kubernetes通过service访问pod

service访问pod

每个pod都会有自己的ip地址,当controller用新的pod代替发生故障的pod时,新的pod会分配到新的IP地址

 

service有自己的ip,而且这个ip是不变的。客户端只需要访问service的ip kubernetes则负责建立和维护service与pod的映射关系,无论后端pod如何变化,对客户端不会有任何影响,因为service没有变

案例:

[root@master myservice]# cat service.yml 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: httpd-deploy
  labels:
    run: apache
spec:
  replicas: 3
  selector:
    matchLabels:
      run: apache
  template:
    metadata:
      labels:
        run: apache
    spec:
      containers:
      - name: httpd
        image: httpd
        ports:
        - containerPort: 80

 

[root@master myservice]# kubectl get pod -o wide
NAME                     READY   STATUS    RESTARTS   AGE   IP            NODE    NOMINATED NODE   READINESS GATES
httpd-57c7d78848-k8wnm   1/1     Running   0          25s   10.244.1.40   node1   <none>           <none>
httpd-57c7d78848-lmq97   1/1     Running   0          25s   10.244.1.39   node1   <none>           <none>
httpd-57c7d78848-v4mk8   1/1     Running   0          25s   10.244.2.30   node2   <none>           <none>



[root@master myservice]# curl 10.244.1.40
<html><body><h1>It works!</h1></body></html>

 

 

 

创建service

[root@master myservice]# cat server.yml 
apiVersion: v1
kind: Service
metadata:
   name: httpd-svc
spec:
  selector:
    run: apache
  ports:
  - protocol: TCP
    port: 8080
    targetPort: 80

 

[root@master myservice]# kubectl get service
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
httpd-svc    ClusterIP   10.96.213.197   <none>        8080/TCP   12m
kubernetes   ClusterIP   10.96.0.1       <none>        443/TCP    10d
[root@master myservice]# curl 10.96.213.197:8080
<html><body><h1>It works!</h1></body></html>

通过kubectl describe 可以查看httpd-svc 与pod的对应关系

[root@master myservice]# kubectl describe service httpd-svc
Name:              httpd-svc
Namespace:         default
Labels:            <none>
Annotations:       kubectl.kubernetes.io/last-applied-configuration:
                     {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":"httpd-svc","namespace":"default"},"spec":{"ports":[{"port":8080,"...
Selector:          run=apache
Type:              ClusterIP
IP:                10.96.213.197
Port:              <unset>  8080/TCP
TargetPort:        80/TCP
Endpoints:         10.244.1.43:80,10.244.1.44:80,10.244.2.32:80
Session Affinity:  None
Events:            <none>

DNS 访问 service

集群中的pod可以通过 服务名字+命名空间 访问服务:

 

[root@master myservice]# kubectl run -it --rm --image=busybox:latest bash
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
If you don't see a command prompt, try pressing enter.
/ # wget httpd-svc.default:8080
Connecting to httpd-svc.default:8080 (10.96.213.197:8080)
saving to 'index.html'
index.html           100% |*****************************************************|    45  0:00:00 ETA
'index.html' saved
/ # cat index.html 
<html><body><h1>It works!</h1></body></html>

 

外网访问服务:

需要在 httpd-svcspec下添加类型为NodePort

 

[root@master myservice]# cat server.yml 
apiVersion: v1
kind: Service
metadata:
   name: httpd-svc
spec:
  type: NodePort
  selector:
    run: apache
  ports:
  - protocol: TCP
    port: 8080
    targetPort: 80

 

重新运行yml文件

查看:

[root@master myservice]# kubectl get service
NAME         TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)          AGE
httpd-svc    NodePort    10.96.95.12   <none>        8080:30002/TCP   16s
kubernetes   ClusterIP   10.96.0.1     <none>        443/TCP          10d

类型变成了NodePort

监听30002端口收到请求会转发给10.96.95.128080端口,然后按照上面的规则发给pod

自己指定端口在30000-32767 之间别的端口不行

 

 

测试:

[root@master myservice]# curl 192.168.172.134:30002
<html><body><h1>It works!</h1></body></html>
[root@master myservice]# curl 192.168.172.135:30002
<html><body><h1>It works!</h1></body></html>
[root@master myservice]# curl 192.168.172.136:30002
<html><body><h1>It works!</h1></body></html>

自己指定端口:

[root@master myservice]# cat server.yml 
apiVersion: v1
kind: Service
metadata:
   name: httpd-svc
spec:
  type: NodePort
  selector:
    run: apache
  ports:
  - protocol: TCP
    nodePort: 31111
    port: 8080
    targetPort: 80

nodePort: 31111  是开放主机的端口

port: 8080       服务的端口

targetPort: 80    pod的端口

查看并验证:

[root@master myservice]# kubectl   describe   svc httpd-svc
Name:                     httpd-svc
Namespace:                default
Labels:                   <none>
Annotations:              kubectl.kubernetes.io/last-applied-configuration:
                            {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":"httpd-svc","namespace":"default"},"spec":{"ports":[{"nodePort":31...
Selector:                 run=apache
Type:                     NodePort
IP:                       10.96.103.106
Port:                     <unset>  8080/TCP
TargetPort:               80/TCP
NodePort:                 <unset>  31111/TCP
Endpoints:                10.244.1.47:80,10.244.1.48:80,10.244.2.36:80
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>
[root@master myservice]# kubectl get service
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
httpd-svc    NodePort    10.96.103.106   <none>        8080:31111/TCP   2m19s
kubernetes   ClusterIP   10.96.0.1       <none>        443/TCP          10d
[root@master myservice]# curl 192.168.172.134:31111
<html><body><h1>It works!</h1></body></html>
[root@master myservice]# curl 192.168.172.135:31111
<html><body><h1>It works!</h1></body></html>
[root@master myservice]# curl 192.168.172.136:31111
<html><body><h1>It works!</h1></body></html>