Kubernetes的service资源介绍

service 

  三种工作模式：userspace、iptables、ipvs 

删除手动创建的service

?

1 2 3 4 5 6 7

[root@master ~]# kubectl delete svc redis service "redis" deleted [root@master ~]# kubectl get svc NAME         TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE kubernetes   ClusterIP   10.96.0.1        <none>        443/TCP        17d myapp        NodePort    10.103.191.244   <none>        80:31339/TCP   17d nginx        ClusterIP   10.108.177.175   <none>        80/TCP         17d

定义service 的顶级资源清单帮助

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35

[root@master ~]# kubectl explain svc KIND:     Service VERSION:  v1   DESCRIPTION:      Service is a named abstraction of software service (for example, mysql)      consisting of local port (for example 3306) that the proxy listens on, and      the selector that determines which pods will answer requests sent through      the proxy.   FIELDS:    apiVersion   <string>  版本      APIVersion defines the versioned schema of this representation of an      object. Servers should convert recognized schemas to the latest internal      value, and may reject unrecognized values. More info:      https://git.k8s.io/community/contributors/devel/api-conventions.md#resources      kind <string>  类型      Kind is a string value representing the REST resource this object      represents. Servers may infer this from the endpoint the client submits      requests to. Cannot be updated. In CamelCase. More info:      https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds      metadata <Object>  元数据      Standard object's metadata. More info:      https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata      spec <Object>  期望状态      Spec defines the behavior of a service.      https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status      status   <Object>      Most recently observed status of the service. Populated by the system.      Read-only. More info:      https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status

　　spec 的重要字段介绍

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108

[root@master ~]# kubectl explain svc.spec KIND:     Service VERSION:  v1   RESOURCE: spec <Object>   DESCRIPTION:      Spec defines the behavior of a service.      https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status        ServiceSpec describes the attributes that a user creates on a service.   FIELDS:    clusterIP    <string>  集群的podIP，动态分配的，如果想要固定地址可以使用这个字段定义      clusterIP is the IP address of the service and is usually assigned randomly      by the master. If an address is specified manually and is not in use by      others, it will be allocated to the service; otherwise, creation of the      service will fail. This field can not be changed through updates. Valid      values are "None", empty string (""), or a valid IP address. "None" can be      specified for headless services when proxying is not required. Only applies      to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is      ExternalName. More info:      https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies      externalIPs  <[]string>      externalIPs is a list of IP addresses for which nodes in the cluster will      also accept traffic for this service. These IPs are not managed by      Kubernetes. The user is responsible for ensuring that traffic arrives at a      node with this IP. A common example is external load-balancers that are not      part of the Kubernetes system.      externalName <string>      externalName is the external reference that kubedns or equivalent will      return as a CNAME record for this service. No proxying will be involved.      Must be a valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and      requires Type to be ExternalName.      externalTrafficPolicy    <string>      externalTrafficPolicy denotes if this Service desires to route external      traffic to node-local or cluster-wide endpoints. "Local" preserves the      client source IP and avoids a second hop for LoadBalancer and Nodeport type      services, but risks potentially imbalanced traffic spreading. "Cluster"      obscures the client source IP and may cause a second hop to another node,      but should have good overall load-spreading.      healthCheckNodePort  <integer>      healthCheckNodePort specifies the healthcheck nodePort for the service. If      not specified, HealthCheckNodePort is created by the service api backend      with the allocated nodePort. Will use user-specified nodePort value if      specified by the client. Only effects when Type is set to LoadBalancer and      ExternalTrafficPolicy is set to Local.      loadBalancerIP   <string>      Only applies to Service Type: LoadBalancer LoadBalancer will get created      with the IP specified in this field. This feature depends on whether the      underlying cloud-provider supports specifying the loadBalancerIP when a      load balancer is created. This field will be ignored if the cloud-provider      does not support the feature.      loadBalancerSourceRanges <[]string>      If specified and supported by the platform, this will restrict traffic      through the cloud-provider load-balancer will be restricted to the      specified client IPs. This field will be ignored if the cloud-provider does      not support the feature." More info:      https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/      ports    <[]Object>  端口与容器端口建立关系的定义      The list of ports that are exposed by this service. More info:      https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies      publishNotReadyAddresses <boolean>      publishNotReadyAddresses, when set to true, indicates that DNS      implementations must publish the notReadyAddresses of subsets for the      Endpoints associated with the Service. The default value is false. The      primary use case for setting this field is to use a StatefulSet's Headless      Service to propagate SRV records for its Pods without respect to their      readiness for purpose of peer discovery.      selector <map[string]string>  关联到那些pod资源上      Route service traffic to pods with label keys and values matching this      selector. If empty or not present, the service is assumed to have an      external process managing its endpoints, which Kubernetes will not modify.      Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if      type is ExternalName. More info:      https://kubernetes.io/docs/concepts/services-networking/service/      sessionAffinity  <string>  会话粘性      Supports "ClientIP" and "None". Used to maintain session affinity. Enable      client IP based session affinity. Must be ClientIP or None. Defaults to      None. More info:      https://kubernetes.io/docs/concepts/services -networking/service/#virtual-ips-and-service-proxies      sessionAffinityConfig    <Object>      sessionAffinityConfig contains the configurations of session affinity.      type <string>  指定type ，ClusterIP集群内部的通信地址NodePort  节点的地址供外部访问  LoadBalancer：公有云的负载均衡器  ExternalName：集群外部服务引入到集群内部使用      type determines how the Service is exposed. Defaults to ClusterIP. Valid      options are ExternalName, ClusterIP, ,NodePort and LoadBalancer.      "ExternalName" maps to the specified externalName. "ClusterIP" allocates a      cluster-internal IP address for load-balancing to endpoints. Endpoints are      determined by the selector or if that is not specified, by manual      construction of an Endpoints object. If clusterIP is "None", no virtual IP      is allocated and the endpoints are published as a set of endpoints rather      than a stable IP. "NodePort" builds on ClusterIP and allocates a port on      every node which routes to the clusterIP. "LoadBalancer" builds on NodePort      and creates an external load-balancer (if supported in the current cloud)      which routes to the clusterIP. More info:      https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types

