K8S - Service简介和 1个简单NodePort例子

大纲图

流量方向

如上图, 当用户or 别的service 从k8s 集群外部访问 集群内的services 流量方向有两种

一种是垂直方向, 通过域名 -> Load Balancer -> gateway -> services , 在k8s 一般是通过ingress 来实现, 而ingress 不是本文的范围内

另一种是横向流量, 因为每个service 基本都在不同的pods, 甚至是不同的nodes, 它们如何互相沟通, 这就是k8s service 的负责范围.

Service 的基本定义

严格来说,Kubernetes中的Service仅仅包括ClusterIP、NodePort和LoadBalancer这三种类型。

ClusterIP:

是默认的Service类型,为 Pod集合分配一个仅集群内部可达的虚拟IP地址。只能从集群内访问。

通常用来定义内部微服务。

NodePort:

除了分配 ClusterIP 外,还会在每一个 Node 上享有一个高端口号暴露服务。

可以通过 : 从集群外访问服务。但不经常使用,局限性较大。

LoadBalancer:

使用云平台本身的负载均衡功能,会在平台上创建一个负载均衡器。

外部流量进入负载均衡器,会转发到集群中能处理请求的节点。

这种类型的Service需要云平台原生支持。

所以总体来说,ClusterIP用于内部服务发现和通信,NodePort和LoadBalancer可以在某种程度上从外部访问服务,但不如Ingress功能全面。

NodePort 基本介绍

NodePort类型的Service是Kubernetes中最常见的一种服务类型。让我来详细介绍一下NodePort Service:

NodePort Service会在每个NodeNode上随机分配一个端口(默认范围30000-32767),通过这个端口就可以从集群外访问Service。

与ClusterIP不同,NodePort Service不仅分配一个内部ClusterIP,还会将服务暴露到每个Node的同一端口上。

客户端可以通过任何一个Node的IP和端口进行访问,例如:NodeIP:NodePort。

NodePort使得外部应用能够找到服务,但不提供负载均衡。流量直接到达Node上服务的首个Pod。

这种类型适用于测试和非生产环境,在生产环境一般不推荐直接使用。

它可以作为集群负载测试的简单方式,也可用于开发和调试服务。

和LoadBalancer相比,NodePort不需要外部负载均衡器支持,在任何云环境下都可以使用。

所以总结来说,NodePort Service通过在集群中的每个节点上映射一个端口,来暴露服务至外部,实现了较为简单的外部访问能力。

即使NodePort 更常用与测试环境, 但是学习nodePort 对k8s 可以加深对k8s 内部网络访问规则的理解

NodePort 的个例子

构造1个接口用于return hostname信息

/actuator/info

java 复制代码
@Configuration
@Slf4j
public class MainConfigs {
    @Bean("hostname")
    public String hostname() {
        return getHostName();
    }

    private String getHostName() {
        log.info("MainConfigs: getHostName ...");
        String hostName = "unknown";
        try {
            hostName = java.net.InetAddress.getLocalHost().getHostName();
        } catch (Exception e) {
            log.error("Error in getting hostname...", e);
        }
        return hostName;
    }
}
java 复制代码
@Component
@Slf4j
public class AppVersionInfo implements InfoContributor {

    @Value("${pom.version}") // https://stackoverflow.com/questions/3697449/retrieve-version-from-maven-pom-xml-in-code
    private String appVersion;

    @Autowired
    private String hostname;

    @Override
    public void contribute(Info.Builder builder) {
        log.info("AppVersionInfo: contribute ...");
        builder.withDetail("app", "Sales API")
                .withDetail("version", appVersion)
                .withDetail("hostname",hostname)
                .withDetail("description", "This is a simple Spring Boot application to demonstrate the use of BigQuery in GCP.");
    }
}
编写yaml
yaml 复制代码
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels: # label of this deployment
    app: bq-api-service # custom defined
    author: Jason
  name: bq-api-service-deploy-sample
  namespace: default
spec:
  replicas: 3           # desired replica count, Please note that the replica Pods in a Deployment are typically distributed across multiple nodes.
  revisionHistoryLimit: 10
  selector: # label of the Pod that the Deployment is managing,, it's mandatory, without it , we will get this error 
            # error: error validating data: ValidationError(Deployment.spec.selector): missing required field "matchLabels" in io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector ..
    matchLabels:
      app: bq-api-service
  strategy: # Strategy of upodate
    type: RollingUpdate # RollingUpdate or Recreate
    rollingUpdate:
      maxSurge: 25% # The maximum number of Pods that can be created over the desired number of Pods during the update
      maxUnavailable: 25% # The maximum number of Pods that can be unavailable during the update
  template: # Pod template
    metadata:
      labels:
        app: bq-api-service # label of the Pod that the Deployment is managing. must match the selector, otherwise, will get the error Invalid value: map[string]string{"app":"bq-api-xxx"}: `selector` does not match template `labels`
    spec:
      containers:
      - image: europe-west2-docker.pkg.dev/jason-hsbc/my-docker-repo/bq-api-service:1.1.4 # image of the container
        imagePullPolicy: IfNotPresent
        name: bq-api-service-container
      restartPolicy: Always # Restart policy for all containers within the Pod
      terminationGracePeriodSeconds: 10 # The period of time in seconds given to the Pod to terminate gracefully
       
