1. establish Service

         Kubernetes Service Logically represents a group of Pod, What are the specific ones Pod It is from label To choose .Service Have their own IP, And this IP It is the same. . The client only needs to access Service Of IP,Kubernetes Is responsible for establishing and maintaining Service And Pod The mapping relation of . No matter the back end Pod How to change , There will be no impact on the client , because Service No change .

         First create Pod,vi httpd.yml The documents are as follows ：

apiVersion: apps/v1
kind: Deployment
metadata:
  name: httpd
spec:
  replicas: 2
  selector:
    matchLabels:
      app: httpd
  template:
    metadata:
      labels:
        app: httpd
    spec:
      containers:
      - name: httpd
        image: httpd
        ports:
        - containerPort: 80

         We launched two Pod, function httpd Mirror image ,label yes app: httpd,Service Will use this label To pick Pod,kubectl get pod -o wid As shown in the figure below ：

         Pod Assigned their own IP, these IP Can only be Kubernetes Cluster Container and node access in

  Next create Service,vi httpd-svc.yml The configuration is shown in the figure below ：

apiVersion: v1
kind: Service
metadata:
  name: httpd-svc
spec:
  selector:
    app: httpd
  ports:
  - protocol: TCP
    port: 8080
    targetPort: 80

• v1 yes Service Of apiVersion.
• Indicates that the type of the current resource is Service.
• Service The name is httpd-svc.
• selector Indicate which ones to choose label by app: httpd Of Pod As Service Backend .
• take Service Of 8080 Port maps to Pod Of 80 port , Use TCP agreement .

perform kubectl apply -f httpd-svc.yml establish Service

httpd-svc Assigned to a CLUSTER-IP 10.97.198.28. You can use this IP Access back-end httpd Pod, As shown in the figure below

adopt kubectl describe You can see httpd-svc And Pod Correspondence of  

2.Cluster IP Underlying implementation

        Cluster IP It's a virtual IP, By Kubernetes nodes iptables Rule management .

         Can pass iptables-save Command to print out the iptables The rules , Because there is more output , Here only intercept and httpd-svc Cluster IP 10.99.229.179 Relevant information , As shown in the figure

The meanings of these two rules are as follows ：

• If Cluster Internal Pod（ The source address is from 10.244.0.0/16） To visit httpd-svc, allows .
• Access from other source addresses httpd-svc, Jump to rule KUBE-SVC-IYRDZZKXS5EOQ6Q6.KUBE-SVC-IYRDZZKXS5EOQ6Q6.

The rules are shown in the figure ：

• 1/2 The probability of jumping to KUBE-SEP-5NAIINGHGNF6YGV7 The rules
• The remaining probability jumps to KUBE-SEP-6UQ5JXNOGEE55I3K The rules

  The jump rules are as follows ：

Forward the request to the two on the back end Pod. Through the above analysis , We come to the conclusion that ：iptables Will visit Service Forward traffic to the back end Pod, And use a load balancing strategy similar to polling . 

3. How to access the Internet Service

         except Cluster Internally accessible Service, In many cases, we also hope to apply Service Can be exposed to Cluster external .Kubernetes Provides a variety of types of Service, The default is ClusterIP.

• ClusterIP：Service adopt Cluster Inside IP External services , Only Cluster Nodes and Pod Accessible , This is the default Service type , In the previous experiment Service All are ClusterIP.
• NodePort：Service adopt Cluster The static port of the node provides external services .Cluster The outside can pass through <NodeIP>:<NodePort> visit Service.
• LoadBalancer：Service utilize cloud provider Peculiar load balancer External services ,cloud provider Responsible for load balancer Flow oriented Service. Currently supported cloud provider Yes GCP、AWS、Azur etc. .

Let's practice NodePort,Service httpd-svc The configuration file is modified as follows

apiVersion: v1
kind: Service
metadata:
  name: httpd-svc
spec:
  type: NodePort
  selector:
    app: httpd
  ports:
  - protocol: TCP
    port: 8080
targetPort: 80

Recreated httpd-svc, As shown in the figure below ：

Kubernetes Still will be httpd-svc Allocate one ClusterIP, The difference is ：

• EXTERNAL-IP by nodes, Indicates that the Cluster Each node has its own IP visit Service.
• PORT(S) by 8080:31276.8080 yes ClusterIP Listening port ,31276 Is the listening port on the node .Kubernetes From 30000～32767 Assign an available port in , Each node listens to this port and forwards the request to Service.

Next test NodePod Whether it works properly ：

  And ClusterIP equally ,NodePort Also with the help of iptables. And ClusterIP comparison , For each node iptables The following two rules have been added to ：

visit 31276 Will apply rules KUBE-SVC-IYRDZZKXS5EOQ6Q6

NodePort The default is random selection , But we can use nodePort Designate a Specific port .

• nodePort Is the listening port on the node .
• port yes ClusterIP Listening port on .
• targetPort yes Pod Listening port .