Schedule Typha for scaling to well-known nodes

Big picture

Schedule Typha to well-known nodes.

Value

By scheduling Typha to well-known nodes, you can reduce the number of nodes which expose Typha’s listen port.

Concepts

Typha

Typha is a Calico component which improves scalability and reduces the impact that large clusters may have on the Kubernetes API. Typha agents must accept connections from other agents on a fixed port.

As part of the Calico bootstrap infrastructure, Typha must be available before pod networking begins and uses host networking instead. It opens a port on the node it is scheduled on. By default, it can get scheduled to any node and opens TCP 5473.

How to

Tell if you have installed Typha

  • Operator
  • Manifest

Operator based installations always include Typha.

Check if the calico-typha deployment exists in the kube-system namespace.

  1. kubectl get deployment -n kube-system calico-typha

Schedule Typha to well-known nodes

  • Operator
  • Manifest

You can use the Installation API to configure a node affinity for Typha pods. The operator supports both preferredDuringSchedulingIgnoredDuringExecution and requiredDuringSchedulingIgnoredDuringExecution options.

For example, to require the scheduler to place Typha on nodes with the label “typha=allowed”:

  1. kind: Installation
  2. apiVersion: operator.tigera.io/v1
  3. metadata:
  4.   name: default
  5. spec:
  6.   typhaAffinity:
  7.     nodeAffinity:
  8.       requiredDuringSchedulingIgnoredDuringExecution:
  9.       - matchExpressions:
  10.         - key: typha
  11.           operator: In
  12.           values:
  13.           - allowed

See scheduling Typha to well-known nodes.