---
apiVersion: v1 #  api version can be v1 or apps/v1
kind: Service 
metadata:
  name: bq-api-service-1 # name of the service
  labels:
    app: bq-api-service # label of the service
spec:
  selector: # Label of the Pod that the Service is selecting 
    app: bq-api-service
  ports:
  - port: 32111 # port of the service
    targetPort: 8080 # port of the Pod
    name: 8080-port # name of the port
  type: NodePort # type of the service, NodePort, ClusterIP, LoadBalancer

在这个yaml 中

我们构建了1个deployment, 包括3个pod 副本

还有1个nodePort service, 定义了service pod 是 32111 (随便定义, 一般跟target port一样), target port 是 8080 (必须跟docker file 暴露的端口一至)

执行yaml

正常用kubectl 命令执行

bash 复制代码
root@k8s-master:~/k8s-s/services# kubectl apply -f bq-api-service-sample.yaml 
deployment.apps/bq-api-service-deploy-sample created
service/bq-api-service-1 created
查看resource

先看 nodes

bash 复制代码
NAME         STATUS   ROLES                  AGE   VERSION   INTERNAL-IP    EXTERNAL-IP   OS-IMAGE                         KERNEL-VERSION          CONTAINER-RUNTIME   LABELS
k8s-master   Ready    control-plane,master   43d   v1.23.6   192.168.0.3    <none>        Debian GNU/Linux 11 (bullseye)   5.10.0-28-cloud-amd64   docker://25.0.3     beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-master,kubernetes.io/os=linux,node-role.kubernetes.io/control-plane=,node-role.kubernetes.io/master=,node.kubernetes.io/exclude-from-external-load-balancers=
k8s-node0    Ready    <none>                 43d   v1.23.6   192.168.0.6    <none>        Debian GNU/Linux 11 (bullseye)   5.10.0-28-cloud-amd64   docker://25.0.3     beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-node0,kubernetes.io/os=linux
k8s-node1    Ready    <none>                 43d   v1.23.6   192.168.0.44   <none>        Debian GNU/Linux 11 (bullseye)   5.10.0-28-cloud-amd64   docker://25.0.3     beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-node1,kubernetes.io/os=linux
k8s-node3    Ready    <none>                 23d   v1.23.6   192.168.0.45   <none>        Debian GNU/Linux 11 (bullseye)   5.10.0-28-cloud-amd64   docker://25.0.3     beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-node3,kubernetes.io/os=linux

可以查看各个node的ip 我们有1个master 和3 台nodes

再看pods

bash 复制代码
root@k8s-master:~/k8s-s/services# kubectl get pods -o wide --show-labels
NAME                                           READY   STATUS    RESTARTS   AGE     IP             NODE        NOMINATED NODE   READINESS GATES   LABELS
bq-api-service-deploy-sample-f448cf6ff-c8zlp   1/1     Running   0          6m47s   10.244.2.104   k8s-node0   <none>           <none>            app=bq-api-service,pod-template-hash=f448cf6ff
bq-api-service-deploy-sample-f448cf6ff-tkxck   1/1     Running   0          6m47s   10.244.1.45    k8s-node1   <none>           <none>            app=bq-api-service,pod-template-hash=f448cf6ff
bq-api-service-deploy-sample-f448cf6ff-vvkt9   1/1     Running   0          6m47s   10.244.3.54    k8s-node3   <none>           <none>            app=bq-api-service,pod-template-hash=f448cf6ff
root@k8s-master:~/k8s-s/services# 

