k8s资源之service

k8s资源之service

​​istio多集群探秘，部署了50次多集群后我得出的结论​​

​​istio多集群链路追踪，附实操视频​​

​​istio防故障利器，你知道几个,istio新手不要读，太难！​​

​​istio业务权限控制，原来可以这么玩​​

​​istio实现非侵入压缩，微服务之间如何实现压缩​​

​​不懂envoyfilter也敢说精通istio系列-filter-再也不用再代码里写csrf逻辑了​​

​​不懂envoyfilter也敢说精通istio系列filter​​

​​不懂envoyfilter也敢说精通istio系列-network filter-redis proxy​​

​​不懂envoyfilter也敢说精通istio系列-network filter-HttpConnectionManager​​

​​不懂envoyfilter也敢说精通istio系列-ratelimit-istio ratelimit完全手册​​

————————————————

•在k8s集群中，service是一个抽象概念，它通过一个虚拟的IP映射指定的端口，将代理客户端发来的请求转到后端一组pod中的一个上。这是个神马意思呢？pod中的容器经常在不停地销毁和重建，因此pod的IP会不停的改变，这时候客户端就没法访问到pod了，现在有了service作为客户端和pod的中间层，它在这里抽象出一个虚拟IP，然后集群内部都可以通过这个虚拟IP访问到具体的pod。

常用命令：

•kubectl get svc

•kubectl label svc ServiceName type=s1

•kubectl label svc ServiceName type-

•kubectl get svc -l type=s1

•kubectl describe svc ServiceName

•kubectl edit svc ServiceName

•Kubectl delete svc ServiceName

•Kubectl delete svc -l type=s1

•Kubectl delete svc –all –n namespace

•Kubectl annotate svc ServiceName type=s1

•Kubectl annotate svc ServiceName type-

•kubectl patch service nginx-clusterip-svc -p '{"metadata":{"labels":{"aa":"bb"}}}‘

•kubectl get svc nginx-clusterip-svc -o yaml

•kubectl get svc nginx-clusterip-svc -o json

•kubectl get svc -o wide

Service的工作方式：

•Userspace方式

•iptables模型

• ipvs模型

Userspace模式：

Client Pod要访问Server Pod时,它先将请求发给本机内核空间中的service规则，由它再将请求,转给监听在指定套接字上的kube-proxy，kube-proxy处理完请求，并分发请求到指定Server Pod后,再将请求递交给内核空间中的service,由service将请求转给指定的clinet Pod。 　　由于其需要来回在用户空间和内核空间交互通信，因此效率很差

iptables：

直接由内核中的iptables规则，接受Client Pod的请求，并处理完成后，直接转发给指定ServerPod

ipvs：

接有内核中的ipvs规则来接受Client Pod请求，并处理该请求,再有内核封包后，直接发给指定的Server Pod

以上不论哪种，kube-proxy都通过watch的方式监控着kube-APIServer写入etcd中关于Pod的最新状态信息,它一旦检查到一个Pod资源被删除了 或 新建，它将立即将这些变化，反应再iptables 或 ipvs规则中，以便iptables和ipvs在调度Clinet Pod请求到Server Pod时，不会出现Server Pod不存在的情况

启用方法：

以service方式启动kube-proxy

–proxy-mode= userspace

– proxy-mode= iptables

– proxy-mode= ipvs

以pod方式启动kube-proxy

kubectl edit cm kube-proxy -n kube-system

mode: “ipvs” or iptables or userspace

之后重启各个节点上的kube-proxy pod

Service类型：

•ExternalName

•ClusterIP

•NodePort

•LoadBalancer

clusterip：

[root@master01 service]# cat nginx-clusterIp-svc.yaml apiVersion: v1kind: Servicemetadata: name: nginx-clusterip-svcspec: selector: app: nginx type: ClusterIP ports: - name: port: 8000 targetPort: 80

[root@master01 service]# cat nginx-clusterIp-svc-assign-address.yaml apiVersion: v1kind: Servicemetadata: name: nginx-clusterip-svc-with-ipspec: selector: app: nginx clusterIP: 10.68.100.100 type: ClusterIP ports: - name: port: 8000 targetPort: 80

[root@master01 service]# cat nginx-clusterIp-svc-headless.yaml apiVersion: v1kind: Servicemetadata: name: nginx-clusterip-svc-headlessspec: selector: app: nginx type: ClusterIP clusterIP: None ports: - name: port: 8000 targetPort: 80

[root@master01 service]# cat nginx-clusterIp-svc-with-externalip.yaml apiVersion: v1kind: Servicemetadata: name: nginx-clusterip-svc-with-externalipspec: selector: app: nginx type: ClusterIP externalIPs: - 192.168.198.111 ports: - name: port: 8000 targetPort: 80

exteranlName：

[root@master01 service]# cat nginx-exteranlName-svc.yaml apiVersion: v1kind: Servicemetadata: name: nginx-externalname-svcspec: externalName: baidu.com type: ExternalName

[root@master01 service]# cat nginx-exteranlName-svc-with-externalips.yaml apiVersion: v1kind: Servicemetadata: name: nginx-externalname-svc-with-externalipsspec: externalName: baidu.com type: ExternalName externalIPs: - 192.168.198.16 - 192.168.198.17

loadblancer：

[root@master01 service]# cat nginx-loadblancer-svc.yaml apiVersion: v1kind: Servicemetadata: name: nginx-loadblancer-svcspec: selector: app: nginx type: LoadBalancer loadBalancerIP: 1.2.3.4 ports: - name: port: 8000 targetPort: 80

