Shulou(Shulou.com)06/03 Report--

one。 Background

Ideally, we can think of Kubernetes Pod as robust. However, the gap between ideal and reality is often very large. In many cases, the container in Pod may die because of a failure. Controller such as Deployment will dynamically create and destroy Pod to ensure the robustness of the application as a whole. As we all know, each Pod has its own IP address. When the new Controller replaces the failed Pod with the new Pod, we will find that the new IP address may not be the same as the IP address of the faulty Pod. At this point, how does the client access the service? Service in Kubernetes arises at the historic moment.

two。 Practice step 2.1 to create a Deployment:httpd.

Kubernetes Service logically means that a group of Pod,Service with certain label associations has its own IP, and this IP is immutable. No matter how the back-end Pod changes, the Service will not change. Create the YAML as follows:

ApiVersion: apps/v1beta1kind: Deploymentmetadata: name: httpdspec: replicas: 4 template: metadata: labels: run: httpdspec: containers:-name: httpd image: httpd ports:-containerPort: 80

Configuration commands:

[root@k8s-m] # kubectl apply-f Httpd-Deployment.yamldeployment.apps/httpd created

A moment later:

[root@k8s-m] # kubectl get pod-o wideNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODEhttpd-79c4f99955-dbbx7 1 Running 0 7m32s 10.244.2.35 k8s-n2 httpd-79c4f99955-djv44 1 Running 0 7m32s 10.244.1.101 k8s-n1 httpd-79c4f99955-npqxz 1 Running 0 7m32s 10.244.1.102 k8s-n1 httpd-79c4f99955-vkjk6 1 Running 0 7m32s 10.244.2.36 k8s-n2 [root@k8s-m ~] # curl 10.244.2.35It works! [root@k8s-m ~] # curl 10.244.2.36It works! [root@k8s-m ~] # curl 10.244.1.101It works! [root@k8s-m ~] # curl 10.244.1.102It workswriting 2.2 creates a Service:httpd-svc.

Create the YAML as follows:

ApiVersion: v1kind: Servicemetadata: name: httpd-svcspec: selector: run: httpd ports:-protocol: TCP port: 8080 targetPort: 80

Complete the configuration and observe:

[root@k8s-m] # kubectl apply-f Httpd-Service.yamlservice/httpd-svc created [root@k8s-m] # kubectl get svcNAME TYPE CLUSTER-IP EXTERNAL-IP PORT (S) AGEhttpd-svc ClusterIP 10.110.212.171 8080/TCP 14skubernetes ClusterIP 10.96.0.1 443/TCP 11d [root@k8s-m] # curl 10.110.212. 171:8080It works! [root@k8s-m ~] # kubectl describe service httpd-svcName: httpd-svcNamespace: defaultLabels: Annotations: kubectl.kubernetes.io/last-applied-configuration: {"apiVersion": "v1" "kind": "Service", "metadata": {"annotations": {}, "name": "httpd-svc", "namespace": "default"}, "spec": {"ports": [{"port": 8080 "... Selector: run=httpdType: ClusterIPIP: 10.110.212.171Port: 8080/TCPTargetPort: 80/TCPEndpoints: 10.244.1.101 Vera 80Magi 10.244.1.102Disposable 80Magi 10.244.2.35Rich 80 + 1 more...Session Affinity: NoneEvents:

From the Endpoints in the above content, we can see that the Pod,cluster-ip containing the labels we specified under the service httpd-svc is successfully mapped to Pod IP through iptables. Then take a look at the relevant iptables rules through the iptables-save command.

