跳到主要内容

service-clusterip

Kubernetes服务访问之Service

通过以前的学习,我们已经能够通过Deployment来创建一组Pod来提供具有高可用性的服务。虽然每个Pod都会分配一个单独的Pod IP,然而却存在如下两个问题:

  • Pod IP仅仅是集群内可见的虚拟IP,外部无法访问。
  • Pod IP会随着Pod的销毁而消失,当ReplicaSet对Pod进行动态伸缩时,Pod IP可能随时随地都会变化,这样对于我们访问这个服务带来了难度。
Service 负载均衡之Cluster IP

service是一组pod的服务抽象,相当于一组pod的LB,负责将请求分发给对应的pod。service会为这个LB提供一个IP,一般称为cluster IP 。使用Service对象,通过selector进行标签选择,找到对应的Pod:

service-eladmin-api.yaml

apiVersion: v1
kind: Service
metadata:
  name: eladmin-api
  namespace: luffy
spec:
  ports:
  - port: 8000
    protocol: TCP
    targetPort: 8000
  selector:
    app: eladmin-api
  type: ClusterIP

操作演示:

## 别名
$ alias kd='kubectl -n luffy'

## 创建服务
$ kd create -f service-eladmin-api.yaml
$ kd get po --show-labels
NAME                      READY   STATUS    RESTARTS   AGE    LABELS
eladmin-api-5d979bb778-nv9qs   1/1     Running   0          7h57m   app=eladmin-api
mysql-858f99d446-vvmgz         1/1     Running   0          10h     app=mysql,from=luffy
redis-7957d49f44-smd9r         1/1     Running   0          9h      app=redis

$ kd get svc
NAME     TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)   AGE
eladmin-api   ClusterIP   10.99.182.32    <none>        8000/TCP   2m3s
mysql         ClusterIP   10.99.14.241    <none>        3306/TCP   16h
redis         ClusterIP   10.105.226.34   <none>        6379/TCP   45h

$ kd describe svc eladmin-api
Name:              eladmin-api
Namespace:         luffy
Labels:            <none>
Annotations:       <none>
Selector:          app=eladmin-api
Type:              ClusterIP
IP Family Policy:  SingleStack
IP Families:       IPv4
IP:                10.99.182.32
IPs:               10.99.182.32
Port:              <unset>  8000/TCP
TargetPort:        8000/TCP
Endpoints:         10.244.2.38:8000
Session Affinity:  None
Events:            <none>

## 扩容eladmin-api服务
$ kd scale deploy eladmin-api --replicas=2
deployment.apps/eladmin-api scaled

## 再次查看 service后关联的Endpoints
$ kd describe svc eladmin-api

Service与Pod如何关联:

service对象创建的同时,会创建同名的endpoints对象,若服务设置了readinessProbe, 当readinessProbe检测失败时,endpoints列表中会剔除掉对应的pod_ip,这样流量就不会分发到健康检测失败的Pod中

$ kd get endpoints eladmin-api
NAME     ENDPOINTS                            AGE
eladmin-api   10.244.0.68:8002,10.244.1.158:8002   7m

Service Cluster-IP如何访问:

$ kd get svc eladmin-api
NAME          TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)    AGE
eladmin-api   ClusterIP   10.99.182.32   <none>        8000/TCP   54m
$ curl 10.99.182.32:8000/auth/code

### 业务自身支持localhost:8000/auth/code -\> pod-ip:8000/auth/code -\> service-cluster-ip:8000/auth/code

思考:为何访问cluster-ip可以成功访问到pod的服务