%22%20d%3D%22M349.8%2C120c-0.4%2C0-0.7%2C0-1.1%2C0c-5.8%2C0.1-7.4%2C7.9-2.2%2C10.3c39.8%2C18.2%2C67.6%2C58.4%2C67.6%2C104.9%0A%09c0%2C24.2-7.4%2C47.3-21.5%2C67c-4.5%2C6.3-9.4%2C12.1-14.2%2C17.7c-14.6%2C17.1-27.2%2C31.9-27.2%2C60v52.4c0%2C16.5-4.4%2C29.1-13.3%2C38.6%0A%09c-0.1%2C0.1-0.3%2C0.3-0.4%2C0.4c-6.6%2C6.7-4.6%2C18%2C4%2C21.7c3.1%2C1.3%2C5.9%2C2.1%2C8.2%2C2.1c11.3%2C0%2C33.5-18.4%2C39-24.2c9-9.5%2C13.3-22.1%2C13.3-38.6%0A%09v-52.4c0-28.1%2C12.6-42.9%2C27.2-60c4.7-5.6%2C9.6-11.3%2C14.2-17.7c14.1-19.8%2C21.6-43.1%2C21.5-67.5C464.8%2C171%2C413.6%2C120%2C349.8%2C120z%22%3E%3C%2Fpath%3E%0A%3Cpath%20d%3D%22M349.8%2C112c-67.9%2C0-123.2%2C55.3-123.2%2C123.2c0%2C25.9%2C7.9%2C50.7%2C23%2C71.6c4.8%2C6.7%2C10%2C12.8%2C14.6%2C18.2%0A%09c14.1%2C16.6%2C25.3%2C29.7%2C25.3%2C54.9v52.4c0%2C18.6%2C5.1%2C33.1%2C15.5%2C44.1c3.9%2C4.2%2C28.9%2C26.7%2C44.9%2C26.7c16%2C0%2C40.9-22.6%2C44.8-26.7%0A%09c10.4-11%2C15.5-25.5%2C15.5-44.1v-52.4c0-0.3%2C0-0.6%2C0-1c0.1-0.5%2C0.2-1.1%2C0.2-1.6c0-0.4%2C0-0.8-0.1-1.1c1.1-22.7%2C11.8-35.4%2C25.2-51.1%0A%09l0.1-0.2c4.8-5.6%2C9.8-11.5%2C14.4-18c15-21%2C23-45.8%2C23-71.6C473.1%2C167.3%2C417.8%2C112%2C349.8%2C112z%20M437.1%2C297.5c-4.3%2C6-9%2C11.6-13.6%2C17%0A%09l-0.1%2C0.2c-13.2%2C15.5-25.7%2C30.2-28.5%2C54.6h-44.5c-4.4%2C0-8%2C3.6-8%2C8s3.6%2C8%2C8%2C8h43.9v47c0%2C0.4%2C0%2C0.8%2C0%2C1.2h-43.9c-4.4%2C0-8%2C3.6-8%2C8%0A%09s3.6%2C8%2C8%2C8H392c-1.8%2C6.3-4.8%2C11.6-8.9%2C15.9c-6.8%2C7.2-26.4%2C21.7-33.2%2C21.7c-6.8%2C0-26.5-14.6-33.2-21.7c-7.5-7.9-11.1-18.8-11.1-33.1%0A%09v-52.4c0-31.1-14.2-47.7-29.1-65.3c-4.6-5.4-9.4-11-13.8-17.1c-13.1-18.3-20-39.8-20-62.3c0-59.1%2C48.1-107.2%2C107.2-107.2%0A%09s107.2%2C48.1%2C107.2%2C107.2C457.1%2C257.7%2C450.2%2C279.3%2C437.1%2C297.5z%20M203.3%2C265.5c0%2C4.4-3.6%2C8-8%2C8h-67.8c-4.4%2C0-8-3.6-8-8s3.6-8%2C8-8h67.8%0A%09C199.7%2C257.5%2C203.3%2C261.1%2C203.3%2C265.5z%20M504.7%2C120.6l-18.9%2C18.9c-1.6%2C1.6-3.6%2C2.3-5.7%2C2.3s-4.1-0.8-5.7-2.3c-3.1-3.1-3.1-8.2%2C0-11.3%0A%09l18.9-18.9c3.1