18-ExternalName类型和endpoint实现K8S集群外部服务映射

一、ExternalName类型实现K8S集群外部服务映射

1.编写资源清单

[root@master231 service]# cat 04-svc-ExternalName.yaml 
apiVersion: v1
kind: Service
metadata:
  name: svc-externalname
spec:
  # externalName: www.baidu.com
  externalName: www.cnblogs.com
  type: ExternalName

2.创建资源

[root@master231 service]# kubectl apply -f  04-svc-ExternalName.yaml 
service/svc-externalname created

[root@master231 service]# kubectl get -f 04-svc-ExternalName.yaml
NAME               TYPE           CLUSTER-IP   EXTERNAL-IP       PORT(S)   AGE
svc-externalname   ExternalName   <none>       www.cnblogs.com   <none>    3s

3.使用 dig 工具查询集群中svc-externalname的DNS 解析结果

[root@master231 service]# dig @10.200.0.10  svc-externalname.default.svc.oldboyedu.com +short 
www.cnblogs.com.
118.31.180.41
101.37.225.65

[root@master231 service]# ping www.cnblogs.com -c 3
PING www.cnblogs.com (118.31.180.41) 56(84) bytes of data.
64 bytes from 118.31.180.41 (118.31.180.41): icmp_seq=1 ttl=128 time=26.9 ms
64 bytes from 118.31.180.41 (118.31.180.41): icmp_seq=2 ttl=128 time=26.7 ms
64 bytes from 118.31.180.41 (118.31.180.41): icmp_seq=3 ttl=128 time=26.9 ms

--- www.cnblogs.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2005ms
rtt min/avg/max/mdev = 26.724/26.839/26.931/0.086 ms

#dig到的dns与ping得到的dns相同,如果不同可能是网站本身做了CDN加速

4.使用缺陷

​ 使用ExternalName实现外部服务映射需要单独配置DNS服务,因为涉及到了其他技术栈,学习成本高,不经常使用。通常使用endpoint来实现。

二、endpoints实现K8S集群外部服务映射

1.什么是endpoints

​ endpoints简称ep,表示端点的意思,用户存储一个或多个IP地址及端口列表。

除了ExternalName外的svc类型,在创建时都会创建一个同名称的ep资源。

​ 当svc删除时会自动删除该ep。

​ 我们如果想要将局域网内部的某个服务器的服务映射到K8S集群内部的某个svc,我们的思路可以先创建一个ep,而后创建一个同名称的svc与之关联即可。

2.验证svc对应的ep关系

2.1 查看svc的全部信息

[root@master231 service]# kubectl get svc -A
NAMESPACE          NAME                              TYPE           CLUSTER-IP       EXTERNAL-IP       PORT(S)                  AGE
calico-apiserver   calico-api                        ClusterIP      10.200.87.86     <none>            443/TCP                  2d4h
calico-system      calico-kube-controllers-metrics   ClusterIP      None             <none>            9094/TCP                 2d4h
calico-system      calico-typha                      ClusterIP      10.200.43.178    <none>            5473/TCP                 2d4h
default            baidu                             ExternalName   <none>           www.cnblogs.com   <none>                   10m
default            kubernetes                        ClusterIP      10.200.0.1       <none>            443/TCP                  2d4h
default            rc-xiuxian                        ClusterIP      10.200.196.245   <none>            80/TCP                   24h
default            svc-externalname                  ExternalName   <none>           www.cnblogs.com   <none>                   8m51s
default            svc-wp-lb                         LoadBalancer   10.200.229.158   10.0.0.151        80:30130/TCP             40m
default            svc-xiuxian                       ClusterIP      10.200.25.148    <none>            90/TCP                   24h
default            svc-xiuxian-nodeport              NodePort       10.200.21.38     <none>            90:30090/TCP             22h
kube-system        kube-dns                          ClusterIP      10.200.0.10      <none>            53/UDP,53/TCP,9153/TCP   2d4h
metallb-system     metallb-webhook-service           ClusterIP      10.200.27.157    <none>            443/TCP                  3h59m
oldboyedu          svc-db                            ClusterIP      10.200.86.142    <none>            3306/TCP                 40m
oldboyedu          svc-xiuxian-lb                    LoadBalancer   10.200.150.228   10.0.0.150        90:30120/TCP             3h52m

