Service object creation and use

Service Object to solve ：

We have a group in a flat 、 Run in a cluster wide address space Nginx Service Pod. Theoretically , You can connect directly to these Pod, But what happens if a node dies ？ Pod Will be terminated ,Deployment A new Pod, And use different IP. That's exactly what it is. Service The problem to be solved .

Kubernetes Service It is a group that provides the same functions in the cluster Pod Abstract expression of . When each Service Creation time , Will be assigned a unique IP Address （ Also known as clusterIP）. This IP Address and Service The lifecycles of the , as long as Service There is , It won't change . You can configure the Pod Make it with Service communicate ,Pod Know and Service The communication will be automatically load balanced to the Service Some of them Pod On .

establish Service There are three types of (ClusterIP,NodePort,Loadbanlance), Understanding Service Object time , Let's have a look first Service The difference between the three objects ：

ClusterIP
Service Default type of , The service is published to virtual servers that are only visible within the cluster IP Address .
stay API Server Startup time , Need to pass through service-cluster-ip-range Parameter configuration virtual IP Address segment ,API Server There are for allocation IP Address and port components , When the component gets Service Object and create time , From the configured virtual IP Take a valid one from the address field IP Address , Assign to the Service object .

NodePort
stay API Service Startup time , Need to pass through node-port-range Parameter configuration nodePort The scope of the , alike ,API Server The component will capture Service Object and create time , That is, from the configured nodePort The range takes a valid port , Assign to the Service.
For each node kube-proxy Will try to allocate in the service nodePort Create a listener on to accept requests , And forward it to the backend corresponding to the service Pod example .

LoadBalancer
Enterprise data centers usually purchase some load balancers , As a unified traffic entry for external network requests to enter the data center .
For different infrastructure cloud platforms ,Kubernetes Clound Manager Provide support to different suppliers API Of Service Controller. If you need to Openstack Build on the cloud platform Kubernetes colony , Then just provide one openstack.rc,Openstack Service Controller You can call LBaas API Complete the load balancing configuration .

Three different types of Service, Let's take a look at port,nodeport,targetport The difference between .

NodePort

External traffic access k8s colony service A set of ways of entrance （ Another way is LoadBalaner）, namely nodeIP:nodePort Is to provide access to external traffic k8s In the cluster service Entrance . For example, external users want to access k8s One of the clusters Web application , Then we can configure the corresponding service Of type=NodePort,nodePort=30001. Other users can use the browser http://node:30001 Visit the web service .

Port

k8s Access between services within the cluster service Entrance . namely cluseterIP:poer yes service Reservation is clusterIP On the port

TargetPort

The port of the container ( Port for final traffic ).targrtPort yes pod On the port , from port and nodePort Up flow , after kube-prosy Flow to the back end pod Of targetPort On , And finally into the container , And DockerFile As defined in EXPOSE bring into correspondence with .

Some concepts are introduced above , Next, let's look at the specific service Create questions .

Here is a deployment Of yaml file , Through the yaml File creation pod（kubectl create -f xx.yaml）.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
        - name: nginx
          image: nginx
          readinessProbe:
            exec:
              command:
                - cat
                - /tmp/healthy
            initialDelaySeconds: 5
            periodSeconds: 5

pod Create good after , establish service, This service There is selector, If service There is selector, Then creating service At the same time , It will also be created synchronously endpoint.

apiVersion: v1
kind: Service
metadata:
  name: nginx-basic
spec:
  type: ClusterIP
  ports:
    - port: 80
      protocol: TCP
      name: http
  selector:
    app: nginx

see pod Information , You can see pod yes Not Ready state ,NotReady The reason is to create pod Of yaml The file needs to be executed cat /tmp/healthy command , And just created pod The file does not exist below , So it is NotReady state . At this point through clusterIP:port Also cannot access the deployed nginx application .

adopt kubectl exec -it podname --touch /tmp/healthy, stay pod Create the file under , Look again pod,pod become ready state .

  adopt ClusterIP:port To access the application , The correct information can be returned .

Check it again endpoint, If pod All are ready state , that endpoint Of address We will record pod Of ip Until the port and other information , If pod yes notready state , So in NotReadyAddress It's recorded in pod Of ip Address and port information , Only pod be in ready state , Send to service Will be forwarded to the corresponding pod On . that endpoint What is the function of ？

endpoint It's actually a record service And pod The mapping relationship between （ One service Can correspond to multiple pod, In the same way pod It can also correspond to multiple service）, In order to better maintain this mapping relationship , So there is endpoint. Automatically created endpoint Name and service Same name ,endpoint It records pod Of ip Port information of address , In this way, the request can be forwarded to a specific pod The above .

pod Of ip Address and endpoint Consistent data stored in .

  Created above ClusterIP Type of service Can only be accessed inside the cluster , If you expect to be able to access the inside of the cluster from outside pod, So you need to create NodePort Of Service,yaml The documents are as follows ：

apiVersion: v1
kind: Service
metadata:
  name: nginx-service
spec:
  type: NodePort
  ports:
    - port: 8080
      targetPort: 80
      protocol: TCP
      name: http
    - port: 443
      protocol: TCP
      name: https
  selector:
    app: nginx

After creation , Use... Externally curl Command access ：node Node public IP:nodePort, You can see that success has returned nginx Information about , It indicates that the external access to the internal services of the cluster is successful .

On the browser , You can also successfully visit nginx service .

  Through service In the process of completing the request forwarding , You can also do it in service Of yaml Configuration in file topology To control the flow

When topology key Set to :"kubernetes.io/hostname" when , The client that invokes the service , If a service instance is running , Then the instance handles the request , otherwise , Call failed .

When topology key Set as follows ： First check whether it is in the same node There are services running on the node , If it doesn't exist , Then find the same zone Next , If it doesn't exist yet , Then find the same region Next , Otherwise, the call fails

- "kubernetes.io/hostname"

- "topology.kubernetes.io/zone"

- "topology.kubernetes.io/region"

If in yaml In file topology key Configuration “*”, It means that if none of the previous rules find a running instance , Then forward the request to any service instance .

The following is service Add topology key Of yaml file

apiVersion: v1
kind: Service
metadata:
  name: nodelocal
spec:
  ports:
    - port: 80
      protocol: TCP
      name: http
  selector:
    app: nginx
  topologyKeys:
    - "kubernetes.io/hostname"

apiVersion: v1
kind: Service
metadata:
  name: prefer-nodelocal
spec:
  ports:
    - port: 80
      protocol: TCP
      name: http
  selector:
    app: nginx
  topologyKeys:
    - "kubernetes.io/hostname"
    - "topology.kubernetes.io/zone"
    - "topology.kubernetes.io/region"
    - "*"

in addition , One thing to note , If you are in the same namespace Too many have been created under service after , There may be pod Failure to start , Why? ？ because pod There is a property in the configuration enableServiceLinks, The default value is true, When set to true When , So the same namespace Under the service All information of will be set into the container in the form of environment variables . And it's starting up pod When ,Linux The system has a limit on the length of the command to start the process , When one namespace in service Too many times , There will also be many environment variables , The command to start the process is too long and truncated , Eventually lead to pod Boot failure .

The solution is to enableServiceLink Property is set to false that will do  .