-3.1%2C8.2-3.1%2C11.3%2C0C507.8%2C112.4%2C507.8%2C117.5%2C504.7%2C120.6z%20M225.8%2C135c-1.6%2C1.6-3.6%2C2.3-5.7%2C2.3s-4.1-0.8-5.7-2.3%0A%09l-47.9-47.9c-3.1-3.1-3.1-8.2%2C0-11.3c3.1-3.1%2C8.2-3.1%2C11.3%2C0l47.9%2C47.9C228.9%2C126.8%2C228.9%2C131.9%2C225.8%2C135z%20M500.8%2C407.7%0A%09c3.1%2C3.1%2C3.1%2C8.2%2C0%2C11.3c-1.6%2C1.6-3.6%2C2.3-5.7%2C2.3c-2%2C0-4.1-0.8-5.7-2.3L460%2C389.5c-3.1-3.1-3.1-8.2%2C0-11.3c3.1-3.1%2C8.2-3.1%2C11.3%2C0%0A%09L500.8%2C407.7z%20M341.8%2C82.6V14.8c0-4.4%2C3.6-8%2C8-8s8%2C3.6%2C8%2C8v67.8c0%2C4.4-3.6%2C8-8%2C8S341.8%2C87%2C341.8%2C82.6z%22%3E%3C%2Fpath%3E%0A%3Cpath%20d%3D%22M154.6%2C440.2c-4.9-1.1-9.7%2C2-10.7%2C6.9c-1.1%2C4.9%2C2%2C9.7%2C6.9%2C10.7c0.6%2C0.1%2C1.3%2C0.2%2C1.9%2C0.2c1.7%2C0%2C3.4-0.5%2C4.9-1.4%0A%09c2-1.3%2C3.4-3.3%2C3.9-5.7c0.5-2.4%2C0.1-4.8-1.2-6.8C159%2C442.1%2C157%2C440.7%2C154.6%2C440.2z%20M275.1%2C67c-4.9-1.1-9.7%2C2-10.7%2C6.9%0A%09c-1.1%2C4.9%2C2%2C9.7%2C6.9%2C10.7c0.6%2C0.1%2C1.3%2C0.2%2C1.9%2C0.2c4.2%2C0%2C7.9-2.9%2C8.8-7.1C283.1%2C72.9%2C280%2C68.1%2C275.1%2C67z%20M41.6%2C274.3%0A%09c0.6%2C0.1%2C1.3%2C0.2%2C1.9%2C0.2c1.7%2C0%2C3.4-0.5%2C4.9-1.4c2-1.3%2C3.4-3.3%2C3.9-5.7c0.5-2.4%2C0.1-4.8-1.2-6.8c-1.3-2-3.3-3.4-5.7-3.9%0A%09c-4.9-1.1-9.7%2C2-10.7%2C6.9C33.6%2C268.4%2C36.7%2C273.3%2C41.6%2C274.3z%20M199.7%2C194.9c2-1.3%2C3.4-3.3%2C3.9-5.7c1.1-4.9-2-9.7-6.9-10.7%0A%09c-2.4-0.5-4.8-0.1-6.8%2C1.2c-2%2C1.3-3.4%2C3.3-3.9%2C5.7c-0.5%2C2.4-0.1%2C4.8%2C1.2%2C6.8c1.3%2C2%2C3.3%2C3.4%2C5.7%2C3.9c0.6%2C0.1%2C1.3%2C0.2%2C1.9%2C0.2%0A%09C196.5%2C196.3%2C198.2%2C195.8%2C199.7%2C194.9z%20M130.3%2C394.4c0%2C4.4-3.6%2C8-8%2C8c-11.4%2C0-20.8%2C9.3-20.8%2C20.8c0%2C4.4-3.6%2C8-8%2C8s-8-3.6-8-8%0A%09c0-20.3%2C16.5-36.8%2C36.8-36.8C126.7%2C386.4%2C130.3%2C390%2C130.3%2C394.4z%20M80.3%2C423.2c0%2C4.4-3.6%2C8-8%2C8s-8-3.6-8-8c0-11.4-9.3-20.8-20.8-20.8%0A%09c-4.4%2C0-8-3.6-8-8s3.6-8%2C8-8C63.8%2C386.4%2C80.3%2C402.9%2C80.3%2C423.2z%20M80.3%2C344.4c0%2C20.3-16.5%2C36.8-36.8%2C36.8c-4.4%2C0-8-3.6-8-8s3.6-8%2C8-8