kubernetes学习-Service
- 1. Service说明
- 2. 功能
- 3.Service类型
- 3.1 NodePort
- 3.1.1 创建web-service.yaml
- 3.1.2 创建web-pod.yaml
- 3.1.3 部署
- 3.1.4 验证
- 3.2 ClusterIP
- 3.2.1 创建web-clusterIp-service.yaml
- 3.2.2 创建web-clusterIp-pod.yaml
- 3.2.3 部署
- 3.2.4 验证
- 3.3 LoadBalancer
- 4. Service代理模式
- 4.1 iptables
- 4.2 ipvs
- 5. DNS
- 5.1 创建busybox-service.yaml
- 5.2 创建busybox-pod.yaml
- 5.3 部署
- 5.4 验证
1. Service说明
Service是Kubernetes中的一种资源对象,用于定义一组Pod的网络访问规则,它为Pod提供了一个稳定的统一访问入口,使得客户端可以始终使用同一个IP地址进行访问,避免了直接使用Pod IP地址导致的不稳定性。
2. 功能
-
负载均衡:当多个Pod提供服务时,Service通过负载均衡算法将请求分发到这些Pod,从而实现应用程序的负载均衡。
-
服务发现:Service提供了一种服务发现机制,自动维护后端Pod IP的变化,确保客户端访问地址保持不变。
3.Service类型
3.1 NodePort
NodePort,在每个节点上启用一个端口来暴露服务,可以在集群外部访问。也会分配一个稳定内部集群IP地址。
访问地址:<任意NodeIP>:<NodePort>
端口范围:30000-32767
3.1.1 创建web-service.yaml
web-service.yaml
apiVersion: v1
kind: Service
metadata:
name: web
spec:
type: NodePort # 服务类型
ports:
- port: 80 # Service端口
protocol: TCP # 协议
targetPort: 80 # 容器端口(应用程序监听端口)
nodePort: 32301
selector:
app: web # 指定关联Pod的标签
多端口Service定义,对于某些服务,需要公开多个端口,Service也需要配置多个端口定义,通过端口名称区分。
web-service.yaml
apiVersion: v1
kind: Service
metadata:
name: web
spec:
type: NodePort # 服务类型
ports:
- port: 80 # Service端口
protocol: TCP # 协议
targetPort: 80 # 容器端口(应用程序监听端口)
nodePort: 32301
- port: 443 # Service端口
protocol: TCP # 协议
targetPort: 443 # 容器端口(应用程序监听端口)
nodePort: 32302
selector:
app: web # 指定关联Pod的标签
3.1.2 创建web-pod.yaml
web-pod.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: web
name: web
spec:
replicas: 1
selector:
matchLabels:
app: web
template:
metadata:
labels:
app: web
spec:
containers:
- image: nginx:1.16
name: nginx
3.1.3 部署
~]# kubectl apply -f web-pod.yaml
deployment.apps/web created
~]# kubectl apply -f web-service.yaml
service/web created
~]# kubectl get services -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 27d <none>
web NodePort 10.104.219.112 <none> 80:32301/TCP 13s app=web
~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
web-65655cd78-hsprm 1/1 Running 0 27m
3.1.4 验证
访问集群节点IP的映射端口
3.2 ClusterIP
ClusterIP,默认,分配一个稳定的IP地址,即VIP,只能在集群内部访问。
3.2.1 创建web-clusterIp-service.yaml
apiVersion: v1
kind: Service
metadata:
name: web-clusterip
spec:
type: ClusterIP # 服务类型
ports:
- port: 80 # Service端口
protocol: TCP # 协议
targetPort: 80 # 容器端口(应用程序监听端口)
selector:
app: web-clusterip # 指定关联Pod的标签
3.2.2 创建web-clusterIp-pod.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: web-clusterip
name: web-nginx
spec:
replicas: 1
selector:
matchLabels:
app: web-clusterip
template:
metadata:
labels:
app: web-clusterip
spec:
containers:
- image: nginx:1.16
name: nginx
3.2.3 部署
~]# kubectl apply -f web-clusterIp-service.yaml
service/web-clusterip created
~]# kubectl apply -f web-clusterIp-pod.yaml
deployment.apps/web-nginx created
~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
web-65655cd78-hsprm 1/1 Running 0 27m
web-nginx-6b59757964-9rd6v 1/1 Running 0 18s
~]# kubectl get service -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
web NodePort 10.104.219.112 <none> 80:32301/TCP 28m app=web
web-clusterip ClusterIP 10.97.209.118 <none> 80/TCP 6m28s app=web-clusterip
3.2.4 验证
访问集群IP(10.97.209.118)的80端口,集群外无法访问。
~]# curl http://10.97.209.118
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
3.3 LoadBalancer
LoadBalancer,外部,对外暴露应用,适用公有云。与NodePort类似,在每个节点上启用一个端口来暴露服务。除此之外,Kubernetes会请求底层云平台(例如阿里云、腾讯云、AWS等)上的负载均衡器,将每个Node([NodeIP]:[NodePort])作为后端添加进去。
4. Service代理模式
4.1 iptables
特点
- 灵活,功能强大
- 规则遍历匹配和更新,呈线性时延
4.2 ipvs
- 工作在内核态,有更好的性能
- 调度算法丰富:rr,wrr,lc,wlc,ip hash…
5. DNS
CoreDNS:是一个DNS服务器,Kubernetes默认采用,以Pod部署在集群中,CoreDNS服务监视Kubernetes API,为每一个Service创建DNS记录用于域名解析。
ClusterIP A记录格式:<service-name>.<namespacename>.svc.cluster.local
示例:my-svc.my-namespace.svc.cluster.local
5.1 创建busybox-service.yaml
busybox-service.yaml
apiVersion: v1
kind: Service
metadata:
name: busybox-service
spec:
type: NodePort # 服务类型
ports:
- port: 80 # Service端口
protocol: TCP # 协议
targetPort: 80 # 容器端口(应用程序监听端口)
nodePort: 32302
selector:
app: busybox # 指定关联Pod的标签
5.2 创建busybox-pod.yaml
busybox-pod.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: busybox-sleep-deployment
labels:
app: busybox
spec:
replicas: 1
selector:
matchLabels:
app: busybox
template:
metadata:
labels:
app: busybox
spec:
containers:
- name: busybox
image: busybox
command: ["/bin/sh", "-c", "sleep 300s"]
5.3 部署
~]# kubectl apply -f busybox-pod.yaml
deployment.apps/busybox-sleep-deployment unchanged
]# kubectl apply -f busybox-service.yaml
service/busybox-service created
~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
busybox-sleep-deployment-5bddd5fcfb-9tfql 1/1 Running 0 4m51s 10.244.184.58 node-02 <none> <none>
~]# kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
busybox-service NodePort 10.104.240.39 <none> 80:32302/TCP 67s
5.4 验证
验证域名busybox-service.default.svc.cluster.local
~]# kubectl exec -it busybox-sleep-deployment-5bddd5fcfb-9tfql -- sh
/ # ls
bin dev etc home lib lib64 proc root sys tmp usr var
/ # nslookup busybox-service.default.svc.cluster.local
Server: 10.96.0.10
Address: 10.96.0.10:53
Name: busybox-service.default.svc.cluster.local
Address: 10.104.240.39
/ #
