Pod控制器应用进阶五(kubernetes service)
kubernetes service是强依赖CoreDNS或者是kube-dns功能
node network节点网络
pod network pod网络
cluster network service ip
kube-proxy组件是监控apiservice和service 资源变动的信息,通过watch连接的
service:
工作模式:userspace,iptables,ipvs
userspace:1.1-
iptables:1.10-
ipvs:1.11+
apiserver有两个地址,一个是内部的地址,一个是外部的地址,
下面的这个是内部的地址。
[root@master ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1
类型:
ExternalName(在集群内部引入外部),ClusterIP(默认),NodePort,LoadBalance(在云环境上,需要支持LSB)
[root@master shell]# cat redis-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: redis
namespace: default
spec:
selector:
app: redis
role: logstor
clusterIP: 10.97.97.97
type: ClusterIP
ports:
- port: 6379
targetPort: 6379
[root@master shell]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 443/TCP 1h
redis ClusterIP 10.97.97.97 6379/TCP 39s
查看redis service的详细信息
[root@master shell]# kubectl describe svc redis
Name: redis
Namespace: default
Labels:
Annotations: kubectl.kubernetes.io/last-applied-configuration={"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":"redis","namespace":"default"},"spec":{"clusterIP":"10.97.97.97","ports":[{"por...
Selector: app=redis,role=logstor
Type: ClusterIP
IP: 10.97.97.97 #后台的地址
Port: 6379/TCP
TargetPort: 6379/TCP
Endpoints:
Session Affinity: None
Events:
service到Pod是有一个中间层
他会在集群中添加一个解析记录
资源记录:
SVC_NAME.NS_NAME.DOMAIN.LTD.
svc.cluster.local
redis.default.svc.cluster.local.
[root@master shell]# cat deploy-demo.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-deploy
namespace: default
spec:
replicas: 5
selector:
matchLabels:
app: myapp
release: canary
template:
metadata:
labels:
app: myapp
release: canary
spec:
containers:
- name: myapp
image: ikubernetes/myapp:v2
ports:
- name: http
containerPort: 80
[root@master shell]# cat myapp-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: myapp
namespace: default
spec:
selector:
app: myapp
release: canary
clusterIP: 10.99.99.99
type: NodePort
ports:
- port: 80
targetPort: 80
nodePort: 30080
[root@master shell]# cat redis-svc.yaml
apiVersion: v1
kind: Service
metadata:
name: redis
namespace: default
spec:
selector:
app: redis
role: logstor
clusterIP: 10.97.97.97
type: ClusterIP
ports:
- port: 6379
targetPort: 6379
开始启动起来:
deploy-demo.yaml myapp-svc.yaml redis-svc.yaml
kubectl -f apple deploy-demo.yaml
kubectl -f apple myapp-svc.yaml
kubectl -f apple redis-svc.yaml
[root@master shell]# kubectl get pods
NAME READY STATUS RESTARTS AGE
myapp-deploy-67f6f6b4dc-g9z9s 1/1 Running 2 18m
myapp-deploy-67f6f6b4dc-rlwqg 1/1 Running 1 18m
myapp-deploy-67f6f6b4dc-tk6hw 1/1 Running 1 18m
myapp-deploy-67f6f6b4dc-trbmr 1/1 Running 1 18m
myapp-deploy-67f6f6b4dc-zfpgk 1/1 Running 1 18m
kubectl get svc
[root@master shell]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 443/TCP 3h
myapp NodePort 10.99.99.99 80:30080/TCP 1h
redis ClusterIP 10.97.97.97 6379/TCP 1h
[root@master shell]# while true; do curl 192.168.146.20:30080/hostname.html; sleep 1; done
myapp-deploy-67f6f6b4dc-tk6hw
myapp-deploy-67f6f6b4dc-zfpgk
myapp-deploy-67f6f6b4dc-zfpgk
myapp-deploy-67f6f6b4dc-trbmr
myapp-deploy-67f6f6b4dc-g9z9s
myapp-deploy-67f6f6b4dc-g9z9s
myapp-deploy-67f6f6b4dc-tk6hw
myapp-deploy-67f6f6b4dc-trbmr
myapp-deploy-67f6f6b4dc-trbmr
myapp-deploy-67f6f6b4dc-rlwqg
myapp-deploy-67f6f6b4dc-g9z9s
ExternalName(在集群内部引入外部)
下面我们将随机访问更改成每个用户请求直接到固定的一个pod上
[root@master shell]# kubectl patch svc myapp -p '{"spec":{"sessionAffinity":"ClientIP"}}'
service/myapp patched
