k8s-Service

One service Concept

Kubernetes  Service Defines such an abstraction : One Pod Logical grouping , A strategy for accessing them —— It's often called micromachining

service . This group Pod It can be Service Access to the , Usually by Label Selecto

 

Service Ability to provide load balancing , But there are the following restrictions on use :

Only available 4 Layer load balancing capability , But not 7 Layer function , But sometimes we may need more matching rules to forward requests , At this point 4 layer

Load balancing is not supported

Two servce type

Service stay K8s There are four types of

  • ClusterIp: Default type , Automatically assign one only Cluster Internally accessible virtual IP

  • NodePort: stay ClusterIP On the basis of Service Bind a port on each machine , So you can get through : NodePort To access the service

  • LoadBalancer: stay NodePort On the basis of , With the help of cloud provider( Cloud provider , Rechargeable ) Create an external load balancer , And forward the request to : NodePort

 

  • ExternalName: Introduce services from outside the cluster into the cluster , Use it directly inside the cluster . No proxy of any type is created , This is only kubernetes 1.7 Or later kube-dns To support

2.1 clusterip

2.1.1 Concept

clusterIP Mainly in every node Node usage iptables, Send to clusterIP The data of the corresponding port , Forwarding to kube-proxy in . then kube-proxy There is a method to realize load balancing inside , And you can find this service Lower corresponding pod The address and port of , And then forward the corresponding data to pod The address and port of

General structure :

svc How to communicate with the back end pod signal communication , It's through the back end pod And so on

2.2.2 example

Create three pod

 

apiVersion: apps/v1
kind: Deployment
metadata:
  name: myapp-deploy
  namespace: default
spec:
  replicas: 3
  selector:
    matchLabels:
      app: myapp
      release: stabel
  template:
    metadata:
      labels:
        app: myapp
        release: stabel
        env: test
    spec:
      containers:
      - name: myapp
        image: wangyanglinux/myapp:v2
        imagePullPolicy: IfNotPresent
        ports:
        - name: http
          containerPort: 80

Turn on svc clusterip

 

apiVersion: v1
kind: Service
metadata:
  name: myapp
  namespace: default
spec:
  type: ClusterIP
  selector:
    app: myapp
    release: stabel
  ports:
  - name: http
    port: 80
    targetPort: 80

 

see cluseterip

 

[[email protected] yaml]# kubectl get svc
NAME         TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   10.96.0.1      <none>        443/TCP   7h8m
myapp        ClusterIP   10.99.48.182   <none>        80/TCP    8m14s

 

visit 10.99.48.182 There are three pod Of ip

2.2.3 The headless service (headless service)

headless service Also belong to clausterip A kind of , No distribution clusterip, No load and routing

apiVersion: v1
kind: Service
metadata:
  name: nginx-service 
  labels:
    app: nginx
spec:
  selector:
    app: nginx
  clusterIP: "None"
  ports:
  - port: 80
    targetPort: 80

 

 

2.2 nodeport

nodePort The principle of this is in node There's a port on it , Import traffic to this port into kube-proxy, Then from kube-proxy Go further to give the corresponding pod

example :

 

apiVersion: v1
kind: Service
metadata:
  name: myapp
  namespace: default
spec:
  type: NodePort
  selector:
    app: myapp
    release: stabel
  ports:
  - name: http
    port: 80
    targetPort: 80

2.3 ExternalName

This type of Service By returning CNAME And its value , Services can be mapped to externalName The contents of the field ( for example :

hub.atguigu.com ).ExternalName Service yes Service The special case of , It has no selector, There are no defined ports and

Endpoint. Contrary , For services running outside the cluster , It provides the service by returning the alias of the external service

example ;

 

apiVersion: v1
kind: Service
metadata:
  name: myapp-headless
  namespace: default
spec:
  selector:
    app: myapp
  clusterIP: "None"
  ports:
  - port: 80
    targetPort: 80

see :

verification :

dig -t A my-service-1.default.svc.cluster.local. @10.244.2.9

 

dig -t A my-service-1.default.svc.cluster.local. @10.244.2.9
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> -t A my-service-1.default.svc.cluster.local. @10.244.2.9
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36528
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;my-service-1.default.svc.cluster.local. IN A
;; ANSWER SECTION:
my-service-1.default.svc.cluster.local. 30 IN CNAME hub.atguigu.com.
;; Query time: 36 msec
;; SERVER: 10.244.2.9#53(10.244.2.9)
;; WHEN:  Two  3 month  17 21:13:47 CST 2020
;; MSG SIZE  rcvd: 134

 

 

3、 ... and Be careful

svc It has to be with pod In the same namespace , Otherwise it won't automatically bind