Shulou(Shulou.com)06/02 Report--

One problem is that now my business is allocated to multiple Pod, so if one of my Pod dies, it will be the end of the business. Of course, some people will say that it is no problem for Pod to die. K8S own mechanism Deployment and Controller will dynamically create and destroy Pod to ensure the overall stability of the application. At this time, there will be a problem, that is, the IP generated by each Pod is dynamic. So, isn't the IP that restarted my external visit going to change? don't worry, let's solve this problem.

The problems encountered above can be solved through Service, so what is Service?

Service is the core concept of kubernetes. By creating Service, you can provide a unified entry address for a group of container applications with the same function, and distribute the request load to each container application at the back end.

To put it simply, Service is a group that pooled all the Pod, and then fixed an IP externally, specifically which Pod can be set through the Label tag described earlier.

Before creating Service, take a look at the nginx.yml that we created when we deployed the application.

Just mentioned, that is to say, which Pod is pooled by Service is based on the Label tag, then you can see the word nginx identified on the figure, which we will use to create Service later.

Let's create a Service.

Explain this yml file, ha, which means that V1 is the version of api, and then Kind indicates that the current resource type is Service,selector and selects the Pod labeled nginx before Label as the pooled object of Service, and finally maps port 8080 of Service to port 80 of Pod.

Execute kubectl apply to create Servie nginx-svc

one

Kubcetl apply-f nginx-svc.yml

After the creation, the nginx-svc is assigned to a cluster-ip through which you can access the back-end nginx business.

After creation, you can check the details of service to see which pod are included in the backend.

one

Kubectl describe service nginx-svc

So how did it come true? The answer is address translation and port translation through iptables, which can be viewed with iptables-save.

Well, at this time, someone said that there is still no external network access, ah, don't worry, let's set up the external network address access. In an actual production environment, there may be two sources of access to Service: programs within the Kubernetes cluster (Pod) and outside the Kubernetes cluster. In order to meet the above scenarios, Kubernetes service has the following three types:

1.ClusterIP: provides a virtual IP within the cluster (not on the same network segment as the Pod) for communication between pod within the cluster.

2.NodePort: open a random port on each Node and the port of each Node is the same. Programs outside the Kubernetes cluster can access the Service by: NodePort.

3.LoadBalancer: use Cloud Provider's unique LoadBalancer to provide services, and Cloud Provider is responsible for directing LoadBalancer traffic to Service.

In this article, we focus on the second way, that is, NodePort, to modify the nginx-svc.yml file, that is, the Service file created earlier. I believe careful students will find that NodePort has been done before the screenshot, because my environment is already configured, so it is no longer screenshot. The configuration is very simple. You can take a screenshot online, that is, add a type:NodePort, and then recreate the nginx-svc. If the command is the same as the created command, let's take a look at the result of the creation.

If you do not set the NodePort type at the beginning, there will only be a port 8080 on the port, but after you set it, you will see that there is one more port, that is, 31337, then 8080 people's fighting spirit is the port that cluster-ip listens to, and that 31337 is a new port on the node. Kubernetes will assign an available port from 30000 to 32767, and each node will listen on this port and forward it to Service. That is, to prevent a node from being hung up to affect access. Some people may ask, can the Service here be fixed? At that time, you can add a nodeport to the Service nginx-svc.yml file.

Finally, we can verify it. I won't take a screenshot here. It's too long.

Curl x.x.x.x:31337

Then some people in OK may say that the visit is random or load-balanced? The answer is load balancing, which is still implemented in iptables. If you are interested, you can study the rules made in iptables, so I won't repeat them here.

For junior players, containers that are systematic and can be operated with a click of the mouse are also great.

Huawei cloud container engine, a click of the mouse can complete the application service created by the container! Meizi ~

At present, Huawei Cloud Container engine launched the Container experience Hall, which is free for 7 days! Welcome to experience.

Https://www.huaweicloud.com/product/cce.html

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.