Office hours - May 16 (LFS258)

chrispokorni

Hello,

Today we clarified a few lecture concepts and an action from a lab exercise:

Chapter 4

• Q: Why does Kubernetes expect that the pod-to-pod network be available?
• A: Kubernetes does not take advantage of the existing isolated container networks available on the container hosts (nodes) it manages, instead, the container orchestrator relies on 3rd party tools that implement a single wider network, across all nodes, called the pod-to-pod network.

Chapter 4

• Q: Why the need for a ClusterIP service if pods are assigned their own unique private IP addresses and can communicate with each other over the pod-to-pod network?
• A: A pod is ephemeral, meaning that both the pod's name and pod's IP address may change several times during the lifecycle of a containerized application running in the pod. A permanent solution is a service exposing the pods of an application, offering a permanent access interface with a consistent name and a stable ClusterIP address that integrate with the cluster's internal DNS that helps to remove any discovery overhead and communication complexity between pods.

Lab exercise 3.3

• Q: Is the control-plane taint removal recommended for a production Kubernetes cluster?
• A: No. The control-plane taint is assigned by default to any control plane nodes during the cluster bootstrapping performed by kubeadm. The control-plane taint protects the control plane nodes by repelling user workload, thus ensuring the control plane node's compute resources remain dedicated to agents and jobs responsible for managing the cluster as a whole. The taint is removed from the lab environment to allow the control plane node to accept user workload, simulating the behavior of a multi-worker node cluster.

Regards,
-Chris