2.2 查看endpoint的全部信息

[root@master231 service]# kubectl get endpoints -A
NAMESPACE          NAME                              ENDPOINTS                                                           AGE
calico-apiserver   calico-api                        10.100.140.67:5443,10.100.203.144:5443                              2d4h
calico-system      calico-kube-controllers-metrics   10.100.160.134:9094                                                 2d4h
calico-system      calico-typha                      10.0.0.232:5473,10.0.0.233:5473                                     2d4h
default            kubernetes                        10.0.0.231:6443                                                     2d4h
default            rc-xiuxian                        <none>                                                              24h
default            svc-wp-lb                         10.100.140.127:80                                                   39m
default            svc-xiuxian                       <none>                                                              24h
default            svc-xiuxian-nodeport              <none>                                                              22h
kube-system        kube-dns                          10.100.160.133:53,10.100.160.135:53,10.100.160.133:53 + 3 more...   2d4h
metallb-system     metallb-webhook-service           10.100.203.160:9443                                                 3h58m
oldboyedu          svc-db                            10.100.203.169:3306                                                 39m
oldboyedu          svc-xiuxian-lb                    10.100.140.119:80,10.100.140.120:80,10.100.203.161:80 + 2 more...   3h51m

2.3 得出结论

​ 我们对比两张表来看,只有当svc类型为ExternalName时,不会自动创建一个endpoint资源

2.4 查看详细信息

#选择一个svc类型为非ExternalName查看详细信息,时创建了ep资源的,endpoint已经列出所有准备好的(Ready)Pod 的 IP 地址
[root@master231 service]# kubectl -n oldboyedu describe svc svc-xiuxian-lb 
Name:                     svc-xiuxian-lb
Namespace:                oldboyedu
Labels:                   <none>
Annotations:              metallb.io/ip-allocated-from-pool: linux96
Selector:                 version=v1
Type:                     LoadBalancer
IP Family Policy:         SingleStack
IP Families:              IPv4
IP:                       10.200.150.228
IPs:                      10.200.150.228
LoadBalancer Ingress:     10.0.0.150
Port:                     <unset>  90/TCP
TargetPort:               80/TCP
NodePort:                 <unset>  30120/TCP
Endpoints:                10.100.140.119:80,10.100.140.120:80,10.100.203.161:80 + 2 more...
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

#查看该pod的详细ep信息
[root@master231 service]# kubectl -n oldboyedu describe ep svc-xiuxian-lb 
Name:         svc-xiuxian-lb
Namespace:    oldboyedu
Labels:       <none>
Annotations:  endpoints.kubernetes.io/last-change-trigger-time: 2025-04-09T04:00:15Z
Subsets:
  Addresses:          10.100.140.119,10.100.140.120,10.100.203.161,10.100.203.162,10.100.203.164
  NotReadyAddresses:  <none>
  Ports:
    Name     Port  Protocol
    ----     ----  --------
    <unset>  80    TCP

Events:  <none>

3.ep实战案例

3.1 在K8S集群外部部署MySQL数据库

[root@harbor250.oldboyedu.com ~]# docker run -d --name mysql-server --network host -e MYSQL_DATABASE=wordpress -e MYSQL_ALLOW_EMPTY_PASSWORD=yes -e MYSQL_USER=admin -e MYSQL_PASSWORD=yinzhengjie harbor250.oldboyedu.com/oldboyedu-wp/mysql:8.0.36-oracle --character-set-server=utf8 --collation-server=utf8_bin --default-authentication-plugin=mysql_native_password

