Service of Kubernetes Practice

Service is the core concept of k8s. By creating a service, you can provide a unified portal address for a set of container apps that have the same functionality, and distribute the request load to the various containers on the backend to apply

Service Definition Detailed

The full contents of the service definition file in the Ymal format are as follows

apiversion:v1 #必须kind:service #必须matadata:  #必须, Meta Data Name:string #必须, the name of the service  namespace:string #非必须, specifying the namespace name, in the same namespace as RC Labels: #非必须, service label -Name:stringAnnotations: #非必须, Service annotation attribute information -Name:stringSpec: #必须, detailed description selector: [] #必须,lable selector settings, select pod with execution lable tag For managing an essay type:string #必须, the type of service, specifies how the service is accessed, defaults to cluster IP, is used for k8s internal pod access, and Kube-proxy on node is forwarded by setting Iptables  　　　　　　　　　　　　　　　　　　　　 Nodeport, using the host's port, is able to access each node's external clients through node's IP address and port to access the service
                                     loadbalancer: Using external load Balancing to complete service-to-load distribution, you need to specify the IP of the load balancer in the Spec.status.loadBalancer field and define both Nodeport and Clusterip
Clusterip:string #非必须, virtual server IP address sessionaffinity:string #非必须, whether session is supported, optional value is cluster IP Ports: #端口-Name:string #端口名称　　protocol:string #协议类型Port:int #服务监听的端口号, service Clusterip Port Targetport:int #需要转发到后端pod的端口Nodeport:int #container Port mapped to the hostStatus: When the #当type is LoadBalancer, say this load-balanced address loadbalancer:ingress: #外部负载均衡 i P:string #负载均衡器的ip地址hostname:string #外部负载均衡的主机名

• First, the basic usage of service

Create an RC with two Tomcat replicas and create a service for it

[[Email Protected]_master tomcat-service-rc]#Cat webapp- rc.yaml apiVersion:v1kind:ReplicationController Metadata:name:webapp labels:name:webappsp Ec:replicas:2Selector:name:webapp Template:metadata:labels:name:webapp Spec:containers:-Name:webapp image:tomcat imagepullpolicy:ifnotpresent ports: /c0>-Containerport:8080[[Email protected]_master Tomcat ]-service-rc]#kubectl create-f webapp- rc.yaml #创建service并查看[[Email protected]_master Tomcat-service-rc]# kubectl expose RC WebApp #通过命令行快速创建, generally do not use service"WebApp"Exposed[[email protected]_master Tomcat-service-rc]#Kubectl Get svcNAME CLUSTER-ip external-IP PORT (S) agekubernetes10.254.0.1<none>443/TCP 272dwebapp10.254.185.154<none>8080/TCP 12s[[email protected]_master Tomcat-service-rc]# Kubectl Describe Svc webappname:webappnamespace:defaultLabels:name=Webappselector:name=Webapptype:clusteripip:10.254.185.154Port:<unset>8080/tcpendpoints:10.1.20.2:8080,10.1.34.2:8080Session Affinity:noneno events. at this point on two node through the Clusterip: 8080 can access the Tomcat service, the service distributes the request to both containers, and the roundrobin (rotation RR) mode is used by default.
Sessionaffinity: The mode of session hold based on the client IP address, which pod is accessed for the first time, and subsequent requests access the Pod
 #通过yaml文件的方式创建自定义的service[[Email protected]_master Tomcat-service-rc]# Cat webapp-Service.yaml ApiVersion:v1kind:Servicemetadata:name:webapp1 labels:name:webappspec:ports: -Port:8081Targetport:8081Selector:name:webapp[[email protected]_master Tomcat-service-rc]#kubectl create-f webapp- service.yaml#查看两个service[[Email protected]_master Tomcat-service-rc]# Kubectl describe Svc webapp webapp1name:webappnamespace:defaultLabels:name=Webappselector:name=Webapptype:clusteripip:10.254.185.154Port:<unset>8080/tcpendpoints:10.1.20.2:8080,10.1.34.2:8080Session Affinity:noneno events. Name:webapp1namespace:defaultLabels:name=Webappselector:name=Webapptype:clusteripip:10.254.179.138Port:<unset>8081/tcpendpoints:10.1.20.2:8080,10.1.34.2:8080Session Affinity:noneno events.

