kubernetes实践之五:深入理解Service及内部DNS搭建
一.Service存在的意义:
- 防止Pod失联(服务发现)
- 定义一组Pod的访问策略(负载均衡)
- 支持ClusterIP,NodePort以及LoadBalancer三种类型
- Service的底层实现主要有iptables 和ipvs二种网络模式
二.Pod与Service的关系
- 通过label-selector相关联
- 通过Service实现Pod的负载均衡( TCP/UDP 4层)
三.Service类型
ClusterIP 默认模式,只能在集群内部访问
通过endpoints可知每一个service后端关联的pod
LoadBalancer 要配合支持公有云负载均衡使用比如GCE、AWS。其实也是NodePort,只不过会把<NodeIP>:<NodePort>自动添加到公有云的负载均衡当中
四.Service代理模式
Iptables:
• 灵活,功能强大
• 规则遍历匹配和更新,呈线性时延
• 可扩展性
ipvs(建议)
• 工作在内核态,有更好的性能
• 调度算法丰富:rr,wrr,lc,wlc,ip hash……
通过ipvsadm查看具体转发信息
# yum -y install ipvsadm
# ipvsadm -L -n
五.DNS
DNS服务监视Kubernetes API,为每一个Service创建DNS记录用于域名解析。
下载地址: https://github.com/kubernetes/kubernetes/blob/master/cluster/addons/dns/coredns/coredns.yaml.base(建议复制出来)
[root@k8s_master ~]# cat core-dns.yaml
# __MACHINE_GENERATED_WARNING__apiVersion: v1
kind: ServiceAccount
metadata:name: corednsnamespace: kube-systemlabels:kubernetes.io/cluster-service: "true"addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:labels:kubernetes.io/bootstrapping: rbac-defaultsaddonmanager.kubernetes.io/mode: Reconcilename: system:coredns
rules:
- apiGroups:- ""resources:- endpoints- services- pods- namespacesverbs:- list- watch
- apiGroups:- ""resources:- nodesverbs:- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:annotations:rbac.authorization.kubernetes.io/autoupdate: "true"labels:kubernetes.io/bootstrapping: rbac-defaultsaddonmanager.kubernetes.io/mode: EnsureExistsname: system:coredns
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: system:coredns
subjects:
- kind: ServiceAccountname: corednsnamespace: kube-system
---
apiVersion: v1
kind: ConfigMap
metadata:name: corednsnamespace: kube-systemlabels:addonmanager.kubernetes.io/mode: EnsureExists
data:Corefile: |.:53 {errorshealthkubernetes cluster.local in-addr.arpa ip6.arpa {pods insecureupstreamfallthrough in-addr.arpa ip6.arpattl 30}prometheus :9153forward . /etc/resolv.confcache 30loopreloadloadbalance}
---
apiVersion: apps/v1
kind: Deployment
metadata:name: corednsnamespace: kube-systemlabels:k8s-app: kube-dnskubernetes.io/cluster-service: "true"addonmanager.kubernetes.io/mode: Reconcilekubernetes.io/name: "CoreDNS"
spec:# replicas: not specified here:# 1. In order to make Addon Manager do not reconcile this replicas parameter.# 2. Default is 1.# 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.strategy:type: RollingUpdaterollingUpdate:maxUnavailable: 1selector:matchLabels:k8s-app: kube-dnstemplate:metadata:labels:k8s-app: kube-dnsannotations:seccomp.security.alpha.kubernetes.io/pod: 'docker/default'spec:priorityClassName: system-cluster-criticalserviceAccountName: corednstolerations:- key: "CriticalAddonsOnly"operator: "Exists"nodeSelector:beta.kubernetes.io/os: linuxcontainers:- name: corednsimage: coredns/coredns:1.3.1imagePullPolicy: IfNotPresentresources:limits:memory: 70Mirequests:cpu: 100mmemory: 70Miargs: [ "-conf", "/etc/coredns/Corefile" ]volumeMounts:- name: config-volumemountPath: /etc/corednsreadOnly: trueports:- containerPort: 53name: dnsprotocol: UDP- containerPort: 53name: dns-tcpprotocol: TCP- containerPort: 9153name: metricsprotocol: TCPlivenessProbe:httpGet:path: /healthport: 8080scheme: HTTPinitialDelaySeconds: 60timeoutSeconds: 5successThreshold: 1failureThreshold: 5readinessProbe:httpGet:path: /healthport: 8080scheme: HTTPsecurityContext:allowPrivilegeEscalation: falsecapabilities:add:- NET_BIND_SERVICEdrop:- allreadOnlyRootFilesystem: truednsPolicy: Defaultvolumes:- name: config-volumeconfigMap:name: corednsitems:- key: Corefilepath: Corefile
---
apiVersion: v1
kind: Service
