In the previous articles, we learned some commands for kubeadm and kubectl, and we also learned how to use and configure Deployment, Service, and ReplicaSet. This article mainly introduces how to configure the network to allow external access to the cluster.
Before we begin, you need to deploy the cluster and the nginx application based on the processes detailed in the articles Introduction to Kubernetes (6): Deployment Tutorial in CKAD Certification and Introduction to Kubernetes (7): Application Deployment Examples, Deployment, Service, ReplicaSet.
Querying Services
For information about Services, readers can refer to the official documentation: https://kubernetes.io/zh/docs/concepts/services-networking/service/
A Service is an abstraction method in k8s that exposes network services for multiple pods. In k8s, each pod has its own IP address, and a Service can provide the same DNS for a group of pods, allowing them to communicate with each other, and k8s can load balance traffic among these pods.
Querying pods:
kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-585449566-d2fdc 1/1 Running 0 4h14m
nginx-585449566-krsch 1/1 Running 0 67m
nginx-585449566-l2j6h 1/1 Running 0 67m
Viewing Services:
kubectl get services
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 29h
nginx ClusterIP 10.101.245.225 <none> 80/TCP 4h19m
You can use kubectl exec {pod name} {command to execute} to run a command inside a pod. Here, we can print the environment variables of a specific pod.
kubectl exec nginx-585449566-d2fdc -- printenv
# or
# kubectl exec nginx-585449566-d2fdc env
... ...
KUBERNETES_PORT=tcp://10.96.0.1:443
KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443
KUBERNETES_PORT_443_TCP_PROTO=tcp
KUBERNETES_PORT_443_TCP_PORT=443
KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1
NGINX_VERSION=1.19.10
... ...
External Service Types
In k8s, you can expose a Service to the outside of the cluster, allowing external access to this Service via an IP. A Service has a ServiceType that allows us to specify how the service is exposed.
There are three types for Type, as follows:
-
ClusterIP
Exposes the service via an internal IP within the cluster, meaning that it can only be accessed internally. ClusterIP is the default value for ServiceType.
-
NodePort
Exposes the service via the IP of each node and a static port (NodePort). Since it is on the nodes, it allows access to this service from outside the cluster.
-
LoadBalancer
Exposes the service externally using the cloud provider's load balancer. The external load balancer can route traffic to the automatically created NodePort and ClusterIP services.
-
ExternalName
Maps the service to the contents of the externalName field (e.g., foo.bar.example.com) by returning a CNAME and the corresponding value.
【Image Source: https://blog.csdn.net/yang75108/article/details/101101384】
Configuring ServiceType
We delete the Service that was created via expose when we deployed nginx earlier.
kubectl delete service nginx
Then we recreate the service.
kubectl expose deployment nginx --type=LoadBalancer
Query Service (kubectl get services):
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 29h
nginx LoadBalancer 10.97.249.37 <pending> 80:31036/TCP 30s
Here, let's clarify some details regarding the ports.
A Service applies to one or multiple Pods and exposes the same port for a group of pods. This means that the pods within the same Service cannot have different ports set. Furthermore, in our previous Service, it was created for an nginx Deployment, and we set it up with a replica set, so their ports are consistent.
A Service does not directly map the ports exposed by the pods to the public network; by default, Services map ports in the range of 30000-32767 for us. Therefore, on the author's server, 31036 (outside) is mapped to 80 (inside).
At this point, the services within the Service can already be accessed directly via the public network. If you aren't sure of the server's public IP, you can query it using the command:
curl ifconfig.io
Then you can access it at http://x.x.x.x:31036.
When using LoadBalancer to expose services to the external network of the cluster, what we access is actually the Service, not a specific pod, and then the Service will redirect traffic to the backend pods. This depends on the actual environment and cloud provider's support.
Scaling the Number
The kubectl scale command can be used to scale the number of pods in a Deployment, ReplicaSet, Replication Controller, or Job. We have already employed this in the previous section. Here, we will continue to use this command to scale the number of nginx replicas and observe the results of accessing the Service from the external network.
Now, let's set the number of our nginx replicas to 0.
kubectl scale deployment nginx --replicas=0
Then, when we try to access the public port 31036 (the specific port you looked up), we find it is inaccessible because the number of pods is 0, and the Service cannot find a pod to provide the service.
If we set the ReplicaSet count to 1 or more, it will be accessible again.
kubectl scale deployment nginx --replicas=2
Summary of the Stage
Up to this point, we have completed a small stage of our learning; we can create a cluster, add new Nodes, deploy pods, expose public IPs for external access, and provide multiple replicas for load balancing. Next, let's summarize the tools and commands we have learned, and further studies will be based on these foundations.
-
kubeadm
kubeadm init,kubeadm joinfor creating a cluster and joining nodes. -
kubectl
The principle of kubectl is to request the apiserver to complete certain operations. In daily operations, kubectl is the most commonly used.
kubectl create {object}to create deployment, job, etc.kubectl apply -fto apply yaml files and complete certain operations.kubectl get {object}to query objects.kubectl scale {object}to adjust the number of objects (ReplicaSet).kubectl exposeto create a Service.kubectl describeto get detailed information about an object.kubectl execto execute commands in an object, such as a pod.
文章评论