Shulou(Shulou.com)06/01 Report--

This article introduces the relevant knowledge of "what is the principle and function of Service and Endpoint". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Srevice

Service is an abstract method that exposes applications running on a set of Pods as network services. If we deploy pod using Deployment, we can create a Service with Deployment as the object.

In K8S, each Pod has its own unique ip address, while Service can provide the same DNS name for multiple Pod (a group), and load balancing can be carried out among them directly.

If there is a group of nginx pod, if the nginx dynamic scaling changes or for some reason changes the ip/ port, then its ip and port are not fixed, and it is difficult to determine what the address of its newly expanded pod is, and in case the pod is deleted, the ip is no longer available.

Also, if one set of pod is called the front end, such as web services, and the other set of pod is called the back end, for example, mysql. So how does the front end find and track the ip address to connect to so that the front end can use the back end portion of the workload?

This is really the problem that Service is trying to solve. Kubernetes Service defines an abstraction: a logical set of Pod, a policy that can access them-- often called microservices. When you use Service to create a service for a set of pod (created by Deployment), no matter how many copies of pod we create and how those pod changes, the front end doesn't need to care which back-end copy they call, and you don't need to know the status of the back-end pod or track the pod. Service abstracts this association between the front and back ends and decouples them.

The creation and phenomenon of Service

Now follow the command below to quickly create a pod,pod that will be deployed and run in each node.

Kubectl create deployment nginx-image=nginx:latest-replicas=3

Kubectl expose deployment nginx-type=LoadBalancer-port=80

Then execute the command to view the Service:

Kubectl get services

In other words, the external access port is 30424.

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT (S) AGE

Kubernetes ClusterIP 10.96.0.1 443/TCP 3d6h

Nginx LoadBalancer 10.101.132.236 80:30424/TCP 39s

At this point, we can access the Service through the public network and port.

We can view the yaml file for this Service:

Kubectl get service nginx-o yaml

ApiVersion: v1kind: Servicemetadata:

CreationTimestamp: "2021-04-23T07:40:35Z"

Labels:

App: nginx

Name: nginx

Namespace: default

ResourceVersion: "369738"

Uid: 8dc49805-2fc8-4407-adc0-8e31dc24fa79spec:

ClusterIP: 10.101.132.236

ClusterIPs:

-10.101.132.236

ExternalTrafficPolicy: Cluster

IpFamilies:

-IPv4

IpFamilyPolicy: SingleStack

Ports:

-nodePort: 30424

Port: 80

Protocol: TCP

TargetPort: 80

Selector:

App: nginx

SessionAffinity: None

Type: LoadBalancerstatus:

LoadBalancer: {}

With the standard yaml file template, we can easily modify and customize a Service.

Let's take a look at the pod created through Deployment:

Kubectl get pods-o wide

NAME IP NODE NOMINATED NODE READINESS GATESnginx-55649fd747-9fzlr 192.168.56.56 instance-2 nginx-55649fd747-ckhrw 192.168.56.57 instance-2 nginx-55649fd747-ldzkf 192.168.23.138 instance-1

Note: we are different in which node pod runs.

When we access through the external network, Service will automatically provide us with one of the pod, but the process is more complicated, we will first look at the surface.

-

| | |

-Public network ip-- > | pod1 |

| | pod2 |

| | pod3 |

-

Then we view the iptables configuration with the command:

Iptables-save

Then look for the random keyword:

You can see that there are three default/nginx, the first pod being visited is 0.33333. Then in the probability of 2 pod 3, the probability of 2 pod 3 is 0.5% of the probability of choosing the second pod, and the probability of the remaining 1 pod 3 is choosing the third pod.

If you want to access the pod, you can access it as the ip of any node on which the nginx pod is deployed. Because master cannot deploy pod, it cannot be accessed through master's ip.

Of course, it is not all 0.3333.3 directly. In this way, the rules of iptables are a bit complicated, which is difficult to explain here. We just need to know that the public network can access Service, and Service forwards traffic for us through iptable. Even if the pod deployed by Deployment is not on the same node, the dns service of K8s will be handled correctly, and we do not need to configure these networks manually.

Service definition

In the previous section, I introduced the creation method of Service (kubectl expose.), as well as the iptables on which it depends, here we will continue to learn how to define Service.

Because we used to operate through Deployment, directly mapping the pod (copy) in a deployment. Of course, we can also do network mapping for different pod.