可以见3个pods 被create, 分布在3个不同的nodes node0, node1 和 node3

再看service

bash 复制代码
root@k8s-master:~/k8s-s/services# kubectl get svc -o wide --show-labels
NAME               TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)           AGE     SELECTOR             LABELS
bq-api-service-1   NodePort    10.105.158.88   <none>        32111:31372/TCP   7m58s   app=bq-api-service   app=bq-api-service
kubernetes         ClusterIP   10.96.0.1       <none>        443/TCP           21h     <none>               component=apiserver,provider=kubernetes

可见1个名字是 bq-api-service-1的NodePort service 被创建, 在PORT(S) 属性里 的值是 32111:31372

其中这个32111是service 本身的port, 而31372 是1个随机生成的port, 可以让k8s外部通过 node ip:31372 去访问这个service

而kubectl get svc 这个命令是不能显示target port 信息

要查看taget port则要查看yaml 信息

bash 复制代码
root@k8s-master:~/k8s-s/services# kubectl get svc bq-api-service-1 -o yaml
apiVersion: v1
kind: Service
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"app":"bq-api-service"},"name":"bq-api-service-1","namespace":"default"},"spec":{"ports":[{"name":"8080-port","port":32111,"targetPort":8080}],"selector":{"app":"bq-api-service"},"type":"NodePort"}}
  creationTimestamp: "2024-04-07T14:44:56Z"
  labels:
    app: bq-api-service
  name: bq-api-service-1
  namespace: default
  resourceVersion: "2301903"
  uid: 6dc89e70-6d6f-4965-a613-246c085ca1ef
spec:
  clusterIP: 10.105.158.88
  clusterIPs:
  - 10.105.158.88
  externalTrafficPolicy: Cluster
  internalTrafficPolicy: Cluster
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - name: 8080-port
    nodePort: 31372
    port: 32111
    protocol: TCP
    targetPort: 8080
  selector:
    app: bq-api-service
  sessionAffinity: None
  type: NodePort
status:
  loadBalancer: {}

再看endpoint

bash 复制代码
root@k8s-master:~/k8s-s/services# kubectl get endpoints -o wide --show-labels
NAME               ENDPOINTS                                             AGE   LABELS
bq-api-service-1   10.244.1.45:8080,10.244.2.104:8080,10.244.3.54:8080   17m   app=bq-api-service
kubernetes         192.168.0.3:6443                                      21h   endpointslice.kubernetes.io/skip-mirror=true

重点来了, 一个与service 同名的endpoint 被创建出来, 其实service 与 endpoint 是1 1 对应的, 可以把endpoint 看作service 的属性

endpoints 有3个

10.244.1.45:8080,10.244.2.104:8080,10.244.3.54:8080

其实他们正是 是3个nodes的内部ip + target port

测试

正常我们要通过随机生成的端口nodePort: 31372 来访问

我们先登陆一台k8s 集群外的server

bashgateman@tf-vpc0-subnet0-main-server:~$ 复制代码
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 qdisc mq state UP group default qlen 1000
    link/ether 42:01:c0:a8:00:23 brd ff:ff:ff:ff:ff:ff
    altname enp0s4
    inet 192.168.0.35/32 brd 192.168.0.35 scope global dynamic ens4
       valid_lft 53636sec preferred_lft 53636sec
    inet6 fe80::4001:c0ff:fea8:23/64 scope link 
       valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP>
...

用curl 命令来测试

bash 复制代码
gateman@tf-vpc0-subnet0-main-server:~$ curl 192.168.0.6:31372/actuator/info
{"app":"Sales API","version":"1.1.4","hostname":"bq-api-service-deploy-sample-f448cf6ff-tkxck","description":"This is a simple Spring Boot application to demonstrate the use of BigQuery in GCP."}
gateman@tf-vpc0-subnet0-main-server:~$ curl 192.168.0.6:31372/actuator/info
{"app":"Sales API","version":"1.1.4","hostname":"bq-api-service-deploy-sample-f448cf6ff-c8zlp","description":"This is a simple Spring Boot application to demonstrate the use of BigQuery in GCP."}
gateman@tf-vpc0-subnet0-main-server:~$ curl 192.168.0.6:31372/actuator/info
{"app":"Sales API","version":"1.1.4","hostname":"bq-api-service-deploy-sample-f448cf6ff-tkxck","description":"This is a simple Spring Boot application to demonstrate the use of BigQuery in GCP."}
gateman@tf-vpc0-subnet0-main-server:~$ curl 192.168.0.6:31372/actuator/info
{"app":"Sales API","version":"1.1.4","hostname":"bq-api-service-deploy-sample-f448cf6ff-c8zlp","description":"This is a simple Spring Boot application to demonstrate the use of BigQuery in GCP."}
gateman@tf-vpc0-subnet0-main-server:~$ curl 192.168.0.6:31372/actuator/info
{"app":"Sales API","version":"1.1.4","hostname":"bq-api-service-deploy-sample-f448cf6ff-c8zlp","description":"This is a simple Spring Boot application to demonstrate the use of BigQuery in GCP."}
gateman@tf-vpc0-subnet0-main-server:~$ curl 192.168.0.6:31372/actuator/info
{"app":"Sales API","version":"1.1.4","hostname":"bq-api-service-deploy-sample-f448cf6ff-vvkt9","description":"This is a simple Spring Boot application to demonstrate the use of BigQuery in GCP."}
gateman@tf-vpc0-subnet0-main-server:~$ 

