6、kubernetes之 Service资源

Service强依赖于dns:coredns、kube-dns
服务资源调度图解,如下,

复制代码
工作模式:userspace, iptables, ipvs
  userspace: 1.1-,效率很低,来回在内核之间转换。
  iptables: 1.10-
  ipvs: 1.11+
类型:
  ExternalName, ClusterIP, NodePort, and LoadBalancer
资源记录:
  SVC_NAME.NS_NAME.DOMAIN.LTD.
  svc.cluster.local.
  redis.default.svc.cluster.local.
复制代码

1、redis svc操作demo

复制代码
[root@k8s-master yas]# cat redis-svc.yaml 
apiVersion: v1
kind: Service
metadata:
  name: redis-svc
  namespace: default
spec:
  selector:
    app: redis
    release: logstor
  clusterIP: 10.99.99.99
  type: ClusterIP
  ports:
  - port: 6379
    targetPort: 6379
[root@k8s-master yas]# kubectl apply -f redis-svc.yaml 
service/redis-svc created
[root@k8s-master yas]# kubectl get svc redis-svc
NAME        TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)    AGE
redis-svc   ClusterIP   10.99.99.99   <none>        6379/TCP   17s
[root@k8s-master yas]# kubectl describe svc redis-svc     
Name:              redis-svc
...
Type:              ClusterIP
IP:                10.99.99.99
Port:              <unset>  6379/TCP
TargetPort:        6379/TCP
Endpoints:         10.244.2.31:6379
Session Affinity:  None
Events:            <none>
复制代码

2、myapp svc操作

复制代码
[root@k8s-master yas]# cat myapp-svc.yaml  
apiVersion: v1
kind: Service
metadata:
  name: myapp-svc
  namespace: default
spec:
  selector:
    app: myapp
    release: canary
  clusterIP: 10.99.99.98
  type: NodePort
  ports:
  - port: 80
    targetPort: 80
    nodePort: 30080
[root@k8s-master yas]# kubectl apply -f myapp-svc.yaml 
service/myapp-svc configured
[root@k8s-master yas]# kubectl get svc myapp-svc -owide 
NAME        TYPE       CLUSTER-IP    EXTERNAL-IP   PORT(S)        AGE   SELECTOR
myapp-svc   NodePort   10.99.99.98   <none>        80:30080/TCP   11m   app=myapp,release=canary
[root@k8s-master yas]# kubectl get pod --show-labels -l app=myapp
NAME                           READY   STATUS    RESTARTS   AGE     LABELS
myapp-deploy-9699554f5-bmtpd   1/1     Running   0          45m     app=myapp,pod-template-hash=9699554f5,release=canary
myapp-deploy-9699554f5-hwkvh   1/1     Running   0          45m     app=myapp,pod-template-hash=9699554f5,release=canary
myapp-deploy-9699554f5-tcwhl   1/1     Running   0          6h36m   app=myapp,pod-template-hash=9699554f5,release=canary
[root@k8s-master yas]# kubectl describe svc myapp-svc  
Name:                     myapp-svc
Namespace:                default
Labels:                   <none>
Annotations:              kubectl.kubernetes.io/last-applied-configuration:
                            {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":"myapp-svc","namespace":"default"},"spec":{"clusterIP":"10.99.99.9...
Selector:                 app=myapp,release=canary
Type:                     NodePort
IP:                       10.99.99.98
Port:                     <unset>  80/TCP
TargetPort:               80/TCP
NodePort:                 <unset>  30080/TCP
Endpoints:                10.244.2.24:80,10.244.2.29:80,10.244.2.30:80
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>
复制代码

在浏览器或其他非k8s集群主机上(集群外部)访问验证:
[root@k8s-node1 ~]# while true;do curl 192.168.1.201:30080;sleep 1;done
[root@k8s-node1 ~]# while true;do curl 192.168.1.201:30080/hostname.html ;sleep 1;done
myapp-deploy-9699554f5-hwkvh
...
myapp-deploy-9699554f5-tcwhl

这里如果故意把选择器-标签写错,就会匹配不到后端的pod,虽然没有报错,但是访问是异常的。
如将选择器-标签:release: canary改成release: cana,试试,如下截图

选择器匹配不上,缺少后端pod,前端访问也会异常。
pod service访问架构图示,

绑定pod,访问会话亲和性配置示例

$ kubectl explain svc.spec.sessionAffinity
$ kubectl get svc myapp-svc
$ while true;do curl 192.168.1.201:30080/hostname.html ;sleep 2;done # 第三方验证,监视
$ kubectl patch svc myapp-svc -p '{"spec":{"sessionAffinity":"ClientIP"}}' #绑定session亲和性
$ kubectl patch svc myapp-svc -p '{"spec":{"sessionAffinity":"None"}}' #还原默认配置
如下截图展示,

无头服务环境,后面有状态机控制器(stateful)会使用到。

复制代码
root@k8s-master yas]# cat myapp-svc-headless.yaml 
apiVersion: v1
kind: Service
metadata:
  name: myapp-svc-h
  namespace: default
spec:
  selector:
    app: myapp
    release: canary
  clusterIP: "None"
  ports:
  - port: 80
    targetPort: 80
[root@k8s-master yas]# kubectl create -f myapp-svc-headless.yaml 
[root@k8s-master yas]# kubectl get svc myapp-svc-h
NAME          TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
myapp-svc-h   ClusterIP   None         <none>        80/TCP    81s
复制代码

[root@k8s-master yas]# dig -t A myapp-svc.default.svc.cluster.local. @10.96.0.10
[root@k8s-master yas]# dig -t A myapp-svc-h.default.svc.cluster.local. @10.96.0.10

如下截图对比,

service:放外部请求进来,需要两级转换,两级调度。
引入集群外部流量调度,Ingress,基于7层服务调度,必须使用pod七层服务调度。另外还有trifik,INVone方式实现。

posted @   wang_wei123  阅读(8)  评论(0编辑  收藏  举报
相关博文:
·  3、kubernetes快速入门和资源清单入门
·  kubectl 命令行快速操作-2
·  4-1、service资源
·  k8s Service(一) ClusterIP、NodePort、LoadBalancer、externalIPs 演示
·  k8s原理之-服务发现Service
阅读排行:
· 25岁的心里话
· 闲置电脑爆改个人服务器(超详细) #公网映射 #Vmware虚拟网络编辑器
· 零经验选手,Compose 一天开发一款小游戏!
· 通过 API 将Deepseek响应流式内容输出到前端
· AI Agent开发,如何调用三方的API Function,是通过提示词来发起调用的吗
点击右上角即可分享
微信分享提示