[root@harbor250.oldboyedu.com ~]# ss -ntl | grep 3306
LISTEN 0      70                 *:33060            *:*          
LISTEN 0      151                *:3306             *:*   

[root@harbor250.oldboyedu.com ~]# docker exec -it mysql-server mysql wordpress
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 9
Server version: 8.0.36 MySQL Community Server - GPL

Copyright (c) 2000, 2024, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> SHOW TABLES;
Empty set (0.00 sec)

mysql>

3.2 编写资源清单

[root@master231 endpoints]# cat 01-ep-svc-deploy.yaml 
apiVersion: v1
#设置资源类型为ep,资源名称为ep-db
kind: Endpoints
metadata:
  name: ep-db
subsets:
  - addresses:
  #获取10.0.0.250外部服务器的mysql服务
      - ip: 10.0.0.250
    ports:
      - port: 3306

--- 
#使用默认的svc类型,
apiVersion: v1
kind: Service
#使用ep资源向服务器内部暴露端口
metadata:
  name: ep-db
spec:
  type: ClusterIP
  ports:
    - port: 3306

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: deploy-wp
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      apps: wp
  template:
    metadata:
      labels:
        apps: wp
    spec:
      containers:
      - image: harbor250.oldboyedu.com/oldboyedu-wp/wordpress:6.7.1-php8.1-apache 
        name: wp
        env:
        - name: WORDPRESS_DB_HOST
        # 指定数据库服务的来源为ep-db
          value: ep-db
        - name: WORDPRESS_DB_NAME
          value: wordpress
        - name: WORDPRESS_DB_USER
          value: admin
        - name: WORDPRESS_DB_PASSWORD
          value: yinzhengjie
    
---

apiVersion: v1
kind: Service
metadata:
  name: svc-wp-lb
  namespace: default
spec:
  type: LoadBalancer
  ports:
  - port: 80
  selector:
    apps: wp
    
    
    
[root@master231 endpoints]# kubectl apply -f 01-ep-svc-deploy.yaml 
endpoints/ep-db created
service/ep-db created
deployment.apps/deploy-wp created


[root@master231 endpoints]# kubectl get -f 01-ep-svc-deploy.yaml 
NAME              ENDPOINTS         AGE
endpoints/ep-db   10.0.0.250:3306   4s

NAME            TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)    AGE
service/ep-db   ClusterIP   10.200.2.2   <none>        3306/TCP   4s

NAME                        READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/deploy-wp   1/1     1            1           4s

NAME                TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
service/svc-wp-lb   LoadBalancer   10.200.77.193   10.0.0.151    80:32203/TCP   4s



[root@master231 endpoints]# kubectl get pods -o wide
NAME                         READY   STATUS    RESTARTS   AGE   IP              NODE        NOMINATED NODE   READINESS GATES
deploy-wp-6666c4477c-5zc8q   1/1     Running   0          60s   10.100.140.66   worker233   <none>           <none>

3.3 测试验证

​ 在网页安装好WordPress,查看数据库

[root@harbor250.oldboyedu.com ~]# docker exec -it mysql-server mysql wordpress
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 9
Server version: 8.0.36 MySQL Community Server - GPL

Copyright (c) 2000, 2024, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>
mysql> SHOW TABLES;
+-----------------------+
| Tables_in_wordpress   |
+-----------------------+
| wp_commentmeta        |
| wp_comments           |
| wp_links              |
| wp_options            |
| wp_postmeta           |
| wp_posts              |
| wp_term_relationships |
| wp_term_taxonomy      |
| wp_termmeta           |
| wp_terms              |
| wp_usermeta           |
| wp_users              |
+-----------------------+
12 rows in set (0.00 sec)

mysql>
posted @ 2025-04-09 21:34  丁志岩  阅读(61)  评论(0)    收藏  举报