[root@master01 service]# cat nginx-loadblancer-svc-without-ip.yaml apiVersion: v1kind: Servicemetadata: name: nginx-loadblancer-withoutip-svcspec: selector: app: nginx type: LoadBalancer ports: - name: port: 8000 targetPort: 80

[root@master01 service]# cat nginx-loadblancer-svc-with-externalips.yaml apiVersion: v1kind: Servicemetadata: name: nginx-loadblancer-with-externalipsspec: selector: app: nginx type: LoadBalancer externalIPs: - 192.168.198.13 - 192.168.198.14 ports: - name: port: 8000 targetPort: 80

nodePort：

[root@master01 service]# cat nginx-nodePort-svc.yaml apiVersion: v1kind: Servicemetadata: name: nginx-nodeport-svcspec: selector: app: nginx type: NodePort ports: - name: port: 8000 targetPort: 80

[root@master01 service]# cat nginx-nodePort-svc-with-port.yaml apiVersion: v1kind: Servicemetadata: name: nginx-nodeport-svc-with-portspec: selector: app: nginx type: NodePort ports: - name: port: 8000 targetPort: 80 nodePort: 31000

[root@master01 service]# cat nginx-nodePort-svc-with-externalip.yaml apiVersion: v1kind: Servicemetadata: name: nginx-nodeport-svc-with-externalipsspec: selector: app: nginx type: NodePort externalIPs: - 192.168.198.10 - 192.168.198.11 ports: - name: port: 8000 targetPort: 80

sessionaffinity：

[root@master01 service]# cat nginx-clusterIp-svc-sessionAffinity.yaml apiVersion: v1kind: Servicemetadata: name: nginx-clusterip-svc-with-sessionaffinityspec: selector: app: nginx type: ClusterIP sessionAffinity: ClientIP ports: - name: port: 8000 targetPort: 80

[root@master01 service]# cat nginx-nodePort-svc-with-sessionaffinity.yal apiVersion: v1kind: Servicemetadata: name: nginx-nodeport-svc-with-sessionaffinityspec: selector: app: nginx type: NodePort sessionAffinity: ClientIP ports: - name: port: 8000 targetPort: 80

[root@master01 service]# cat nginx-loadblancer-svc-with-sessionaffinity.yaml apiVersion: v1kind: Servicemetadata: name: nginx-loadblancer-with-sessionaffinityspec: selector: app: nginx type: LoadBalancer sessionAffinity: ClientIP ports: - name: port: 8000 targetPort: 80

[root@master01 service]# cat nginx-exteranlName-svc-with-sessionaffinity.yaml apiVersion: v1kind: Servicemetadata: name: nginx-externalname-svc-with-sessionaffinityspec: externalName: baidu.com type: ExternalName sessionAffinity: ClientIP

externalTrafficPolicy：

LoadBalancer and Nodeport type services

如果服务需要将外部流量路由到 本地节点或者集群级别的端点，即service type 为LoadBalancer或NodePort，那么需要指明该参数。存在两种选项：”Cluster”（默认）和 “Local”。 “Cluster” 隐藏源 IP 地址，可能会导致第二跳（second hop）到其他节点，但是全局负载效果较好。”Local” 保留客户端源 IP 地址，避免 LoadBalancer 和 NodePort 类型服务的第二跳，但是可能会导致负载不平衡

root@master01 service]# cat nginx-nodePort-svc-externalTrafficPolicy.yaml apiVersion: v1kind: Servicemetadata: name: nginx-nodeport-svc-externaltrafficpolicyspec: selector: app: nginx type: NodePort externalTrafficPolicy: Local ports: - name: port: 8000 targetPort: 80

[root@master01 service]# cat nginx-loadblancer-svc-externalTrafficPolicy.yaml apiVersion: v1kind: Servicemetadata: name: nginx-loadblancer-svc-externaltrafficpolicyspec: selector: app: nginx type: LoadBalancer externalTrafficPolicy: Local ports: - name: port: 8000 targetPort: 80

healthCheckNodePort：

只有当类型被设置成 “LoadBalancer” 并且 externalTrafficPolicy 被设置成 “Local” 时，才会生效

ipFamily：

[root@master01 service]# cat nginx-clusterIp-svc-ipFamily.yaml apiVersion: v1kind: Servicemetadata: name: nginx-clusterip-svc-ipfamilyspec: selector: app: nginx type: ClusterIP ipFamily: IPv6 ports: - name: port: 8000 targetPort: 80

To enable IPv4/IPv6 dual-stack, enable the IPv6DualStack  ​​feature gate​​  for the relevant components of your cluster, and set dual-stack cluster network assignments:

kube -controller-manager:

--feature-gates="IPv6DualStack=true"

--cluster- cidr =,  eg . --cluster- cidr =10.244.0.0/16,fc00::/24

--service-cluster- ip -range=,

--node-cidr-mask-size-ipv4|--node-cidr-mask-size-ipv6 defaults to /24 for IPv4 and /64 for IPv6

kubelet :

--feature-gates="IPv6DualStack=true"

kube -proxy:

--proxy-mode= ipvs

--cluster- cidrs =,

--feature-gates="IPv6DualStack=true"

loadBalancerSourceRanges：

This feature is currently supported on Google Compute Engine, Google Kubernetes Engine, AWS Elastic Kubernetes Service, Azure Kubernetes Service, and IBM Cloud Kubernetes Service.

sessionAffinityConfig：

[root@master01 service]# cat nginx-clusterIp-svc-sessionAffinityConfig.yaml apiVersion: v1kind: Servicemetadata: name: nginx-clusterip-svc-sessionaffinityconfigspec: selector: app: nginx type: ClusterIP sessionAffinity: ClientIP sessionAffinityConfig: clientIP: timeoutSeconds: 2 ports: - name: port: 8000 targetPort: 80

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。