[K8S series] In-depth analysis of Service

Enterprise 2023-05-04 18:05:49 views: null

 preamble

Don't count the days. Make the days count

Don't count the days. make life meaningful

Article tag color description:

  • Yellow : important headlines
  • Red : used to mark conclusions
  • Green : Used to mark first-level arguments
  • Blue : Used to mark secondary arguments

Kubernetes (k8s) is a container orchestration platform that allows applications and services to be run in containers. Learn about service advanced content today.

Because there have been two basic explanations before, in terms of basics, I will briefly go over them today.

Getting Started with Service Basics

Advanced Service

I hope this article will not only give you some gains, but also enjoy learning. If you have any suggestions, you can leave a message and communicate with me.

 Column introduction

This is the column where this article is located, welcome to subscribe: [In-depth analysis of k8s] column

Briefly introduce what this column will do:

It is mainly to deeply analyze each knowledge point and help everyone fully master k8s. The following are the updated chapters

This is the column introduction article address: [In-depth analysis of K8S column introduction]

1 Basic introduction

1.1 Concept introduction

Kubernetes Service is a resource object in Kubernetes used to define a logical service .

Service provides Pods with a stable IP address and DNS name so that other applications can access the service through these identifiers.

It also provides load balancing and service discovery capabilities, which can route traffic to a group of Pods with the same label.

2 Service types

There are three types of Service:

  • ClusterIP
  • NodePort
  • LoadBalancer

2.1 ClusterIP 

The ClusterIP type will create a virtual IP address that will be bound to the Service and forwarded through the proxy inside Kubernetes.

This type of service is only accessible inside the cluster and is typically used for communication between internal services .

 2.2 NodePort

The NodePort type will bind the Service to the IP address and port of each node , so that external clients can access the Service through the node's IP address and specified port.

This type of service is often used to expose applications or services outside the cluster , but is not suitable for large-scale production environments.

2.3 LoadBalancer 

The LoadBalancer type will use the cloud provider's load balancer to route traffic to the Service's Pods .

This type of service is typically used in large-scale production environments to provide high availability and load balancing capabilities .

3 Principle introduction

The principle of Kubernetes Service is implemented based on iptables and IPVS .

When creating a Service object, Kubernetes creates a virtual IP address for the Service and binds the address to an iptables rule.

When Pods need to communicate with the Service, they will send a request to the virtual IP address, and the request will be captured by the iptables rules and forwarded to the correct Pods.

  1. ClusterIP type : For a Service of ClusterIP type, the iptables rule will forward the request to the Pods matched by the Service selector .
  2. NodePort type : For a Service of NodePort type, the iptables rule will forward the request to the Service port on the corresponding node , and forward the request from the port to the Pods that match the selector.
  3. LoadBalancer type : For a Service of the LoadBalancer type, Kubernetes will create a cloud provider's load balancer and route the request to the Pods that match the selector .

For large-scale production environments, Kubernetes also supports the use of IPVS for load balancing and service discovery .

IPVS is a Linux kernel module that provides efficient load balancing and service discovery functions.

When using IPVS, Kubernetes will bind the virtual IP address of the Service to an IPVS rule, and forward the request to the Pods that match the selector, so as to achieve efficient load balancing and service discovery.

In short, Kubernetes Service implements load balancing and service discovery functions through virtual IP addresses and iptables or IPVS rules ,

A service provides Pods with a stable IP address and DNS name so that other applications can use these identifiers to access the service.

What is the difference between IPVS and iptables rules?

Both IPVS and iptables rules are functions to implement traffic control and routing in the network. Their main difference lies in their application scenarios and implementation methods .

iptables :

iptables is a module in the Linux kernel that provides a rule-based firewall and traffic control function . iptables rules can filter and forward traffic based on conditions such as source IP address , destination IP address , port number, and protocol .

In Kubernetes, iptables rules are usually used to implement the load balancing and service discovery functions of Service .

IPVS: 

IPVS is another module in the Linux kernel that provides an efficient load balancing and service discovery function . It uses a set of IPVS rules to route traffic to backend servers and supports multiple load balancing algorithms.

In Kubernetes, IPVS can be used to replace iptables rules to achieve more efficient load balancing and service discovery .

scenes to be used: 

  • IPVS: Load balancing and service discovery functions are more efficient and flexible , especially in large-scale production environments. However, it requires more configuration and administration work, as well as deeper network knowledge from the system administrator .
  • iptables: The rules are simpler and easier to use, suitable for small-scale and simple network environments.

