• service到底是什么?

    k8s的service定义了一个服务的访问入口地址,前端的应用通过这个入口地址访问其背后的一组由pod副本组成的集群实例。来自外部的访问请求被负载均衡到后端的各个容器应用上。Service与其后端Pod副本集群之间则是通过Label Selector来实现对接。

    RC的作用相当于保证Service的服务能力和服务质量始终处于预期的标准。Service定义可以基于POST方式。请求apiserver创建新的实例。

    例如:

    1.创建一个新的nginx pod
[root@wf-01 ~]# kubectl run nginx-deploy --image=nginx:1.14-alpine --port=80 --replicas=1

2.查看创建的pod

[root@wf-01 ~]# kubectl get pod |grep nginx

nginx-deploy-84cbfc56b6-7v59n   1/1     Running   0          4m1s

3.查看deploy

[root@wf-01 ~]# kubectl get deploy

NAME           READY   UP-TO-DATE   AVAILABLE   AGE

nginx-deploy   1/1     1            1           4m28s

4.查看是否可以访问

[root@wf-01 ~]# curl 172.20.0.64

<!DOCTYPE html>

<html>

<head>

<title>Welcome to nginx!</title>

<style>

    body {

        width: 35em;

        margin: 0 auto;

        font-family: Tahoma, Verdana, Arial, sans-serif;

    }

</style>

</head>

<body>

<h1>Welcome to nginx!</h1>

<p>If you see this page, the nginx web server is successfully installed and

working. Further configuration is required.</p>

<p>For online documentation and support please refer to

<a href="http://nginx.org/">nginx.org</a>.<br/>

Commercial support is available at

<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>

</body>

</html>
  • 这时我们访问的IP为Pod的IP,那么问题来了,如果我把Pod删除,则deploy控制器会重新启动一个pod以实现第一次创建Pod时指定的副本数为1的条件。这个时候pod ip会发生变化。显而这个不是我们期望的。所以需要创建一个service来保证pod的IP的变化对pod客户端(其它pod,集群内部客户端)来说是透明的。总而言之,service为pods提供固定的访问端点。
  • 创建service, service有很多类型。如ClusterIP,NodePort,LoadBalancer或者ExternalName。默认为ClusterIP,意思是这个services IP只能被集群内的Pod客户端访问。
# 创建service

[root@wf-01 ~]# kubectl expose deployment nginx-deploy --name=nginx --port=80 --target-port=80 --protocol=TCP

service/nginx exposed

# 查看nginx的service

[root@wf-01 ~]# kubectl get svc |grep nginx

nginx          ClusterIP   10.68.23.129   <none>        80/TCP     18s

# 访问

[root@wf-01 ~]# curl 10.68.23.129

<!DOCTYPE html>

<html>

<head>

<title>Welcome to nginx!</title>

<style>

    body {

        width: 35em;

        margin: 0 auto;

        font-family: Tahoma, Verdana, Arial, sans-serif;

    }

</style>

</head>

<body>

<h1>Welcome to nginx!</h1>

<p>If you see this page, the nginx web server is successfully installed and

working. Further configuration is required.</p>

<p>For online documentation and support please refer to

<a href="http://nginx.org/">nginx.org</a>.<br/>

Commercial support is available at

<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>

</body>

</html>
  • 如果集群部署了coredns,则集群内的节点DNS为coredns的地址。则可以通过service name直接解析到对应的IP
# 集群的coredns地址

[root@wf-01 ~]# kubectl get svc -n kube-system

NAME            TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)                  AGE

kube-dns        ClusterIP   10.68.0.2    <none>        53/UDP,53/TCP,9153/TCP   5d18h
  • 创建一个client(使用busybox)来验证是否可以实现dns功能
[root@wf-01 ~]# kubectl run client --image=busybox --replicas=1 -it --restart=Never

# 查看解析的dns地址

~ # cat /etc/resolv.conf

nameserver 10.68.0.2

search default.svc.cluster.local. svc.cluster.local. cluster.local.

options ndots:5

~ # wget -O - -q http://nginx:80

<!DOCTYPE html>

<html>

<head>

<title>Welcome to nginx!</title>

<style>

    body {

        width: 35em;

        margin: 0 auto;

        font-family: Tahoma, Verdana, Arial, sans-serif;

    }

</style>

</head>

<body>

<h1>Welcome to nginx!</h1>

<p>If you see this page, the nginx web server is successfully installed and

working. Further configuration is required.</p>

<p>For online documentation and support please refer to

<a href="http://nginx.org/">nginx.org</a>.<br/>

Commercial support is available at

<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>

</body>

</html>

可以看到client获取的dns为default.svc.cluster.local。nginx服务的完整域名为: nginx.default.svc.cluster.local

