DevOps Classroom notes 14/Feb/2025

Resources in Pod

  • It is a recommended practice to define the range of resource needs in a pod spec for a container
  • resources defines a boundary of needs with requests as lower limit and limits as higher limit
  • IN resource we can specify
    • memory
    • cpu
    • hugepage size
    • gpu
  • requests (lower limit) impact scheduling decisions
  • Lets create a pod with some requests and limits
  • Best Practice:
    • Is to define both requests and limits
    • At a bare minimum atleast define limits
  • when CPU usage of a container is more than limits then it throttles and when the memory need of container is more than limits, outofmemory (oom) error will be thrown
  • QOS (Quality of Service)

    • Guaranteed
      • same requests and limits
    • Burstable
      • minimum requests and maximum limits
    • Best Effort:
      • No resources are defined

CNI (Container Network Interface)

  • What does CNI do
    • Allocating IP address to Pods
    • Configuring virtual network interfaces in Pod and its routing table
    • Enforcing network policies (depends on CNI chooses)
    • Enables communication between pods
  • Kubernetes does not come with default CNI, so after installing k8s we are supposed to install CNI plugin
CNI Plugin Network Policy Support Basic Features
Calico Yes Designed for flexibility, high network performance, and advanced network administration; uses BGP routing as an underlay or IP-in-IP and VXLAN as an overlay; supports network policy management, access control lists (ACLs), and WireGuard for tunneling encryption[5].
Weave Net Yes Creates a mesh overlay network connecting all cluster nodes; handles fault tolerance, load balancing, and name resolution via a Weave DNS server; uses IPsec for encryption and VXLAN for encapsulation and routing[5].
Cilium Yes Can be used with multiple Kubernetes clusters and provides multi-CNI features; offers high-level inspection and pod-to-pod connectivity across clusters; manages packet inspection with network and application layer awareness; supports Kubernetes Network Policies through HTTP request filters[9].
Azure CNI Yes Extends Azure Virtual Networks to containers[3].
Multus CNI N/A Allows pods to have multiple network interfaces[3].
OVN4NFV-K8S-Plugin N/A An OVN based CNI controller plugin to provide cloud native based Service function chaining (SFC), Multiple OVN overlay networking[3].
Kube-OVN Yes Bases on OVN/OVS and provides advanced features like subnet, static IP, ACL, QoS, etc[3].
Hybridnet N/A Designed for hybrid clouds, providing both overlay and underlay networking for containers in one or more clusters; overlay and underlay containers can run on the same node with cluster-wide bidirectional network connectivity[3].
Terway N/A A collection of CNI Plugins based on Alibaba Cloud VPC/ECS network product[3].
DANM N/A A CNI-compliant networking solution for TelCo workloads running on Kubernetes[3].
Knitter N/A A CNI plugin supporting multiple networking for Kubernetes[3].
cni-route-override N/A A meta CNI plugin that overrides route information[3].
Spiderpool N/A An IP Address Management (IPAM) CNI plugin of Kubernetes for managing static IP for underlay network[3].
Bridge No Creates a bridge and adds the host and the container to it[1].
ipvlan No Adds an ipvlan interface in the container[1].
loopback No Sets the state of loopback interface to up[1].
macvlan No Creates a new MAC address and forwards all traffic to that to the container[1].
ptp No Creates a veth pair[1].
vlan No Allocates a VLAN device[1].
host-device No Moves an already-existing device into a container[1].
dummy No Creates a new Dummy device in the container[1].
win-bridge No Creates a bridge and adds the host and the container to it (Windows specific)[1].
win-overlay No Creates an overlay interface to the container (Windows specific)[1].
dhcp No Runs a daemon on the host to make DHCP requests on behalf of the container[1].
host-local No Maintains a local database of allocated IPs[1].
static No Allocates a single static IPv4/IPv6 address to container, useful for debugging[1].
tuning No Tweaks sysctl parameters of an existing interface[1].
portmap No An iptables-based port mapping plugin; maps ports from the host’s address space to the container[1].
bandwidth No Allows bandwidth-limiting through use of traffic control tbf (ingress/egress)[1].
sbr No A plugin that configures source-based routing for an interface (from which it is chained)[1].
firewall No A firewall plugin that uses iptables or firewalld to add rules to allow traffic to/from the container[1].

Which CNI to choose (on-premise)

  • The size of k8s cluster
    • smaller cluster
    • larger cluster
  • Observability
  • Network policy
  • latency

Label

  • A label in kubernetes is a name value pair
  • Because this is the only query or filter mechanism
  • Labels and Selectors

Scaling Applications in k8s

  • We deploy an individual service on a pod, when we want to scale our applicaton, we scale pods not containers
  • To deal with scaling and other aspects of managing applications lets look at other workloads which are generally referred as controllers,
  • Workloads
    • ReplicaSet (Replication Controller)
    • Deployment
    • Jobs (CronJobs)
    • Statefulsets

Published
Categorized as Uncategorized Tagged

By continuous learner

devops & cloud enthusiastic learner

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Animated Social Media Icons by Acurax Responsive Web Designing Company

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Visit Us On FacebookVisit Us On LinkedinVisit Us On Youtube