Create a service without a tag selector, that is, the backend pod cannot be selected, the system does not automatically create endpoint, so you need to manually create a endpoint with the same name as the service to point to the actual backend access address, as follows:

• Second, the cluster external access pod or service

Pods and service are virtual concepts within the cluster, and all client systems outside the cluster cannot access them through the pod's IP address or the service's virtual IP address and port, so that the client can access them and the pod or service address and port need to be mapped to the host.

①, mapping the port of the container application to the physical machine

Container-level mapping

apiVersion:v1kind:Podmetadata:  name:webapp  Labels:    name:webappspec  : Containers:-　　　　　　　　　　Name:webapp    image:tomcat    ports:    8080 #容器端口        8081 #宿主机端口 (physical machine)

Pod-level settings,hostnetwork=true, the port numbers of all containers in the pod are mapped directly to the physical machine , and when using this setting, be aware that if the ports definition portion of the container does not specify Hostport ( Physical Machine Port ), the default Hostport equals Containerport, and if Hostport is specified, the Hostport must be equal to the value of Containerport

apiVersion:v1kind:Podmetadata:  name:webapp  Labels:    name:webappspec:     True  containers:  - name:webapp    image:tomcat    ports:      8080

All ports running by the Tomcat container are mapped to the physical machine on which the pod was created

②, mapping the service port number to the physical machine

• A, set n Odeport maps to a physical machine and sets the service type to Nodeport

[[Email Protected]_master tomcat-service-rc]#Cat webapp- Rc.yaml # Create an RCapiVersion:v1kind:ReplicationController metadata:name:webapp Labels: Name:webappspec:replicas:2Selector:name:webapp Template:metadata:labels:name:webapp Spec:containers:-Name:webapp image:tomcat imagepullpolicy:ifnotpresent ports: /c0>-Containerport:8080[[Email protected]_master Tomcat ]-service-rc]# Cat webapp-Service.yamlapiVersion:v1kind:Servicemetadata:name:webapp labels:name:webappspec: type:no Deport ports:-Port:8080 #service虚拟端口Targetport:8080 #容器端口Nodeport:30001 #各node节点开启的端口, port range 3000-32767Selector:name:webapp

View

Kubectl Get Svc-  o wideNAME         CLUSTER-ip      external-IP   PORT (S)          age       selectorkubernetes   10.254.  0.1      <none>        443/tcp          273d      <none>webapp         10.254. 44.190   <nodes>       8080:30001/tcp   24s       Name=webapp

• B, set the LoadBalancer map to the LoadBalancer address provided by the public cloud service provider (or Nginx/lvs/harpoxy), and the access request to the service will be forwarded to the backend pod via LoadBalancer. The distribution mechanism relies on the implementation mechanism of the LoadBalancer for format reference only

ApiVersion:v1kind:Servicemetadata:name:my-WebApp Labels:name:my-Webappspec:ports:-protocol:tcp Port:8080Targetport:8080Nodeport:30001Clusterip:10.254.44.191Loadbalancerip:10.20.203.100type:loadbalancer selector:name:webappstatus:LoadBalancer:ingress:-IP:10.20.203.100

• Third, the construction of the DNS service

In order to realize the mutual access of service through the name of the service in the cluster, we need to create a virtual DNS service to complete the service name-to-Clusterip resolution.

K8S provides a virtual DNS service named Skydns, consisting of four components

• (1) Etcd:dns storage
• (2) Kube2sky: Register the service in K8s master to Etcd
• (3) Skydns: Provide analytic service of Skydns
• (4) Healthz: Provide health check function for Skydns service

Working principle Analysis

• 1. The Kube2sky container application obtains all srvice information in the cluster by invoking the API of K8s Master, and continuously monitors the generation of the new service and writes to ETCD
• 2, according to the Kubelet startup parameter setting (--CLUSTER-DNS), KUBECTL will set the DNS domain name resolution profile/etc/resolv.conf in each newly created pod, adding a nameserver and a search in it
• 3, the last application can be like access to the site domain name, through the name of the service can access to the server

Concrete construction information to see Kubernetes DNS

• Iv. ingress:http 7-tier routing

Service in the form of Ip.port, working in the TCP/IP layer, for HTTP-based services, different URL addresses to different back-end services or virtual servers, these requirements through the service mechanism can not be implemented,k8s After 1.1 The increased ingress can forward different URL access requests to differentservices on the backend, implement the service routing mechanism of HTTP, need ingress definition in k8s and the definition of ingress controller together, To form a complete HTTP load distribution capability

Example: temporarily Skip

Service of Kubernetes Practice