  • 手动删除一个nginx pod,deploy控制器会自动创建一个新的nginx pod调度至对应的node节点。这时使用busybox再次解析nginx,查看service是否生效
[root@wf-01 ~]# kubectl delete pod nginx-deploy-84cbfc56b6-7v59n

pod "nginx-deploy-84cbfc56b6-7v59n" deleted

[root@wf-01 ~]# kubectl get pod |grep nginx

nginx-deploy-84cbfc56b6-hcmwv   1/1     Running   0          30s

# 在busybox容器中执行下面操作查看

~ # wget -O - -q http://nginx:80

<!DOCTYPE html>

<html>

<head>

<title>Welcome to nginx!</title>

<style>

    body {

        width: 35em;

        margin: 0 auto;

        font-family: Tahoma, Verdana, Arial, sans-serif;

    }

</style>

</head>

<body>

<h1>Welcome to nginx!</h1>

<p>If you see this page, the nginx web server is successfully installed and

working. Further configuration is required.</p>

<p>For online documentation and support please refer to

<a href="http://nginx.org/">nginx.org</a>.<br/>

Commercial support is available at

<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>

</body>

</html>

service深入理解

service是一个iptables或ipvs规则。使用标签选择器,将访问service_ip:port所有的都调度至相应的pod后端。

怎么知道service关联到哪些pod?

[root@wf-01 ~]# kubectl describe svc nginx

Name:              nginx

Namespace:         default

Labels:            run=nginx-deploy

Annotations:       <none>

Selector:          run=nginx-deploy

Type:              ClusterIP

IP:                10.68.23.129

Port:              <unset>  80/TCP

TargetPort:        80/TCP

Endpoints:         172.20.0.66:80

Session Affinity:  None

Events:            <none>

其中上面的Endpoints:170.20.0.66:80就是关联的pods,而Selector: run=nginx=deploy就是选择相应的pod进行关联。下面查看nginx pod的标签是否为"run=nginx-deploy"

[root@wf-01 ~]# kubectl describe pods nginx-deploy-84cbfc56b6-hcmwv

Name:           nginx-deploy-84cbfc56b6-hcmwv

Namespace:      default

Node:           192.168.30.79/192.168.30.79

Start Time:     Tue, 14 May 2019 10:53:11 +0800

Labels:         pod-template-hash=84cbfc56b6

                run=nginx-deploy

Annotations:    <none>

Status:         Running

IP:             172.20.0.66

Controlled By:  ReplicaSet/nginx-deploy-84cbfc56b6

如果对应的pod资源被删除,则services后端关联的pod_ip会动态变化。我们也可以去改service的ip。则kube-dns内对应的几率也会动态变化。

  • 一个创建好的deployment是可以动态改变副本数。也就是意味着可以实现动态扩容
# 创建一个双副本的deployment

[root@wf-01 ~]# kubectl run myapp --image=ikubernetes/myapp:v1 --replicas=2

deployment.apps/myapp created

# 查看deployment的副本信息

[root@wf-01 ~]# kubectl get deployment

NAME           READY   UP-TO-DATE   AVAILABLE   AGE

myapp          2/2     2            2           37s

# 查看pod的详情

[root@wf-01 ~]# kubectl get pod -o wide |grep myapp

myapp-9b4987d5-jngkk            1/1     Running   0          89s     172.20.0.68   192.168.30.79   <none>           <none>

myapp-9b4987d5-tcg4p            1/1     Running   0          89s     172.20.0.67   192.168.30.79   <none>           <none>
  • 使用busybox访问查看是否生效
~ # wget -O - -q 172.20.0.67

Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>

~ # wget -O - -q 172.20.0.68

Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>

~ # wget -O - -q 172.20.0.67/hostname.html

myapp-9b4987d5-tcg4p

~ # wget -O - -q 172.20.0.68/hostname.html

myapp-9b4987d5-jngkk
  • 我们创建一个service来提供固定访问端点
[root@wf-01 ~]# kubectl expose deployment myapp --name=myapp --port=80

service/myapp exposed

[root@wf-01 ~]# kubectl get svc |grep myapp

myapp          ClusterIP   10.68.20.152   <none>        80/TCP     12s
  • 客户端再次访问,并测试负载均衡的效果
~ # wget -O - -q myapp

Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>

~ # wget -O - -q myapp.default.svc.cluster.local.

Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>

~ # while true;do wget -O - -q myapp/hostname.html; sleep 1;done

myapp-9b4987d5-tcg4p

myapp-9b4987d5-tcg4p

myapp-9b4987d5-tcg4p

myapp-9b4987d5-tcg4p

myapp-9b4987d5-jngkk

myapp-9b4987d5-jngkk

myapp-9b4987d5-jngkk

myapp-9b4987d5-jngkk

myapp-9b4987d5-jngkk

myapp-9b4987d5-tcg4p

myapp-9b4987d5-tcg4p

myapp-9b4987d5-jngkk

myapp-9b4987d5-tcg4p

myapp-9b4987d5-tcg4p

myapp-9b4987d5-tcg4p
  • 验证service到底是什么?
[root@wf-01 ~]# iptables -vnL -t nat

Chain PREROUTING (policy ACCEPT 1 packets, 78 bytes)

 pkts bytes target     prot opt in     out     source               destination

43607 6509K KUBE-SERVICES  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* kubernetes service portals */

  689 43750 DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

  481 30744 CNI-HOSTPORT-DNAT  all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 1 packets, 78 bytes)

 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 7 packets, 420 bytes)

 pkts bytes target     prot opt in     out     source               destination

1070K   64M KUBE-SERVICES  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* kubernetes service portals */

 2950  211K DOCKER     all  --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

 563K   34M CNI-HOSTPORT-DNAT  all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 7 packets, 420 bytes)

 pkts bytes target     prot opt in     out     source               destination

 696K   42M CNI-HOSTPORT-MASQ  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* CNI portfwd requiring masquerade */

   17  1126 MASQUERADE  all  --  *      !docker0  172.17.0.0/16        0.0.0.0/0

1074K   65M KUBE-POSTROUTING  all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* kubernetes postrouting rules */

 205K   12M RETURN     all  --  *      *       172.20.0.0/16        172.20.0.0/16

   49  3391 MASQUERADE  all  --  *      *       172.20.0.0/16       !224.0.0.0/4

    4   240 RETURN     all  --  *      *      !172.20.0.0/16        172.20.0.0/24

    0     0 MASQUERADE  all  --  *      *      !172.20.0.0/16        172.20.0.0/16

    0     0 CNI-fdae7f8826f90d050b196ad2  all  --  *      *       172.20.0.0/16        0.0.0.0/0            /* name: "mynet" id: "f8addbe803325c3cbfaa04f8635c3958eb01d98e08d2aabb6831ea429c627237" */

Chain CNI-DN-461bdacb794105fd5230f (1 references)

 pkts bytes target     prot opt in     out     source               destination

    0     0 CNI-HOSTPORT-SETMARK  tcp  --  *      *       172.20.0.63          0.0.0.0/0            tcp dpt:3306

    0     0 CNI-HOSTPORT-SETMARK  tcp  --  *      *       127.0.0.1            0.0.0.0/0            tcp dpt:3306

    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:3306 to:172.20.0.63:3306

Chain CNI-HOSTPORT-DNAT (2 references)

 pkts bytes target     prot opt in     out     source               destination

    0     0 CNI-DN-461bdacb794105fd5230f  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            /* dnat name: "cbr0" id: "eb4ac0f03261276c559f1b981aa7c3e8fca1c0882bb36e53517d62905f500ea9" */ multiport dports 3306

Chain CNI-HOSTPORT-MASQ (1 references)

 pkts bytes target     prot opt in     out     source               destination

    0     0 MASQUERADE  all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0x2000/0x2000

Chain CNI-HOSTPORT-SETMARK (2 references)

 pkts bytes target     prot opt in     out     source               destination

    0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            /* CNI portfwd masquerade mark */ MARK or 0x2000

service_ip存在于每个节点的iptables和ipvs。所以导致无法ping通。但是可以正常使用。如果想在集群外部访问到myapp,可以修改service类型为NodePort。

[root@wf-01 ~]# kubectl edit svc myapp

# Please edit the object below. Lines beginning with a '#' will be ignored,

# and an empty file will abort the edit. If an error occurs while saving this file will be

# reopened with the relevant failures.

#

apiVersion: v1

kind: Service

metadata:

  creationTimestamp: "2019-05-14T03:14:41Z"

  labels:

    run: myapp

  name: myapp

  namespace: default

  resourceVersion: "863716"

  selfLink: /api/v1/namespaces/default/services/myapp

  uid: 69f9d888-75f6-11e9-8cb1-0050569931cd

spec:

  clusterIP: 10.68.20.152

  ports:

  - port: 80

    protocol: TCP

    targetPort: 80

  selector:

    run: myapp

  sessionAffinity: None

  type: ClusterIP

status:

  loadBalancer: {}

kubernetes的Service是什么?的更多相关文章

  1. kubernetes进阶(04)kubernetes的service

    一.service概念 Service是对一组提供相同功能的Pods的抽象,并为它们提供一个统一的入口.借助Service,应用可以方便的实现服务发现与负载均衡,并实现应用的零宕机升级.Service ...