在多次执行的情况下, 虽然我们curl 指定是 node0 的ip , 但是实际上, 返回的hostname 是随机的, 包含其他node 的结果, 所以nodeport service 是包含Loadbalance 的功能的

NodePort, service port, target port的作用

从service 的yaml 可以看出, 当这个service 被创建后, 3个ports 出现了

分别是

nodePort: 31372

port: 32111

targetPort: 8080

其中nodePort 31372 是用于被集群外访问的端口, targetPort 是Pod 的端口 , 置于port 32111 是什么来的

其实我之前的文章已经介绍过, 这里的32111 port 是service 本身的port

https://editor.csdn.net/md/?articleId=131278799

也就是讲 service 有两个端口, 1个是被外部访问的, 另1个是service自己内部端口

其实如果我们在集群内任何台主机, 是可以同过service 的ip 和 service 的port去访问的

bash 复制代码
root@k8s-master:~/k8s-s/services# kubectl get svc bq-api-service-1
NAME               TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)           AGE
bq-api-service-1   NodePort   10.105.158.88   <none>        32111:31372/TCP   47m
root@k8s-master:~/k8s-s/services# curl 10.105.158.88:32111/actuator/info
{"app":"Sales API","version":"1.1.4","hostname":"bq-api-service-deploy-sample-f448cf6ff-tkxck","description":"This is a simple Spring Boot application to demonstrate the use of BigQuery in GCP."}

如何我们进入某个pod的容器

甚至可以用service name 和 service port 去访问

bash 复制代码
root@k8s-master:~# kubectl get pods
NAME                                           READY   STATUS    RESTARTS   AGE
bq-api-service-deploy-sample-f448cf6ff-c8zlp   1/1     Running   0          56m
bq-api-service-deploy-sample-f448cf6ff-tkxck   1/1     Running   0          56m
bq-api-service-deploy-sample-f448cf6ff-vvkt9   1/1     Running   0          56m
root@k8s-master:~# kubectl exec -it bq-api-service-deploy-sample-f448cf6ff-c8zlp -- /bin/bash
root@bq-api-service-deploy-sample-f448cf6ff-c8zlp:/app# curl http://bq-api-service-1:32111/actuator/info
{"app":"Sales API","version":"1.1.4","hostname":"bq-api-service-deploy-sample-f448cf6ff-tkxck","description":"This is a simple Spring Boot application to demonstrate the use of BigQuery in GCP."}

所以看出service port 32111 是被pod 容器内部用的

nodePort 图例

还是重新画张图加深理解

相关推荐
大熊程序猿1 小时前
K8s证书过期
云原生·容器·kubernetes
摸鱼也很难4 小时前
Docker 镜像加速和配置的分享 && 云服务器搭建beef-xss
运维·docker·容器
鸠摩智首席音效师7 小时前
Docker 中如何限制CPU和内存的使用 ?
docker·容器
Michaelwubo7 小时前
Docker dockerfile镜像编码 centos7
运维·docker·容器
好像是个likun8 小时前
使用docker拉取镜像很慢或者总是超时的问题
运维·docker·容器
暴富的Tdy10 小时前
【快速上手Docker 简单配置方法】
docker·容器·eureka
魏 无羡11 小时前
linux CentOS系统上卸载docker
linux·kubernetes·centos
Karoku06611 小时前
【k8s集群应用】kubeadm1.20高可用部署(3master)
运维·docker·云原生·容器·kubernetes
豆豆豆豆变11 小时前
docker之compose篇
docker·容器·自动化运维
凌虚13 小时前
Kubernetes APF(API 优先级和公平调度)简介
后端·程序员·kubernetes