How Do We Deploy Pods

Static Pods vs controllers

There are two ways to deploy Pods:

1. Directly via a Pod manifest (rare)

2. Indirectly via a workload resource and controller (most common)

Deploying directly from a Pod manifest creates a static Pod that cannot self-heal, scale, or perform rolling updates. This is because they’re only managed by the kubelet on the node they’re running on, and kubelets are limited to restarting containers on the same node. Also, if the node fails, the kubelet fails as well and cannot do anything to help the Pod.

On the flip side, Pods deployed via workload resources get all the benefits of being managed by a highly available controller that can restart them on other nodes, scale them when demand changes, and perform advanced operations such as rolling updates and versioned rollbacks. The local kubelet can still attempt to restart failed containers, but if the node fails or gets evicted, the controller can restart it on a different node.

Remember, when we say restart the Pod, we mean replace it with a new one.

The Pod network

Every Kubernetes cluster runs a Pod network and automatically connects all Pods to it. It’s usually a flat Layer-2 overlay network that spans every cluster node and allows every Pod to talk directly to every other Pod, even if the remote Pod is on a different cluster node.

The Pod network is implemented by a third-party plugin that interfaces with Kubernetes and configures the network via the Container Network Interface (CNI).

We choose a network plugin at cluster build time, and it configures the Pod network for the entire cluster. Lots of plugins exist, and each one has its pros and cons. However, at the time of writing, Cilium is the most popular and implements a lot of advanced features such as security and observability.

Figure 4.4 shows three nodes running five Pods. All five Pods are connected to the Pod network and can communicate with each other. We can also see the Pod network spanning all three nodes. However, the network is only for Pods and not nodes. As shown in the diagram, we can connect nodes to multiple different networks, but the Pod network spans them all.