  2. [Kubernetes]说说 Service 与 Ingress

    在 Kubernetes 中, Service 有三种对外暴露的方法,但是由于每个 Service 都要有一个负载均衡的服务,所以采用 Service 的话,会造成既浪费成本又高的现象.对于用户来说, ...

  3. 【Kubernetes】Kubernetes的Service外部访问方式:NodePort和LoadBalancer

    Kubernetes的Pod的寿命是有限的,它们不会复活,因此尽管每个Pod都有自己的IP地址,但是这些IP地址是不可靠的,会随着Pod的消亡而消失. 这就带来一个问题,如果一些Pod的集合(称之为b ...

  4. Kubernetes的Service运行原理

    一.为什么Servcie能定位到Pod 因为Pod的IP是不固定的,所以Kubernetes需要Service,除此之外它还可以在多个Pod间负载均衡 Service的访问入口,其实是宿主机的kube ...

  5. Kubernetes中Service的使用

    目录 简介 1. Service资源定义 1.1 Service Type ClusterIP 无头service NodePort sessionAffinity实现源地址session绑定 简介 ...

  6. kubernetes 简单service的例子

    首先建一个Deployment: apiVersion: apps/v1beta1 kind: Deployment metadata: name: httpd spec: replicas: 3 t ...

  7. kubernetes的Service Account和secret

    系列目录 Service Account Service Account概念的引入是基于这样的使用场景:运行在pod里的进程需要调用Kubernetes API以及非Kubernetes API的其它 ...

  8. kubernetes学习Service之headless和statefulSet结合

    一.首先说headless Service和普通Service的区别 headless不分配clusterIP headless service可以通过解析service的DNS,返回所有Pod的地址 ...

  9. kubernetes之service

    service出现的动机 Kubernetes Pods 是有生命周期的.他们可以被创建,而且销毁不会再启动. 如果您使用 Deployment 来运行您的应用程序,则它可以动态创建和销毁 Pod. ...

  10. 阿里云Kubernetes服务 - Service Broker快速入门指南

    4月底阿里云容器服务上线了基于Kubernetes集群的服务目录功能.阿里云的容器的服务目录遵循Open Service Broker API标准,提供了一系列的服务代理组件,实现了对主流开源服务如M ...

随机推荐

  1. coding++:JS数组去重的几种常见方法

    一.简单的去重方法 // 最简单数组去重法 /* * 新建一新数组,遍历传入数组,值不在新数组就push进该新数组中 * IE8以下不支持数组的indexOf方法 * */ function uniq ...

  2. Consul+upsync+Nginx 动态负载均衡

    1,动态负载均衡 传统的负载均衡,如果修改了nginx.conf 的配置,必须需要重启nginx 服务,效率不高.动态负载均衡,就是可配置化,动态化的去配置负载均衡. 2,实现方案 1. Consul ...

  3. Linux中的基础

    前言: 这里介绍Linux基础管理.主要包括.Linux中的帮助命令(man.help).系统基础(开机.关机.重启) 一.Linux中的帮助命令. 1.内部命令: #help 命令名 例如:help ...

  4. python学习之由

    2019python之年: 2019是个挫折之年,但又是幸运之年,这一年创业遭遇滑铁卢,几与破产,充满着迷茫,路在何方?? 开始接触python是在微信朋友圈,结缘于广告,觉得很有意思,但一直没有深入 ...

  5. SpringBoot系列之学习教程汇总

    对应SpringBoot系列博客专栏,例子代码,本博客不定时更新 一.配置篇 SpringBoot系列之@PropertySource读取yaml文件     >> source down ...

  6. 1018 Public Bike Management (30 分)

    There is a public bike service in Hangzhou City which provides great convenience to the tourists fro ...

  7. 【物理】AABB物理碰撞检测

    什么是AABB? AABB,指轴对齐包围盒(Axis-aligned bounding boxes).在3D空间中,AABB是一个长方体,在2D空间中是一个长方形.特征是面法线皆平行于坐标轴,即当物体 ...

  8. bootstraptable 必备知识点

    1.如何动态刷新表中数据? (1).无参刷新: $("#table").bootstrapTable('refresh'); (2).带参刷新: var opt = { url: ...

  9. 多平台博客发布工具OpenWrite的使用

    1 介绍 OpenWrite官网 OpenWrite是一款便捷的多平台博客发布工具,可以在OpenWrite编写markdown文档,然后发布到其他博客平台,目前已经支持CSDN.SegmentFau ...

  10. XSS(跨站脚本攻击)简单讲解

    1.1 XSS简介 跨站脚本攻击(XSS),是最普遍的Web应用安全漏洞.这类漏洞能够使得攻击者嵌入恶意脚本代码(一般是JS代码)到正常用户会访问到的页面中,当正常用户访问该页面时,则可导致嵌入的恶意 ...