Service有userspace、iptables、ipvs三种工作模式,可在配置文件/etc/sysconfig/kubelet中添加配置参数KUBE_PROXY_MODE=ipvs来改变kubernetes的工作模式(后续版本版本此配置路径可能发生更改,可以用rpm -ql kubelet来查看配置文件路径);ExternalName, ClusterIP, NodePort, and LoadBalancer五种service类型type,默认为ClusterIP;port、targetPort、nodePort三种端口选项,若使用NodePort类型,使用nodePort才生效。
实例:
apiVersion: v1
kind: Service
metadata:
name: redis
namespace: default
spec:
selector:
app: redis
role: logstor
clusterIP: 10.97.97.97
type: ClusterIP
ports:
- port: 6379
targetPort: 6379
默认clusterIP系统会自动分配,为了不造成IP冲突可以不指定,让系统自动分配;如果clusterIP设置为None,即没有service IP地址,直接调用pod的IP地址。
service配置清单spec主要包含如下选项:
[root@master1 yaml]# kubectl explain service.spec
KIND: Service
VERSION: v1
RESOURCE: spec
DESCRIPTION:
Spec defines the behavior of a service.
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
ServiceSpec describes the attributes that a user creates on a service.
FIELDS:
clusterIP
clusterIP is the IP address of the service and is usually assigned randomly
by the master. If an address is specified manually and is not in use by
others, it will be allocated to the service; otherwise, creation of the
service will fail. This field can not be changed through updates. Valid
values are "None", empty string (""), or a valid IP address. "None" can be
specified for headless services when proxying is not required. Only applies
to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is
ExternalName. More info:
https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
externalIPs
externalIPs is a list of IP addresses for which nodes in the cluster will
also accept traffic for this service. These IPs are not managed by
Kubernetes. The user is responsible for ensuring that traffic arrives at a
node with this IP. A common example is external load-balancers that are not
part of the Kubernetes system.
externalName
externalName is the external reference that kubedns or equivalent will
return as a CNAME record for this service. No proxying will be involved.
Must be a valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and
requires Type to be ExternalName.
externalTrafficPolicy
externalTrafficPolicy denotes if this Service desires to route external
traffic to node-local or cluster-wide endpoints. "Local" preserves the
client source IP and avoids a second hop for LoadBalancer and Nodeport type
services, but risks potentially imbalanced traffic spreading. "Cluster"
obscures the client source IP and may cause a second hop to another node,
but should have good overall load-spreading.
healthCheckNodePort
healthCheckNodePort specifies the healthcheck nodePort for the service. If
not specified, HealthCheckNodePort is created by the service api backend
with the allocated nodePort. Will use user-specified nodePort value if
specified by the client. Only effects when Type is set to LoadBalancer and
ExternalTrafficPolicy is set to Local.
ipFamily
ipFamily specifies whether this Service has a preference for a particular
IP family (e.g. IPv4 vs. IPv6). If a specific IP family is requested, the
clusterIP field will be allocated from that family, if it is available in
the cluster. If no IP family is requested, the cluster's primary IP family
will be used. Other IP fields (loadBalancerIP, loadBalancerSourceRanges,
externalIPs) and controllers which allocate external load-balancers should
use the same IP family. Endpoints for this Service will be of this family.
This field is immutable after creation. Assigning a ServiceIPFamily not
available in the cluster (e.g. IPv6 in IPv4 only cluster) is an error
condition and will fail during clusterIP assignment.
loadBalancerIP
Only applies to Service Type: LoadBalancer LoadBalancer will get created
with the IP specified in this field. This feature depends on whether the
underlying cloud-provider supports specifying the loadBalancerIP when a
load balancer is created. This field will be ignored if the cloud-provider
does not support the feature.
loadBalancerSourceRanges
If specified and supported by the platform, this will restrict traffic
through the cloud-provider load-balancer will be restricted to the
specified client IPs. This field will be ignored if the cloud-provider does
not support the feature." More info:
https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/
ports
The list of ports that are exposed by this service. More info:
https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
publishNotReadyAddresses
publishNotReadyAddresses, when set to true, indicates that DNS
implementations must publish the notReadyAddresses of subsets for the
Endpoints associated with the Service. The default value is false. The
primary use case for setting this field is to use a StatefulSet's Headless
Service to propagate SRV records for its Pods without respect to their
readiness for purpose of peer discovery.
selector
Route service traffic to pods with label keys and values matching this
selector. If empty or not present, the service is assumed to have an
external process managing its endpoints, which Kubernetes will not modify.
Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if
type is ExternalName. More info:
https://kubernetes.io/docs/concepts/services-networking/service/
sessionAffinity
Supports "ClientIP" and "None". Used to maintain session affinity. Enable
client IP based session affinity. Must be ClientIP or None. Defaults to
None. More info:
https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
sessionAffinityConfig
sessionAffinityConfig contains the configurations of session affinity.
topologyKeys
topologyKeys is a preference-order list of topology keys which
implementations of services should use to preferentially sort endpoints
when accessing this Service, it can not be used at the same time as
externalTrafficPolicy=Local. Topology keys must be valid label keys and at
most 16 keys may be specified. Endpoints are chosen based on the first
topology key with available backends. If this field is specified and all
entries have no backends that match the topology of the client, the service
has no backends for that client and connections should fail. The special
value "*" may be used to mean "any topology". This catch-all value, if
used, only makes sense as the last value in the list. If this is not
specified or empty, no topology constraints will be applied.
type
type determines how the Service is exposed. Defaults to ClusterIP. Valid
options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
"ExternalName" maps to the specified externalName. "ClusterIP" allocates a
cluster-internal IP address for load-balancing to endpoints. Endpoints are
determined by the selector or if that is not specified, by manual
construction of an Endpoints object. If clusterIP is "None", no virtual IP
is allocated and the endpoints are published as a set of endpoints rather
than a stable IP. "NodePort" builds on ClusterIP and allocates a port on
every node which routes to the clusterIP. "LoadBalancer" builds on NodePort
and creates an external load-balancer (if supported in the current cloud)
which routes to the clusterIP. More info:
https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
kubectl patch svc myapp -p ‘{“spec”:{“sessionAffinity”:”ClientIP”}}’: 打补丁设置sessionAffinity为ClientIP后 ,是pod资源仅运行在某个node上面