1.随记
service 随记
流量负载组件
Service 4层网络负载 TCP UDP
Ingress 7层网络负载 Http https
kube-proxy 进程
service是一个概念,真正起作用的是kube-proxy ,当创建一个service时候,api-server会将对应的service信息保存到etcd中,kube-proxy监听etcd的变化
生成对应的访问规则,进行暴露服务
访问规则: ipvs规则
ipvsadm -Ln 查看service的端口转发
三种工作模式:
userspace:
kube-proxy 为service创建一个监听端口,发向Cluster IP的请求会被iptables规则重定向到kube-proxy监听的端口上
iptables:
iptables直接转发到具体的pod,kube-proxy的作用是生成iptables规则
ipvs
类似iptables 支持轮训算法
需要安装ipvs内核模块,否则会降级为iptables
开启ipvs
ipvsadm -Ln 查看是否开启了ipvs
kubectl edit cm kube-proxy -n kube-system
修改 mode: "ipvs"
kubectl delete pod -l k8s-app=kube-proxy -n kube-system
[root@node3 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.17.0.1:30857 rr
-> 10.244.2.40:80 Masq 1 0 0
-> 10.244.2.41:80 Masq 1 0 0
TCP 192.168.56.110:30857 rr
-> 10.244.2.40:80 Masq 1 0 0
-> 10.244.2.41:80 Masq 1 0 0
TCP 10.0.2.15:30857 rr
apiVersion: v1
kind: service
metadata:
name: service
namespace: dev
spec:
selector: #确定代理哪些pod,通过标签进行选择,具体实现是会被kube-proxy转换成具体的访问规则
app: nginx
type: #servie 类型 ClusterIP(默认值,k8s集群内部自动分配虚拟ip,只能在集群内部访问),NodePort(将service指定的Node上的端口暴露给外部,可以实现外部访问服务),LoadBalancer(使用外接的负载均衡完成负载分发) , ExternalName (把集群外部的服务引入集群内部,直接使用)
clusterIp: #虚拟服务的ip地址
sessionAffinity: #session亲和性,支持ClientIP,None两个选项,如果是同一个地址的请求,就将该请求打到同一个pod上去,None是设置没有亲和性
ports:
- protocol: TCP
port: 3017 #service端口
targetPort: 5009 #pod的端口
nodePort: 31122 #主机的端口
apiVersion: apps/v1
kind: Deployment
metadata:
name: service-deployment
namespace: dev
spec:
replicase: 3
selector:
matchLabels:
app: nginx-pod
template:
metadata:
labels:
app: nginx-pod
spec:
containers:
- name: nginx
iamge: nginx:1.18.0
ports:
- containerPort: 80
===============================================================clusterIp===================================
[root@node3 ~]# kubectl describe svc service-typ -n dev
Name: service-type
Namespace: dev
Labels: <none>
Annotations: <none>
Selector: app=nginx-pod
Type: ClusterIP
IP Families: <none>
IP: 10.1.97.97
IPs: 10.1.97.97
Port: <unset> 80/TCP
TargetPort: 80/TCP
Endpoints: 10.244.1.44:80,10.244.1.45:80,10.244.2.46:80
Session Affinity: None
Events: <none>
kubectl get endpoints -n dev
TCP 10.1.97.97:80 rr #rr轮询
-> 10.244.1.44:80 Masq 1 0 0
-> 10.244.1.45:80 Masq 1 0 0
-> 10.244.2.46:80 Masq 1 0 0
service负载分发策略:
默认使用kube-proxy的轮询策略
sessionAffinity: ClientIP #设置session亲和性 ClientIP None 如果没有设置就会使用kube-proxy的随机或者轮询
ipvsadm -Ln
--- 多了persistent
TCP 10.1.97.97:80 rr persistent 10800
-> 10.244.1.44:80 Masq 1 0 0
-> 10.244.1.45:80 Masq 1 0 0
-> 10.244.2.46:80 Masq 1 0 0
---
===============================================================clusterIp===================================
===============================================================HeadLiness===================================
如果没有clusterIP的设置,默认的ClusterIP方式会自动找一个clusterIP
[root@node1 ~]# kubectl get svc -n dev
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service-type ClusterIP 10.1.113.241 <none> 80/TCP 114s
如果clusterIP: None 设置成None就会成为一个ClusterIP方式
[root@node1 ~]# kubectl get svc -n dev
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service-type ClusterIP None <none> 80/TCP 7s
就成为了无头service
如果访问可以通过查看pod容器里面的域名来进行访问
[root@node1 ~]# kubectl exec -it service-deployment-848c68b85-8jvcv -n dev /bin/sh
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
# cat /etc/resolv.conf
nameserver 10.1.0.10
search dev.svc.cluster.local svc.cluster.local cluster.local
options ndots:5
[root@node1 ~]# kubectl exec -it service-deployment-848c68b85-8jvcv -n dev /bin/sh
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
# cat /etc/resolv.conf
nameserver 10.1.0.10
search dev.svc.cluster.local svc.cluster.local cluster.local
options ndots:5
# exit
[root@node1 ~]#
[root@node1 ~]#
[root@node1 ~]# curl 10.1.0.10:80
curl: (7) Failed connect to 10.1.0.10:80; 拒绝连接
[root@node1 ~]# dig @10.1.0.10 service-deployment.dev.svc.cluster.local
10.1.0.10
service-deployment: service名称
dev : 命名空间
svc.cluster.local :集群默认域名
===============================================================HeadLiness===================================
===============================================================NodePort===================================
将service的端口映射到node上的端口上
type: NodePort
nodePort: 30005 #30000 32767
[root@node1 ~]# kubectl get svc -n dev
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service-type NodePort 10.1.1.248 <none> 80:30005/TCP 6s
===============================================================NodePort===================================
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。