 3 Advantages of using

As a core resource object in Kubernetes, Kubernetes Service has the following advantages:

  • Stable Service Discovery
  • Flexible load balancing
  • Supports multiple protocols and ports
  • Simplify network configuration and management
  • Automatically update service configuration

3.1 Stable service discovery

Service provides a stable IP address and DNS name for Pods, so that other applications can access the service through these identifiers without worrying about the IP address of Pods changing.

This provides a more stable service discovery function for the application , and the service address can be registered in the service discovery center, so that other applications can directly access it.

3.2 Flexible load balancing

Through Service, Kubernetes can route traffic to a group of Pods with the same label to achieve load balancing .

Service supports a variety of load balancing algorithms , such as round robin, least connection, IP hash, etc., which can be configured according to actual needs to achieve flexible load balancing strategies.

3.3 Support multiple protocols and ports

Service can support multiple protocols and ports , allowing a service to provide multiple different network access methods.

For example, a web application can provide both HTTP and HTTPS access methods.

3.4 Automatic update service configuration

When Pods fail or expand, Service can automatically update its configuration and reroute traffic to available Pods.

This helps applications automatically adapt to changing loads, improving application reliability and scalability.

3.5 Simplify network configuration and management

Using Service can simplify network configuration and management, allowing developers and operators to focus more on application development and deployment.

Service can automatically assign IP addresses and DNS names to Pods , and automatically update their configurations , thereby reducing the workload of network configuration and management.

3.6 Summary

To sum up, Kubernetes Service has the advantages of stable service discovery, flexible load balancing, multiple protocols and port support, automatic update of service configuration, and simplified network configuration and management.

It can help developers and operation and maintenance personnel more easily realize the functions of load balancing, service discovery and network management, and improve the reliability and scalability of applications.

4 Introduction

In Kubernetes, you can use the following steps to create a Service:

  1. yaml: Create a Deployment or StatefulSet object to manage the lifecycle and scaling of Pods.

  2. service: Defines a Service object for routing traffic to Pods. Services can be created manually using the kubectl create command, or they can be defined and created using YAML or JSON files.

4.1 yaml file

An example of defining and creating a Service using a YAML file:

apiVersion: v1
kind: Service #资源类型
metadata:
  name: my-service
spec:
  selector:
    app: my-app
  ports:
    - name: http
      protocol: TCP
      port: 80
      targetPort: 8080
  type: ClusterIP

In the above example,

  • Service name is my-service
  • The selector is app=my-app
  • port is 80
  • Destination port is 8080
  • The type of Service is ClusterIP, which means that the Service is only available within the cluster.

4.2 Create a Service object

Use the kubectl apply command to apply the YAML file and create a Service object.

kubectl apply -f my-service.yaml

After the Service is created, you can use the kubectl get services command to view the detailed information of the Service, such as IP address and port number.

kubectl get services

The above are the basic steps for creating a Service. According to actual needs, you can configure it according to the type, port, selector and other attributes of the Service to achieve functions such as load balancing, service discovery, and network management.

5 expansion

5.1 How does the service handle pod failures

In Kubernetes, Service can handle the failure of Pods in the following ways:

  1. Automatically update the Endpoint list : When Pods fail or expand, Kubernetes will automatically update the Endpoint list of the Service to include available Pods. The Endpoint list is part of the Service and is used to specify the backend IP address and port number of the service. When Pods fail or expand, Kubernetes will automatically update the Endpoint list to ensure that traffic is routed to available Pods.

  2. Using health checks : Kubernetes can detect the health status of Pods through Pod health checks . If a Pod fails a health check, Kubernetes marks it as unavailable and removes it from the Service's Endpoint list, avoiding routing traffic to unavailable Pods.

  3. Use Nearest Scheduling : Kubernetes can use the Nearest Scheduling strategy to route traffic to the Pods closest to the user. The nearest scheduling strategy can avoid routing traffic to failed nodes, thereby improving service reliability.

  4. Use load balancing algorithm : Kubernetes supports multiple load balancing algorithms, such as round robin, least connection, IP hash, etc. These load balancing algorithms can be configured according to actual needs, so as to achieve more reliable and flexible traffic routing strategies.

To sum up, Kubernetes Service can handle Pods failures by automatically updating the Endpoint list, using health checks, nearest scheduling, and load balancing algorithms .

These features can help ensure service reliability and availability, and improve application performance and stability.