[root@k8s-m ~] # iptables-save | grep "10.110.212.171"-A KUBE-SERVICES!-s 10.244.0.0default/httpd-svc 16-d 10.110.212.171 default/httpd-svc 32-p tcp-m comment-- comment "default/httpd-svc: cluster IP"-m tcp-- dport 8080-j KUBE-MARK-MASQ-A KUBE-SERVICES-d 10.110.212.171 tcp 32-p tcp-m comment-- comment "default/httpd-svc: cluster IP" -m tcp-- dport 8080-j KUBE-SVC-RL3JAE4GN7VOGDGP [root@k8s-m ~] # iptables-save | grep-v 'default/httpd-svc' | grep 'KUBE-SVC-RL3JAE4GN7VOGDGP':KUBE-SVC-RL3JAE4GN7VOGDGP-[0:0]-A KUBE-SVC-RL3JAE4GN7VOGDGP-m statistic-- mode random-- probability 0.25000000000-j KUBE-SEP-R5YBMKYSG56R4KDU-A KUBE-SVC-RL3JAE4GN7VOGDGP-m statistic-- mode random-probability 0.33332999982-j KUBE-SEP-7G5ANBWSVVLRNZAH-A KUBE-SVC-RL3JAE4GN7VOGDGP-m Statistic-- mode random-- probability 0.50000000000-j KUBE-SEP-2PT6QZGNQHS4OL4I-A KUBE-SVC-RL3JAE4GN7VOGDGP-j KUBE-SEP-I4PXZ6UARQLLOV4E

We can further look at the relevant forwarding rules, which are omitted here. Iptables forwards the traffic accessing the Service to the backend Pod, using a load balancing policy similar to polling.

2.3 access Service through the domain name.

Our platform is deployed through kubeadm, version v1.12.1, and the dns-related component that comes with this version is coredns.

[root@k8s-m] # kubectl get deployment-- namespace=kube-systemNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEcoredns 22 22 217d

Verify that DNS works by creating a temporary quarantined environment.

[root@k8s-m] # kubectl run-it-- rm busybox-- image=busybox / bin/shkubectl run-- generator=deployment/apps.v1beta1 is DEPRECATED and will be removed in a future version. Use kubectl create instead.If you don't see a command prompt Try pressing enter./ # wget httpd-svc.default:8080Connecting to httpd-svc.default:8080 (10.110.212.171index.html 8080) 100% | * * * | 45 0:00:00 ETA/ # cat index.htmlIt works!

By the way, kubectl run may no longer be supported in future releases, so it is recommended to use kubectl create instead. I have been lazy here, and this is not recommended in the future.

In the above example, the namespace of the temporary isolated environment is default, which is in the same namespace as the new httpd-svc we created, and the default of httpd-svc.default can be omitted. If you access across namespace, then namespace cannot be omitted.

2.4 access to Service through the public network.

In general, we can access Kubeenetes's Service in four ways, namely ClusterIP,NodePort,Loadbalance,ExternalName. Previous experiments are based on ClusterIP, and both Node and Pod within the cluster can access Service through ClusterIP. NodePort provides services through the static ports of cluster nodes.

Next we will take NodePort as an example to demonstrate. The YAML of the modified Service is as follows:

ApiVersion: v1kind: Servicemetadata: name: httpd-svcspec: type: NodePort selector: run: httpd ports:-protocol: TCP nodePort: 31688 port: 8080 targetPort: 80

Observe after configuration:

[root@k8s-m ~] # kubectl apply-f Httpd-Service.yamlservice/httpd-svc configured [root@k8s-m ~] # kubectl get svcNAME TYPE CLUSTER-IP EXTERNAL-IP PORT (S) AGEhttpd-svc NodePort 10.110.212.171 8080:31688/TCP 117mkubernetes ClusterIP 10.96.0.1 443/TCP 12d

The port of Service httpd-svc is mapped to port 31688 of the host. If the YAML file does not specify nodePort, Kubernetes assigns a port to Service in the range 30000-32767. Now we can access our service through the browser. In an environment that interconnects with the node network, the newly deployed Service can be accessed through the IP:31688 of any Node.

three。 To sum up, I have been reading kubernetes-related books and documents these days, and I have been deeply experiencing the convenience and feelings of kubernetes in the test environment. I wrote this article on the basis of my own practice for later review. The time to launch the production environment is getting closer and closer, and we hope to eat through the kubernetes before the production environment goes online. To learn anything new, you must calm down. Just watching is not enough, but also combined with the right amount of practical operation. After the completion of the operation, we should think over and over again, summarize and precipitate, so that we can grow. Kubernetes is indeed a relatively complex system, with many concepts and complexity, so it is necessary to understand the basic concepts clearly before operation. four。 References Kubernetes official documentation

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.