%0A%09c11.4%2C0%2C20.8-9.3%2C20.8-20.8c0-4.4%2C3.6-8%2C8-8S80.3%2C340%2C80.3%2C344.4z%20M130.3%2C373.2c0%2C4.4-3.6%2C8-8%2C8c-20.3%2C0-36.8-16.5-36.8-36.8%0A%09c0-4.4%2C3.6-8%2C8-8s8%2C3.6%2C8%2C8c0%2C11.4%2C9.3%2C20.8%2C20.8%2C20.8C126.7%2C365.2%2C130.3%2C368.8%2C130.3%2C373.2z%20M54.4%2C145l11.2-11.2l-11.2-11.2%0A%09c-3.1-3.1-3.1-8.2%2C0-11.3c3.1-3.1%2C8.2-3.1%2C11.3%2C0l11.2%2C11.2L88%2C111.4c3.1-3.1%2C8.2-3.1%2C11.3%2C0c3.1%2C3.1%2C3.1%2C8.2%2C0%2C11.3l-11.2%2C11.2%0A%09L99.3%2C145c3.1%2C3.1%2C3.1%2C8.2%2C0%2C11.3c-1.6%2C1.6-3.6%2C2.3-5.7%2C2.3s-4.1-0.8-5.7-2.3l-11.2-11.2l-11.2%2C11.2c-1.6%2C1.6-3.6%2C2.3-5.7%2C2.3%0A%09c-2%2C0-4.1-0.8-5.7-2.3C51.3%2C153.2%2C51.3%2C148.1%2C54.4%2C145z%20M469.4%2C54.2c0%2C4.4-3.6%2C8-8%2C8h-3.9v3.9c0%2C4.4-3.6%2C8-8%2C8s-8-3.6-8-8v-3.9h-3.9%0A%09c-4.4%2C0-8-3.6-8-8s3.6-8%2C8-8h3.9v-3.9c0-4.4%2C3.6-8%2C8-8s8%2C3.6%2C8%2C8v3.9h3.9C465.8%2C46.2%2C469.4%2C49.7%2C469.4%2C54.2z%20M234%2C358.8%0A%09c0%2C4.4-3.6%2C8-8%2C8h-3.9v3.9c0%2C4.4-3.6%2C8-8%2C8s-8-3.6-8-8v-3.9h-3.9c-4.4%2C0-8-3.6-8-8s3.6-8%2C8-8h3.9v-3.9c0-4.4%2C3.6-8%2C8-8s8%2C3.6%2C8%2C8%0A%09v3.9h3.9C230.5%2C350.8%2C234%2C354.4%2C234%2C358.8z%22%3E%3C%2Fpath%3E%0A%3Cg%3E%0A%09%3Cpath%20fill%3D%22%23F55555%22%20class%3D%22secondary-color%22%20d%3D%22M9.4%2C48.7V26.9h250v21.8H9.4z%20M259.4%2C495.1v-21.8H9.4v21.8H259.4z%22%3E%3C%2Fpath%3E%0A%09%3Cpath%20fill%3D%22%23FCCF31%22%20class%3D%22primary-color%22%20d%3D%22M197.5%2C453.7l60.9-60.9v60.9H197.5z%22%3E%3C%2Fpath%3E%0A%3C%2Fg%3E%0A%3C%2Fsvg%3E)
Kubernetes: ResourcePod 在提供服务时有一些问题:
- Pod 不是永久的,可能会被销毁或者调度走
- Client 可能不知道 pod 的 IP 端口
- 提供同个服务的 pod 可以有很多个
因此需要有个固定的方式来访问 pod 中的服务。k8s 的 service 资源提供了这样的能力。
基础
Service 类似 pod,rc 等,是 k8s 中的一种资源。指定一个 YAML 或者使用 kubectl expose 来创建它。
Service 在其整个生命周期,有固定的 IP 和 端口。Client 连接到 service 的 IP 端口即可访问其后的 pod。Service 会做负载均衡。
Service 的 YAML,通过 selector 来指定其转发到哪些 pod 上:
apiVersion: v1
kind: Service
metadata:
name: kubia
spec:
ports:
- port: 80 # 访问该 service 的 80 端口时,