5.2 How to configure the load balancing algorithm?

Kubernetes supports multiple load balancing algorithms, which can be configured according to actual needs. The following are the steps to configure the load balancing algorithm in Kubernetes:

Define the load balancing algorithm in the Service object. You can use the following configuration to define the load balancing algorithm:

apiVersion: v1
kind: Service #资源类型
metadata:
  name: my-service
spec:
  selector:
    app: my-app
  ports:
    - name: http
      protocol: TCP
      port: 80
      targetPort: 8080
  type: ClusterIP
  sessionAffinity: ClientIP
  sessionAffinityConfig:
    clientIP:
      timeoutSeconds: 60
  loadBalancerIP: 10.0.0.1
  loadBalancerSourceRanges:
    - 10.0.0.0/24
  externalTrafficPolicy: Cluster
  topologyKeys:
    - kubernetes.io/hostname

In the above configuration, you can configure the load balancing algorithm through attributes such as sessionAffinity, loadBalancerIP, loadBalancerSourceRanges, externalTrafficPolicy, and topologyKeys. The details are as follows:

  • sessionAffinity : Specifies the load balancing algorithm . The default value is None, which means that session affinity is not enabled. You can set sessionAffinity to ClientIP, which means load balancing based on the client IP address.

  • loadBalancerIP : Specifies the IP address of the load balancer . If loadBalancerIP is set, Kubernetes will create the load balancer with the specified IP address, otherwise it will automatically assign an IP address.

  • loadBalancerSourceRanges : Specifies the IP address ranges that are allowed to access the load balancer . Multiple IP address ranges can be specified using CIDR format.

  • externalTrafficPolicy : Specifies the policy for handling external traffic . The default value is Cluster , which means that external traffic is routed to the nodes in the cluster. You can set externalTrafficPolicy to Local, indicating that external traffic is routed to the nearest node.

  • topologyKeys : A list of keys specifying topology domains . Topological domains refer to the physical and network locations of nodes. You can use the topologyKeys property to specify how Kubernetes assigns Pods to different nodes.

Use the kubectl apply command to apply the Service configuration to update the load balancing algorithm.

kubectl apply -f my-service.yaml

After updating the Service configuration, Kubernetes will automatically update the load balancing algorithm to achieve a more reliable and flexible traffic routing strategy.

6 Summary

Kubernetes' Service is an abstraction used to define how a group of Pods are accessed. Service can provide stable network endpoints for Pods, so that other applications can access these Pods through Service.

Summarize the knowledge points of Kubernetes Service:

  1. Service type : Kubernetes supports a variety of Service types, including ClusterIP , NodePort , LoadBalancer, and ExternalName. Each service type has different uses and characteristics, and can be selected according to actual needs.

  2. Service port : Service can define one or more ports so that other applications can access Pods through these ports. Service ports can be mapped with Pod ports to implement functions such as traffic routing and load balancing.

  3. Service Selector : A Service can use a selector to select a set of Pods . Selectors can be matched based on labels on Pods to route traffic to eligible Pods.

  4. Service discovery : Service can expose the access address of Pods through DNS or environment variables . Other applications can use the Service name to access Pods without knowing the specific IP addresses of Pods.

  5. Service proxy : Kubernetes supports accessing Pods through Service proxy. The Service proxy can establish a virtual IP address between the Service and the Pod, so as to realize functions such as dynamic expansion and contraction of the Pod and load balancing.

  6. Service monitoring : Kubernetes can implement functions such as service health check and fault recovery through Service monitoring . Mechanisms such as Liveness Probe and Readiness Probe can be used to check whether the Service is running normally, and operations such as fault recovery can be automatically performed based on the inspection results.

  7. Service Security : Kubernetes can control network communication between Services through Network Policies . Network policies can be used to implement features such as more fine-grained access control and network isolation, thereby improving application security and reliability.

 7 votes

Guess you like

Origin blog.csdn.net/weixin_36755535/article/details/130242906
Recommended
Ranking
Empire cms smart tag calls four first-level recommended articles, starting from the fourth article
Linux environment installation and configuration Elasticsearch7.17
Big Data processing architecture and Lambda Kappa architecture
Explore the top of the AI large model platform - Wenxin Qianfan
Beijing car PK10 lucky airship Guanya size and value of the odd and even tips
W3B x Sui Hacker House|In-depth understanding of Sui and Move language
Know almost Ko Chan: Chinese what any decent open source software products? (Finishing from my original answer)
Comprehensively improve AD domain security authentication | Zhuyun IDaaS
Android Update Engine Analysis (24) What happened when making the downgrade package?
Spark Architecture and Operating Mechanism (1) - System Architecture
Daily
More
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)

Code World

© 2018 codetd.com