ApiVersion: v1kind: Servicemetadata:

Name: my-servicespec:

Selector:

App: MyApp

Ports:

-protocol: TCP

Port: 6666

TargetPort: 80

Here we use the selector selector. Generally, the Label of a pod has an app, which indicates the name of the pod (usually the name of the image). Port and targetPort are pod ports and ports for external access, respectively.

When we do not deal with pod through objects such as Deployment or job, we can select the appropriate pod through selector.

Service can map a receiving container or pod port targetPort to any port port, and port is an externally accessible port. If you use kubectl expose to map ports, a random 30xxx port is provided by default. With yaml, by default, targetPort will be set to the same value as the port field.

Endpoint slices

"Endpoint slices (Endpoint Slices) provide an easy way to track network endpoints (network endpoints) in a Kubernetes cluster. They provide a scalable and extensible alternative to Endpoints."

In Kubernetes, an EndpointSlice contains a reference to a set of network endpoints. After you specify the selector, the control plane automatically creates an Endpoint for the Kubernetes service with the selection operator set.

That is, creating a Service (with a selection operator) automatically creates an Endpiont.

Let's look at the endpoint of the default namespace:

Kubectl get endpoints

NAME ENDPOINTS AGEkubernetes 10.170.0.2:6443 3d7hnginx 192.168.56.24:80192.168.56.25:80192.168.56.26:80 59m

These are the ip and ports of pod, that is, it becomes more arbitrary for us to track the network endpoints (network endpoints) in the Kubernetes cluster through Endpoint. However, this explanation is very difficult to understand, the author looked through the data many times, a little bit of trial and error to understand. Then let's start with the operation step by step, and then understand the meaning of these operations a little bit.

Create Endpoint, Service

Next, we manually create Service and Endpoint, and we need to create Service first, and then Endpoint (both can be created in any order).

Service

Let's first delete the service we created earlier.

Kubectl delete service nginx

The content of the service.yaml file is as follows:

ApiVersion: v1kind: Servicemetadata:

Name: nginxspec:

Ports:

-protocol: TCP

Port: 6666

TargetPort: 80

Apply this Service:

Kubectl apply-f service.yaml

View service:

Kubectl get services

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT (S) AGEkubernetes ClusterIP 10.96.0.1 443/TCP 3d12hnginx ClusterIP 10.98.113.242 6666/TCP 6s

Since this Service does not map any pod, etc., it is of no use, but at this point you can give the developer an explanation, or determine the Service port and address of the nginx. As for the real nginx service, it will be determined later. The order in which Service and Endpoint are created is arbitrary, but here we propose an abstraction, first agreeing on the port before providing the service, so create the Service first.

Create an application

Let's randomly find a worker or master node to create a nginx container:

Docker run-itd-p 80:80 nginx:latest

Why not use pod and create containers directly? Because we are in the development stage, if we change nginx to mysql, we want Debug? Test your own database? Do you want to simulate the data? We create applications through Deployment during production, but at this point we can use our own database or local applications.

The official document says:

You want to use an external database cluster in a production environment, but the test environment uses its own database.

You want the service to point to a service in another namespace (Namespace) or in another cluster.

You are migrating your workload to Kubernetes. When evaluating this method, you only run part of the backend in Kubernetes.

In summary, we have created Service, which can provide abstraction, and as to how to provide this service, we can use pod, we can use commands to execute binary programs on the machine, or we can provide it through docker. And mysql may be provided by external services, or mysql may be deployed directly on the host, instead of using containers and pod, we can track the ports of mysql services through Endpoint.

Then query the ip,: of this container

Docker inspect {Container id} | grep IPAddress

What the author gets is: "IPAddress": "172.17.0.2". You can try curl 172.17.0.2 to see if you can access nginx. If there is no problem, let's move on to the next step.

Create Endpoint

Create an endpoint.yaml file with the following contents (be sure to replace ip to access ip for your container):

ApiVersion: v1kind: Endpointsmetadata:

Name: nginxsubsets:

-addresses:

-ip: 172.17.0.2

Ports:

-port: 80

Then apply yaml:

Kubectl apply-f endpoint.yaml

View endpoint:

Kubectl get endpoints# cannot be filled as endpoint

Then visit Service's ip:

Curl 10.99.142.24:6666

You can also access this IP through the public network.

If Endpoint needs to track multiple ip (multiple pod or container or application), you can use:

-addresses:

-ip: 172.17.0.2

-ip: 172.17.0.3

-ip: 172.17.0.4

This is the end of the introduction of "what is the principle and function of Service and Endpoint". Thank you for your reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.