kubernetes service 使用定义

介绍说明

1. 防止pod失联

2. 定义一组pod的访问策略

3. 支持CluserIP、NodePort和LoadBalancer 三种类型

4. service的底层实现主要有iptables和ipvs两种网络模式

Pod与Service的联系

通过label-selector 关联

通过Service实现Pod的负载均衡(TCP/UDP 四层)

service定义

apiVersion: v1  # 版本
kind: Service   # 资源类型
metadata:       # 元数据
  name: my-service  # 指定service名称
  namespace: default# 指定命名空间
spec:
  clusterIP: 10.0.0.1  # 指定IP
  ports:               # 端口设置
  - name: http         # 端口名称
    port: 80           # service端口
    protocol: TCP      # 指定使用的协议
    targetPort: 80     # 转发的后端端口                    
  selector:            # 标签选择器,通过标签匹配关联的pod
    app: nginx         # 标签

 

service的三种类型:NodePort,LoadBalance,externalName 的讲解与使用

1. NodePort
1.1 概述
ClusterIP创建的Service的IP地址只能在集群内部访问。而NodePort类型的Service,可以将Service的端口映射到Node的一个端口上,就可以在集群外部通过http://集群任意节点:NodePort来访问Service了

 

 

1.2 环境准备
首先利用Deployment创建出3个Pod,为Pod设置app=nginx-pod的标签

新建pod-controller.yaml,内容如下。然后运行deployment

[root@k8s-master ~]# cat pod-controller.yaml 

apiVersion: apps/v1
kind: Deployment
metadata:
  name: pod-controller
  namespace: dev
  labels:
    controller: deploy
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx-pod
  template:
    metadata:
      labels:
        app: nginx-pod
    spec:
      containers:
        - name: nginx
          image: nginx:latest
          ports:
            - name: nginx-port
              containerPort: 80
              protocol: TCP

[root@k8s-master ~]# kubectl apply -f pod-controller.yaml
deployment.apps/pod-controller created
[root@k8s-master ~]#
查看3个pod的信息

[root@k8s-master ~]# kubectl get pod -n dev -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
pod-controller-5b899bbdb4-267mq 1/1 Running 0 2m15s 10.244.36.124 k8s-node1 <none> <none>
pod-controller-5b899bbdb4-ffkgj 1/1 Running 0 2m15s 10.244.169.154 k8s-node2 <none> <none>
pod-controller-5b899bbdb4-hf75p 1/1 Running 0 2m15s 10.244.169.152 k8s-node2 <none> <none>
[root@k8s-master ~]#
然后将每个nginx的首页内容,修改成各自的pod IP地址。这里以10.244.36.124上的nginx为例,其它两个操作类似

[root@k8s-master ~]# kubectl exec -it pod-controller-5b899bbdb4-267mq -c nginx -n dev -- /bin/bash
root@pod-controller-5b899bbdb4-267mq:/#
root@pod-controller-5b899bbdb4-267mq:/# echo "10.244.36.124" > /usr/share/nginx/html/index.html
root@pod-controller-5b899bbdb4-267mq:/#
root@pod-controller-5b899bbdb4-267mq:/# exit
exit
[root@k8s-master ~]#
[root@k8s-master ~]# curl 10.244.36.124:80
10.244.36.124
[root@k8s-master ~]#
10
1.3 创建Service
新建service-nodeport.yaml,内容如下。然后运行Service

apiVersion: v1
kind: Service
metadata:
  name: service-nodeport
  namespace: dev
spec:
  selector:
    app: nginx-pod
  type: NodePort
  clusterIP: 10.96.68.68
  sessionAffinity: ClientIP
  ports:
    - protocol: TCP
      port: 80 
      targetPort: 80
      nodePort: 30080

1.4 查看Service然后访问页面
[root@k8s-master ~]#
[root@k8s-master ~]# kubectl get svc service-nodeport -n dev -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
service-nodeport NodePort 10.96.68.68 <none> 80:30080/TCP 2m38s app=nginx-pod
[root@k8s-master ~]#
[root@k8s-master ~]# curl 192.168.23.160:30080
10.244.36.124
[root@k8s-master ~]#
[root@k8s-master ~]# curl 192.168.23.161:30080
10.244.36.124
[root@k8s-master ~]#
[root@k8s-master ~]# curl 192.168.23.162:30080
10.244.36.124
2. LoadBalancer
LoadBalancer和NodePort很相似,目的都是向外部暴露一个端口,区别在于LoadBalancer会在集群的外部再来做一个负载均衡设备,而这个设备需要外部环境的支持,外部服务发送到这个设备上的请求,会被设备负载之后转发到集群中

 

 

3. ExternalName
ExternalName类型的Service用于引入集群外部的服务,它通过externalName属性指定一个服务的地址,然后在集群内部访问此Service就可以访问到外部的服务了

 

 

3.1 创建Service
新建service-externalname.yaml,内容如下。然后运行Service

[root@k8s-master ~]# cat service-externalname.yaml

apiVersion: v1
kind: Service
metadata:
  name: service-externalname
  namespace: dev
spec:
  type: ExternalName
  externalName: www.baidu.com

[root@k8s-master ~]# kubectl apply -f service-externalname.yaml
service/service-externalname created
[root@k8s-master ~]#
3.2 域名解析
[root@k8s-master ~]# dig @10.96.0.10 service-externalname.dev.svc.cluster.local

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.9 <<>> @10.96.0.10 service-externalname.dev.svc.cluster.local
; (1 server found)
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3244
;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;service-externalname.dev.svc.cluster.local. IN A

;; ANSWER SECTION:
service-externalname.dev.svc.cluster.local. 30 IN CNAME www.baidu.com.
www.baidu.com. 30 IN CNAME www.a.shifen.com.
www.a.shifen.com. 30 IN A 14.215.177.38
www.a.shifen.com. 30 IN A 14.215.177.39

;; Query time: 41 msec
;; SERVER: 10.96.0.10#53(10.96.0.10)
;; WHEN: 六 5月 21 16:15:22 CST 2022
;; MSG SIZE rcvd: 247

[root@k8s-master ~]#

  

 

posted @ 2024-03-15 16:10  羊脂玉净瓶  阅读(17)  评论(0)    收藏  举报