6、kubernetes之 Service资源
Service强依赖于dns:coredns、kube-dns
服务资源调度图解,如下,
工作模式:userspace, iptables, ipvs userspace: 1.1-,效率很低,来回在内核之间转换。 iptables: 1.10- ipvs: 1.11+ 类型: ExternalName, ClusterIP, NodePort, and LoadBalancer 资源记录: SVC_NAME.NS_NAME.DOMAIN.LTD. svc.cluster.local. redis.default.svc.cluster.local.
1、redis svc操作demo
[root@k8s-master yas]# cat redis-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: redis-svc
namespace: default
spec:
selector:
app: redis
release: logstor
clusterIP: 10.99.99.99
type: ClusterIP
ports:
- port: 6379
targetPort: 6379
[root@k8s-master yas]# kubectl apply -f redis-svc.yaml
service/redis-svc created
[root@k8s-master yas]# kubectl get svc redis-svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
redis-svc ClusterIP 10.99.99.99 <none> 6379/TCP 17s
[root@k8s-master yas]# kubectl describe svc redis-svc
Name: redis-svc
...
Type: ClusterIP
IP: 10.99.99.99
Port: <unset> 6379/TCP
TargetPort: 6379/TCP
Endpoints: 10.244.2.31:6379
Session Affinity: None
Events: <none>
2、myapp svc操作
[root@k8s-master yas]# cat myapp-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: myapp-svc
namespace: default
spec:
selector:
app: myapp
release: canary
clusterIP: 10.99.99.98
type: NodePort
ports:
- port: 80
targetPort: 80
nodePort: 30080
[root@k8s-master yas]# kubectl apply -f myapp-svc.yaml
service/myapp-svc configured
[root@k8s-master yas]# kubectl get svc myapp-svc -owide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
myapp-svc NodePort 10.99.99.98 <none> 80:30080/TCP 11m app=myapp,release=canary
[root@k8s-master yas]# kubectl get pod --show-labels -l app=myapp
NAME READY STATUS RESTARTS AGE LABELS
myapp-deploy-9699554f5-bmtpd 1/1 Running 0 45m app=myapp,pod-template-hash=9699554f5,release=canary
myapp-deploy-9699554f5-hwkvh 1/1 Running 0 45m app=myapp,pod-template-hash=9699554f5,release=canary
myapp-deploy-9699554f5-tcwhl 1/1 Running 0 6h36m app=myapp,pod-template-hash=9699554f5,release=canary
[root@k8s-master yas]# kubectl describe svc myapp-svc
Name: myapp-svc
Namespace: default
Labels: <none>
Annotations: kubectl.kubernetes.io/last-applied-configuration:
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":"myapp-svc","namespace":"default"},"spec":{"clusterIP":"10.99.99.9...
Selector: app=myapp,release=canary
Type: NodePort
IP: 10.99.99.98
Port: <unset> 80/TCP
TargetPort: 80/TCP
NodePort: <unset> 30080/TCP
Endpoints: 10.244.2.24:80,10.244.2.29:80,10.244.2.30:80
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
在浏览器或其他非k8s集群主机上(集群外部)访问验证:
[root@k8s-node1 ~]# while true;do curl 192.168.1.201:30080;sleep 1;done
[root@k8s-node1 ~]# while true;do curl 192.168.1.201:30080/hostname.html ;sleep 1;done
myapp-deploy-9699554f5-hwkvh
...
myapp-deploy-9699554f5-tcwhl
这里如果故意把选择器-标签写错,就会匹配不到后端的pod,虽然没有报错,但是访问是异常的。
如将选择器-标签:release: canary改成release: cana,试试,如下截图
选择器匹配不上,缺少后端pod,前端访问也会异常。
pod service访问架构图示,
绑定pod,访问会话亲和性配置示例
$ kubectl explain svc.spec.sessionAffinity
$ kubectl get svc myapp-svc
$ while true;do curl 192.168.1.201:30080/hostname.html ;sleep 2;done # 第三方验证,监视
$ kubectl patch svc myapp-svc -p '{"spec":{"sessionAffinity":"ClientIP"}}' #绑定session亲和性
$ kubectl patch svc myapp-svc -p '{"spec":{"sessionAffinity":"None"}}' #还原默认配置
如下截图展示,
无头服务环境,后面有状态机控制器(stateful)会使用到。
root@k8s-master yas]# cat myapp-svc-headless.yaml
apiVersion: v1
kind: Service
metadata:
name: myapp-svc-h
namespace: default
spec:
selector:
app: myapp
release: canary
clusterIP: "None"
ports:
- port: 80
targetPort: 80
[root@k8s-master yas]# kubectl create -f myapp-svc-headless.yaml
[root@k8s-master yas]# kubectl get svc myapp-svc-h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
myapp-svc-h ClusterIP None <none> 80/TCP 81s
[root@k8s-master yas]# dig -t A myapp-svc.default.svc.cluster.local. @10.96.0.10
[root@k8s-master yas]# dig -t A myapp-svc-h.default.svc.cluster.local. @10.96.0.10
如下截图对比,
service:放外部请求进来,需要两级转换,两级调度。
引入集群外部流量调度,Ingress,基于7层服务调度,必须使用pod七层服务调度。另外还有trifik,INVone方式实现。
