP service type?

A

Exposes the Service on a cluster-internal IP. Choosing this value makes the Service only reachable from within the cluster. This is the default ServiceType.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a LoadBalancer service type?

A

Exposes the Service externally using a cloud provider’s load balancer. NodePort and ClusterIP Services, to which the external load balancer routes, are automatically created.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the default node port range?

A

30000 to 32767

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the Service definition spec for a NodePort. e.g. node port 30000, exposing a Pod labelled foo=bar on port 80

A

spec: type: NodePort ports: - targetPort: 80 port: 80 nodePort: 30000 selector: foo:bar

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

For a NodePort, how does the port field differ from targetPort field?

A

targetPort is the port on the Pod which is being exposed. port is the corresponding port in the service which connects to the exposed targetPort. port is the only mandatory field.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What happens in a NodePort spec if the targetPort is not explicitly specified?

A

targetPort defaults to the value of port

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What happens in a NodePort spec if the nodePort is not explicitly specified?

A

A free port number in the valid range (30000 to 32767) is automatically allocated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the imperative command for listing all Services in the default namespace?

A

kubectl get svc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How does a NodePort deal with multiple pods in a Node which match the selector?

A

The Service selects all the matching pods. The Service then balances load across the matching pods, using a random balancing algorithm.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How does a NodePort behave when there are multiple nodes in the cluster?

A

The port is exposed on all of the nodes, and the service can be accessed via the IP for any of the nodes. The service selects matching pods across the entire cluster, and automatically load balances between them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the Service definition spec for ClusterIP? (e.g. for a Service reachable on port 8080 which exposes port 80 on Pods with label foo=bar)

A

spec: ports: - targetPort: 80 port: 8080 selector: foo: bar

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is ingress?

A

An API object that manages external access to the services in a cluster, typically HTTP. Ingress may provide load balancing, SSL termination and name-based virtual hosting.

17
Q

What Service Types allow Ingress to be exposed outside the cluster?

A
  • NodePort
  • LoadBalancer
18
Q

What products are available for providing Ingress resources?

A

An Ingress Controller produces Ingress Resources. Kubernetes does not have an Ingress Controller by default. Third party tools such as GCE (google’s load balancer), nginx, haproxy, istio, and traefik are available.

19
Q

What is the apiVersion of an Ingress controller?

A

apps/v1 (it is deployed as a Deployment)

20
Q

What is the image used for an nginx Ingress controller?

A

quay.io/kubernetes-ingress-controller/nginx-ingress-controller

21
Q

In the Ingress Controller definition, what are the args required to start an nginx ingress controller?

A

spec: template: spec: containers: - args: - /nginx-ingress-controller - --configmap=$(POD_NAMESPACE)/nginx-configuration

22
Q

In the Ingress Controller definition, what are the environment variables required to be defined?

A

POD_NAME and POD_NAMESPACE
spec: template: spec: containers: - env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace

23
Q

What other resources are required for the Ingress controller?

A
  • Service
  • ConfigMap
  • ServiceAccount
  • Roles
  • ClusterRoles
  • RoleBindings
24
Q

What is the apiVersion of an Ingress resource?

A

networking.k8s.io/v1beta1

25
Q

In an Ingress resource definition, how are backend services connected? e.g. a path / on a host foo.org, to a service named svc1, and port 80

A

spec: rules: - host: foo.org http: paths: - path: / backend: serviceName: svc1 servicePort: 80

26
Q

By default what restrictions are there on network traffic between Pods/Services in a cluster?

A

By default Kubernetes is “All Allow”, and all pods and services within a cluster and namespace can reach each other by their IP or Pod/Service FQDN.

27
Q

What is the purpose of NetworkPolicy resource?

A

NetworkPolicies allow you to specify how a pod is allowed to communicate with various network entities over the network. It allows you to control traffic flow at the IP address or port level (OSI layer 3 or 4).

28
Q

What is the apiVersion of NetworkPolicy?

A

networking.k8s.io/v1

29
Q

In the NetworkPolicy definition, how is an ingress rule applied? (e.g. TCP traffic on port 3000, from a Pod labelled foo:bar to a Pod labelled role:target

A

spec: podSelector: matchLabels: role: target policyTypes: - Ingress ingress: - from: - podSelector: matchLabels: foo: bar