targetPort: 8080 # 请求会被转发到 pod 的 8080 端口
selector:
app: kubia 可以设置同一个 client 的多次请求都走向同一个 pod:
apiVersion: v1
kind: Service
spec:
sessionAffinity: ClientIP
# ...可以转发到 pod 中的多个端口:
apiVersion: v1
kind: Service
metadata:
name: kubia
spec:
ports: # 多个 port 结构
- name: http
port: 80
targetPort: 8080
- name: https
port: 443
targetPort: 8443
selector:
app: kubiatargetPort 可以使用 pod 定义中的端口名字,方便 pod 更换端口号:
kind: Pod
spec:
containers:
- name: kubia
ports:
- name: http # 8080 端口的名字为 http
containerPort: 8080
- name: https
containerPort: 8443apiVersion: v1
kind: Service
spec:
ports:
- name: http
port: 80
targetPort: http # 使用端口名来指向 pod 定义中的 8080 端口
- name: https
port: 443
targetPort: https 集群中的其他 pod 如何得知某 service 的 IP 端口?
k8s 提供了两种方式:环境变量 和 DNS 服务:
环境变量比较鸡肋,pod 只能看到在它启动之前已经存在的 service;后面创建的 service 不行。
DNS 服务是合适的。比如你要查 default 命名空间下的 backend-database service 的 IP,你可以通过 DNS 查询这个 FQDN 的 A / AAAA 纪录来获得 IP:
backend-database.default.svc.cluster.local你也可以省略掉 svc.cluster.local,只使用 backend-database.default。如果发起请求的 pod 也在同个命名空间(default),那只使用 backend-database 来查询也是可以的。
kube-dns 也提供了 SRV 类型的 DNS 查询,可以查到端口。但不是很常用。请求方可能要提前知道 service 的端口(比如通过约定使用常用的 80 / 443)。
内部实现上,k8s 会修改容器中的 /etc/resolv.conf 使其指向 kube-dns pod 所提供的 DNS 服务。kube-dns 本身也是一个 service,可以通过 kubectl get service -n kube-system 观察。
Service Endpoints
Endpoints 是 k8s 的另一种资源。当创建 service 时,k8s 会解析并监视被 service 选中的 pod,将其 IP 和端口存入其新建的同名 endpoints 中,比如:
$ kubectl describe svc kubia
Name: kubia
Namespace: default
Labels: <none>
Selector: app=kubia
Type: ClusterIP
IP: 10.111.249.153
Port: <unset> 80/TCP
Endpoints: 10.108.1.4:8080,10.108.2.5:8080,10.108.2.6:8080 # kubia service 对应的 endpoints
Session Affinity: None创建 kubia service 时会同时建立的 kubia endpoints:
$ kubectl get endpoints kubia
NAME ENDPOINTS AGE
kubia 10.108.1.4:8080,10.108.2.5:8080,10.108.2.6:8080 1h每当有新的 pod 满足 service 的 selector,或者有已有 pod 不再满足时,k8s 会监视到这部分变化并更新对应的 endpoints 结构。每当访问 service IP 端口时,k8s 会从 endpoints 中选择一个 pod 的 IP 端口进行转发。
如何使 service 指向外部服务(而不是集群内 pod)?
