官网: https://kubernetes.io/zh/docs/concepts/services-networking/service/
svc.spec.type包含 ExternalName, ClusterIP, NodePort, and LoadBalancer.
端口三剑客:
路径 | 作用 |
---|---|
svc.spec.ports.nodePort | 节点的端口, 仅在type是nodeport类型时,这个才生效 |
svc.spec.ports:port | 服务对外的端口 |
svc.spec.ports.targetPort | 容器的端口 |
每个服务创建都有svc.cluster.local. (不修改默认的情况下)
service也可以设定多个端口 eg:
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
selector:
app: MyApp
ports: #注意避免端口冲突
- name: http
protocol: TCP
port: 80
targetPort: 9376
- name: https
protocol: TCP
port: 443
targetPort: 9377
service 和pod中间有一个endpoint
但是 没有设定选择器的service,不会创建对应的Endpoint对象
type
type determines how the Service is exposed. Defaults to ClusterIP. Valid
options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
"ExternalName" maps to the specified externalName. "ClusterIP" allocates a
cluster-internal IP address for load-balancing to endpoints. Endpoints are
determined by the selector or if that is not specified, by manual
construction of an Endpoints object. If clusterIP is "None", no virtual IP
is allocated and the endpoints are published as a set of endpoints rather
than a stable IP. "NodePort" builds on ClusterIP and allocates a port on
every node which routes to the clusterIP. "LoadBalancer" builds on NodePort
and creates an external load-balancer (if supported in the current cloud)
which routes to the clusterIP. More info:
https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
官网说 “类型为 ExternalName 的服务将服务映射到 DNS 名称,而不是典型的选择器,例如 my-service 或者 cassandra。 您可以使用 spec.externalName 参数指定这些服务。”
service 会被绑定在一个实际的域名上,
没有筛选器!!
[root@test ~]# kubectl apply -f myapp-svc
The Service "myapp" is invalid: spec.clusterIP: Forbidden: must be empty for ExternalName services
默认模式,仅用于集群内通信
#先新建一个svc,可以看到因为没有符合标签选择器条件的pod, 在endpionts这里为空
[root@test ~]# kubectl describe svc/redis
Name: redis
Namespace: default
Labels:
Annotations: Selector: app=redis,role=logstor
Type: ClusterIP
IP: 10.97.97.97
Port: 6379/TCP
TargetPort: 6379/TCP
Endpoints:
Session Affinity: None
Events:
#目前有个一个redispod, 增加一个标签来满足svc的筛选条件
[root@test2 ~]# kubectl label pod/redis-67887b7ff5-lgpfd role=logstor
pod/redis-67887b7ff5-lgpfd labeled
#再次查看svc状态,发现endpoint有自动加上对应的pod
[root@test ~]# kubectl describe svc redis
Name: redis
Namespace: default
Labels:
Annotations: Selector: app=redis,role=logstor
Type: ClusterIP
IP: 10.97.97.97
Port: 6379/TCP
TargetPort: 6379/TCP
Endpoints: 10.244.2.183:6379
Session Affinity: None
Events:
Nodeport: client ->NodeIP:NodePort ->ClusterIP:ServicePort-> PodIP:containerPort
接入集群外部的流量 , 在云环境中添加安全策略后,对应的NodePort可以公网直接访问
nodeport 如果不指定固定端口,默认自动分配
#如果人工指定Nodeport端口必须在30000-32767之间!!
[root@test ~]# kubectl apply -f myapp-svc
The Service "myapp" is invalid: spec.ports[0].nodePort: Invalid value: 7900: provided port is not in the valid range. The range of valid ports is 30000-32767
[root@test ~]# kubectl describe svc/myapp
Name: myapp
Namespace: default
Labels:
Annotations: Selector: app=myapp,release=canary
Type: NodePort
IP: 10.98.98.98
Port: 80/TCP
TargetPort: 80/TCP
NodePort: 30081/TCP
Endpoints: 10.244.2.189:80,10.244.2.190:80,10.244.2.191:80 + 2 more...
Session Affinity: None
External Traffic Policy: Cluster
Events:
使用阿里云或腾讯云时,厂商有提供loadBalancer IP
假设有3个Node都有使用NodePort 对外暴露端口,此时还需要一个LoadBalancer Service来做第二层的负载均衡。
20200528: 这篇先欠着,在ingress出来以后会写