[root@master shell]# while true; do curl 192.168.146.20:30080/hostname.html; sleep 1; done
myapp-deploy-67f6f6b4dc-rlwqg
myapp-deploy-67f6f6b4dc-rlwqg
myapp-deploy-67f6f6b4dc-rlwqg
myapp-deploy-67f6f6b4dc-rlwqg
myapp-deploy-67f6f6b4dc-rlwqg
myapp-deploy-67f6f6b4dc-rlwqg
上面生效了,我们在改回来默认的
[root@master shell]# kubectl patch svc myapp -p '{"spec":{"sessionAffinity":"None"}}'
service/myapp patched
[root@master shell]# while true; do curl 192.168.146.20:30080/hostname.html; sleep 1; done
myapp-deploy-67f6f6b4dc-tk6hw
myapp-deploy-67f6f6b4dc-rlwqg
myapp-deploy-67f6f6b4dc-trbmr
myapp-deploy-67f6f6b4dc-g9z9s
myapp-deploy-67f6f6b4dc-tk6hw
myapp-deploy-67f6f6b4dc-trbmr
myapp-deploy-67f6f6b4dc-tk6hw
查看内部的DNS解析Pod实验
[root@master shell]# cat myapp-svc-headless.yaml
apiVersion: v1
kind: Service
metadata:
name: myapp-svc
namespace: default
spec:
selector:
app: myapp
release: canary
clusterIP: "None"
ports:
- port: 80
targetPort: 80
[root@master shell]# kubectl apply -f myapp-svc-headless.yaml
service/myapp-svc created
[root@master shell]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 443/TCP 5h
myapp NodePort 10.99.99.99 80:30080/TCP 3h
myapp-svc ClusterIP None 80/TCP 4s
redis ClusterIP 10.97.97.97 6379/TCP 3h
安装DNS解析查看工具
yum install bind-utils
[root@master shell]# dig -t A myapp-svc.default.svc.cluster.local. @10.96.0.10
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> -t A myapp-svc.default.svc.cluster.local. @10.96.0.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55163
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;myapp-svc.default.svc.cluster.local. IN A
;; ANSWER SECTION:
myapp-svc.default.svc.cluster.local. 5 IN A 10.244.1.4
myapp-svc.default.svc.cluster.local. 5 IN A 10.244.1.5
myapp-svc.default.svc.cluster.local. 5 IN A 10.244.2.6
myapp-svc.default.svc.cluster.local. 5 IN A 10.244.2.7
myapp-svc.default.svc.cluster.local. 5 IN A 10.244.2.8
;; Query time: 105 msec
;; SERVER: 10.96.0.10#53(10.96.0.10)
;; WHEN: Fri Sep 07 14:19:16 CST 2018
;; MSG SIZE rcvd: 319
可以看出myapp-svc.default.svc.cluster.local这个地址已经转发到了内部的Pod上
[root@master shell]# curl 10.244.1.4
Hello MyApp | Version: v2 | Pod Name
[root@master shell]# curl 10.244.1.4/hostname.html
myapp-deploy-67f6f6b4dc-trbmr
[root@master shell]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 443/TCP 5h
myapp NodePort 10.99.99.99 80:30080/TCP 3h
myapp-svc ClusterIP None 80/TCP 7m
redis ClusterIP 10.97.97.97 6379/TCP 3h
[root@master shell]# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 53/UDP,53/TCP 5h
[root@master shell]# kubectl get pods -o wide -l app=myapp
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
myapp-deploy-67f6f6b4dc-g9z9s 1/1 Running 2 2h 10.244.2.8 node2
myapp-deploy-67f6f6b4dc-rlwqg 1/1 Running 1 2h 10.244.2.6 node2
myapp-deploy-67f6f6b4dc-tk6hw 1/1 Running 1 2h 10.244.2.7 node2
myapp-deploy-67f6f6b4dc-trbmr 1/1 Running 1 2h 10.244.1.4 node1
myapp-deploy-67f6f6b4dc-zfpgk 1/1 Running 1 2h 10.244.1.5 node1
如果查看无头的信息:
[root@master shell]# dig -t A myapp.default.svc.cluster.local. @10.96.0.10
; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> -t A myapp.default.svc.cluster.local. @10.96.0.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58291
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;myapp.default.svc.cluster.local. IN A
;; ANSWER SECTION:
myapp.default.svc.cluster.local. 5 IN A 10.99.99.99
;; Query time: 1 msec
;; SERVER: 10.96.0.10#53(10.96.0.10)
;; WHEN: Fri Sep 07 14:29:09 CST 2018
;; MSG SIZE rcvd: 107