第一种方法叫 headless service,即没有 selector 的 service。
如果你创建 service 时不指定 selector,k8s 不会帮你自动创建 endpoints。此时你再手工创建同名 endpoints,使其 IP 端口列表指向你想访问的外部服务即可。过程如下:
- 创建一个没有 selector 的 service:
apiVersion: v1 kind: Service metadata: name: external-service spec: ports: - port: 80 - 再创建一个同名 endpoints:
apiVersion: v1 kind: Endpoints metadata: name: external-service subsets: - addresses: # 外部服务的 IP 端口列表 - ip: 11.11.11.11 - ip: 22.22.22.22 ports: - port: 80
第二种方法是使用 ExternalName 的 service 类型:
apiVersion: v1
kind: Service
metadata:
name: external-service
spec:
type: ExternalName
externalName: someapi.somecompany.com
ports:
- port: 80如何使集群外可以访问 service?
默认的 service 类型是 ClusterIP,生成的 IP 只能在集群内被访问。Service 还有其他类型:
- NodePort:可以用集群内所有的 node 上的某个端口来访问此 service。这样外部服务可以访问任一 node 的 node port 来访问 service。缺点明显,某一 node 可能不可用,此时外部访问就失败了。同时要留意 node 机器上的防火墙策略
- LoadBalancer:这种需要你的容器服务厂商支持,比如 GKE。应用此类型后,会在 NodePort 基础上又新建一个外网可访问的负载均衡 IP(比如在 Google Cloud 中会新建一个 load balancer,公网 IP 会收费)。这样外部服务可以通过此 IP 来访问
但 最合理的方式是使用 ingress controller,也需要你的容器服务支持。Ingress controller 类似 nginx,提供了 7 层的负载均衡,可以在 HTTP 层做路由等:
创建一个 ingress controller 类似这样:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: kubia
spec:
rules:
- host: kubia.example.com
http:
paths:
- path: /
backend:
serviceName: kubia-nodeport
servicePort: 80 对比 LoadBalaner 的好处是:
- LoadBalancer 模式中每个 service 都需要一个单独的公网 IP;但是 ingress controller 可以用一个公网 IP,将请求路由到多个 service
- 可以在 ingress controller 上 配置 TLS,使外部请求通过 HTTPS 进来;而 ingress controller 转发给 pod 的请求可以只走 HTTP
另外,ingress 不会转发请求给 service;它只是通过 service 来找到对应的 pod。
如何判断某 pod 是否可以接受请求?
见 Kubernetes: Resource: Pod 中的 readinessProbe 一节。
如何同时请求某个 service 下的多个 pod?
将 ClusterIP 设为 None,使得查询 service 的 DNS 请求返回的不再是 service 的 IP,而是底下所有 pod 的 IP:
apiVersion: v1
kind: Service
metadata:
name: kubia-headless
spec:
clusterIP: None # 配置这里
ports:
- port: 80
targetPort: 8080
selector:
app: kubia这样你可以对所有 pod 同时发请求。
出错时的定位方法
如果你请求某个 service 失败了,这样定位:
- 确定请求发起方是在集群内,而不是集群外
- 不要 ping service IP,没有用
- 如果定义了 readiness probe,看看它成功了吗
- 用
kubectl get endpoints看看该 service 的 pod 列表 - 如果你是用 service 的域名来访问的话,试试直接访问 service 的 ClusterIP 能否成功
- 确认下你访问的端口号是不是 service 的端口号(而不是 pod 的端口号)
- 直接访问 pod 的 IP 端口试试;如果不能访问,看看 pod 中的服务是不是监听在 localhost 上了(localhost 不能被 pod 外访问)