　　ports 字段的定义

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43

[root@master ~]# kubectl explain svc.spec.ports KIND:     Service VERSION:  v1   RESOURCE: ports <[]Object>   DESCRIPTION:      The list of ports that are exposed by this service. More info:      https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies        ServicePort contains information on service's port.   FIELDS:    name <string>  名字      The name of this port within the service. This must be a DNS_LABEL. All      ports within a ServiceSpec must have unique names. This maps to the 'Name'      field in EndpointPort objects. Optional if only one ServicePort is defined      on this service.      nodePort <integer>  节点的端口      The port on each node on which this service is exposed when type=NodePort      or LoadBalancer. Usually assigned by the system. If specified, it will be      allocated to the service if unused or else creation of the service will      fail. Default is to auto-allocate a port if the ServiceType of this Service      requires one. More info:      https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport      port <integer> -required-  对外部提供访问服务的端口      The port that will be exposed by this service.      protocol <string>  协议      The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default      is TCP.      targetPort   <string>  容器的端口      Number or name of the port to access on the pods targeted by the service.      Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If      this is a string, it will be looked up as a named port in the target Pod's      container ports. If this is not specified, the value of the 'port' field is      used (an identity map). This field is ignored for services with      clusterIP=None, and should be omitted or set equal to the 'port' field.      More info:      https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service

　　service 的yml 文件定义

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14

[root@master manifests]# cat redis-svc.yaml apiVersion: v1 kind: Service metadata:   name: redis-svc   namespace: default spec:   selector:     app: redis   绑定的pod资源根据标签绑定的   clusterIP: 10.97.97.97    提供集群内访问地址   type: ClusterIP  类型   ports:   - port: 6379  service 对外提供的服务端口     targetPort: 6379   容器里暴露的端口

　　创建这个service服务

?

1 2	[root@master manifests]# kubectl apply -f redis-svc.yaml service/redis-svc created

　　查看这个service的运行状态

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14

[root@master manifests]# kubectl describe svc redis-svc Name:              redis-svc Namespace:         default Labels:            <none> Annotations:       kubectl.kubernetes.io/last-applied-configuration:                      {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":"redis-svc","namespace":"default"},"spec":{"clusterIP":"10.97.97.9... Selector:          app=redis Type:              ClusterIP IP:                10.97.97.97 Port:              <unset>  6379/TCP TargetPort:        6379/TCP Endpoints:         10.244.1.67:6379 Session Affinity:  None Events:            <none>

　　DNS资源记录格式

?

1 2 3

SVC_NAME.NS_NAME.DOMAIN.LTD 服务名.名称空间.资源域名后缀 默认资源后缀：svc.cluster.local

　　定一个节点级别的服务

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

[root@master manifests]# cat myapp-svc.yaml apiVersion: v1 kind: Service metadata:   name: myapp   namespace: default spec:   selector:     cx: yl  绑定的pod   clusterIP: 10.99.99.99  集群内部的地址   type: NodePort   ports:   - port: 80  集群内部访问端口     targetPort: 80  容器里暴露的端口     nodePort: 30080  外部访问端口

　　查看各个节点的端口

?

1 2 3 4 5 6

[root@master ~]# ss -lntp | grep 30080  主节点 LISTEN     0      128         :::30080                   :::*                   users:(("kube-proxy",pid=15320,fd=11)) [root@node01 ~]# ss -lntp | grep 30080   node01节点 LISTEN     0      128         :::30080                   :::*                   users:(("kube-proxy",pid=10352,fd=11)) [root@node02 ~]# ss -lntp | grep 30080   node02 节点 LISTEN     0      128         :::30080                   :::*                   users:(("kube-proxy",pid=10422,fd=11))

　　通过打补丁方式修改回话粘性

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18

[root@master manifests]# kubectl patch svc myapp -p '{"spec":{"sessionAffinity":"ClientIP"}}' service/myapp patched [root@master manifests]# kubectl describe svc myapp Name:                     myapp Namespace:                default Labels:                   <none> Annotations:              kubectl.kubernetes.io/last-applied-configuration:                             {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":"myapp","namespace":"default"},"spec":{"clusterIP":"10.99.99.99","... Selector:                 cx=yl Type:                     NodePort IP:                       10.99.99.99 Port:                     <unset>  80/TCP TargetPort:               80/TCP NodePort:                 <unset>  30080/TCP Endpoints:                10.244.1.60:80,10.244.1.61:80,10.244.1.64:80 + 2 more... Session Affinity:         ClientIP External Traffic Policy:  Cluster Events:                   <none>