sevice概念介绍
service的实现强烈依赖于kube-DNS组件 新版本k8s安装的是core-DNS
因为每个pod是有生命周期的 为了给客户端访问pod提供一个固定的访问端点
service是客户端和pod服务端之间的一个中间层 service的名称解析是强依赖于dns服务的
集群网络种类介绍
pod网络和node网络的地址是一个实际的网络地址 是有对应的网络设备的(包括硬件和软件模拟出的网络设备)
service网络(集群网络) 是一个虚拟的IP地址 仅仅是iptables或者ipvs的转发规则 不存在对应的网络设备
service的三种实现模式
1.用户空间模式
请求先经过内核再转给kube-proxy进程最后转回给内核
2.内核iptables规则
3.内核ipvs规则
新增或者删除一个符合标签选择器的pod后 pod信息会提交给apiserver保存到etcd中 kube-proxy一直watch着apiserver里面的数据信息
一旦检测到变化会立即实时生成对应的ipvs转发规则 使外部的请求可以转发到对应的pod上
service ports字段说明
nodePort 》节点网络端口 port 》 service网络端口 targetPort 》pod网络端口
service资源记录解析规则
总体格式 SVC_NAME.NS_NAME.DOMAIN.LTD. 集群后缀名为 svc.cluster.local.
如 redis.default.svc.cluster.local.
redis是创建的service名称 .default是redis service所在的名称空间 .svc.cluster.local.是k8s集群默认添加的后缀
service种类
无头service
定义service的时候把clusterIP设置为None 就代表是无头service
在集群内部做dns解析的时候直接把service名称解析为对应pod的ip列表
apiVersion: v1 kind: Service metadata: name: myappless namespace: default spec: selector: app: myapp clusterIP: None type: ClusterIP ports: - port: 80 targetPort: 80
有头service
如果是有头service的话 dns解析service名称的时候返回的是clusterIP 再由clusterIP通过DNAT到后端各个podIP之上
apiVersion: v1 kind: Service metadata: name: myapp namespace: default spec: selector: app: myapp clusterIP: 10.96.97.97 type: ClusterIP ports: - port: 80 targetPort: 80
两种不同的service解析结果对比
[root@k8s-master ~]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE myapp-deploy-67f6f6b4dc-248mn 1/1 Running 0 11m 10.244.2.71 node3 myapp-deploy-67f6f6b4dc-5kzk4 1/1 Running 0 11m 10.244.1.147 node2 myapp-deploy-67f6f6b4dc-cglrb 1/1 Running 0 11m 10.244.2.70 node3 myapp-deploy-67f6f6b4dc-fsgrz 1/1 Running 0 11m 10.244.2.69 node3 myapp-deploy-67f6f6b4dc-l5bd7 1/1 Running 0 11m 10.244.1.146 node2 [root@k8s-master ~]# kubectl get svc -n kube-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP 233d [root@k8s-master ~]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 233d myapp ClusterIP 10.96.97.97 <none> 80/TCP 3m myappless ClusterIP None <none> 80/TCP 12s #无头service直接解析到对应的pod上 [root@k8s-master ~]# dig -t A myappless.default.svc.cluster.local. @10.96.0.10 ; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> -t A myappless.default.svc.cluster.local. @10.96.0.10 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12827 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;myappless.default.svc.cluster.local. IN A ;; ANSWER SECTION: myappless.default.svc.cluster.local. 5 IN A 10.244.1.146 myappless.default.svc.cluster.local. 5 IN A 10.244.1.147 myappless.default.svc.cluster.local. 5 IN A 10.244.2.69 myappless.default.svc.cluster.local. 5 IN A 10.244.2.70 myappless.default.svc.cluster.local. 5 IN A 10.244.2.71 ;; Query time: 2 msec ;; SERVER: 10.96.0.10#53(10.96.0.10) ;; WHEN: Mon May 27 02:05:11 CST 2019 ;; MSG SIZE rcvd: 319 #有头service解析到clusterIp上 [root@k8s-master ~]# dig -t A myapp.default.svc.cluster.local. @10.96.0.10 ; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> -t A myapp.default.svc.cluster.local. @10.96.0.10 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40454 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;myapp.default.svc.cluster.local. IN A ;; ANSWER SECTION: myapp.default.svc.cluster.local. 5 IN A 10.96.97.97 ;; Query time: 0 msec ;; SERVER: 10.96.0.10#53(10.96.0.10) ;; WHEN: Mon May 27 02:07:42 CST 2019 ;; MSG SIZE rcvd: 107
[root@k8s-master ~]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 230d myapp NodePort 10.100.165.177 <none> 80:32185/TCP 5m [root@k8s-master ~]# kubectl run client --image=busybox --restart=Never -it /bin/sh If you don't see a command prompt, try pressing enter. / # wget -O -q http://myapp.default:80 Connecting to myapp.default:80 (10.100.165.177:80) -q 100% |*****************************************| 65 0:00:00 ETA / # wget -O - -q http://myapp.default:80 Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a> / # wget -O - -q http://myapp.default:80 Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a> [root@k8s-master ~]# wget -O - -q http://myappd.default:80/hostname.html [root@k8s-master ~]# kubectl get pods NAME READY STATUS RESTARTS AGE client 1/1 Running 0 46m myapp-6865459dff-c59qp 1/1 Running 0 1h myapp-6865459dff-zd6wg 1/1 Running 0 10m [root@k8s-master ~]# kubectl exec -it client /bin/sh / # wget -O - -q http://myapp.default:80/hostname.html myapp-6865459dff-zd6wg pod和pods deployment和deployments都可以 [root@k8s-master ~]# kubectl get deployment NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE myapp 2 2 2 2 1h [root@k8s-master ~]# kubectl get deployments NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE myapp 2 2 2