metadata:name: kube-dnsnamespace: kube-systemannotations:prometheus.io/port: "9153"prometheus.io/scrape: "true"labels:k8s-app: kube-dnskubernetes.io/cluster-service: "true"addonmanager.kubernetes.io/mode: Reconcilekubernetes.io/name: "CoreDNS"
spec:selector:k8s-app: kube-dnsclusterIP: 10.0.0.2ports:- name: dnsport: 53protocol: UDP- name: dns-tcpport: 53protocol: TCP- name: metricsport: 9153protocol: TCP
下面3部分需要修改:
发布coredns
# kubectl apply -f core-dns.yaml
测试创建busybox:
# vim busybox.yaml
# kubectl apply -f busybox.yaml
# kubectl get svc
# kubectl exec -it busybox -- nslookup nginx-service
注意一个错误:
[root@k8s_master ~]# kubectl apply -f core-dns.yaml
serviceaccount/coredns created
clusterrole.rbac.authorization.k8s.io/system:coredns created
clusterrolebinding.rbac.authorization.k8s.io/system:coredns created
configmap/coredns created
service/kube-dns created
Error from server (BadRequest): error when creating "core-dns.yaml": Deployment in version "v1" cannot be handled as a Deployment: v1.Deployment.Spec: v1.DeploymentSpec.Template: v1.PodTemplateSpec.Spec: v1.PodSpec.Containers: []v1.Container: v1.Container.Resources: v1.ResourceRequirements.Requests: Limits: unmarshalerDecoder: quantities must match the regular expression '^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$', error found in #10 byte of ...|__LIMIT__"},"request|..., bigger context ...|limits":{"memory":"__PILLAR__DNS__MEMORY__LIMIT__"},"requests":{"cpu":"100m","memory":"70Mi"}},"secu|...
[root@k8s_master ~]# ls
anaconda-ks.cfg core-dns.yaml
[root@k8s_master ~]# vim core-dns.yaml
[root@k8s_master ~]# vim core-dns.yaml
[root@k8s_master ~]# kubectl apply -f core-dns.yaml
serviceaccount/coredns unchanged
clusterrole.rbac.authorization.k8s.io/system:coredns unchanged
clusterrolebinding.rbac.authorization.k8s.io/system:coredns unchanged
configmap/coredns unchanged
service/kube-dns unchanged
Error from server (BadRequest): error when creating "core-dns.yaml": Deployment in version "v1" cannot be handled as a Deployment: v1.Deployment.Spec: v1.DeploymentSpec.Template: v1.PodTemplateSpec.Spec: v1.PodSpec.Containers: []v1.Container: v1.Container.Resources: v1.ResourceRequirements.Requests: Limits: unmarshalerDecoder: quantities must match the regular expression '^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$', error found in #10 byte of ...|y":"500m_"},"request|..., bigger context ...|":"HTTP"}},"resources":{"limits":{"memory":"500m_"},"requests":{"cpu":"100m","memory":"70Mi"}},"secu|...
[root@k8s_master ~]# vim core-dns.yaml
[root@k8s_master ~]# kubectl apply -f core-dns.yaml
serviceaccount/coredns unchanged
clusterrole.rbac.authorization.k8s.io/system:coredns unchanged
clusterrolebinding.rbac.authorization.k8s.io/system:coredns unchanged
configmap/coredns unchanged
service/kube-dns unchanged
The Deployment "coredns" is invalid: spec.template.spec.containers[0].resources.requests: Invalid value: "70Mi": must be less than or equal to memory limit
[root@k8s_master ~]# vim core-dns.yaml
[root@k8s_master ~]# vim core-dns.yaml
[root@k8s_master ~]# kubectl apply -f core-dns.yaml
serviceaccount/coredns unchanged
clusterrole.rbac.authorization.k8s.io/system:coredns unchanged
clusterrolebinding.rbac.authorization.k8s.io/system:coredns unchanged
configmap/coredns unchanged
deployment.apps/coredns created
service/kube-dns unchanged
[root@k8s_master ~]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-5d98545558-kjpg9 0/1 Running 0 15s
kubernetes-dashboard-6c9b7b8f6c-bdjnz 1/1 Running 0 138m
kubernetes实践之五:深入理解Service及内部DNS搭建相关推荐
- Kubernetes系列之五:使用yaml文件创建service向外暴露服务
系列链接 Kubernetes系列之一:在Ubuntu上快速搭建一个集群Demo Kubernetes系列之二:将Slave节点加入集群 Kubernetes系列之三:部署你的第一个应用程序到k8s集 ...
- 《Kubernetes权威指南:从Docker到Kubernetes实践全接触》读书笔记
写在前面 之前简单的了解过,但是机器的原因,只有单机,因为安装Docker的原因,本机VM上的红帽节点起不来了.懂得不多,视频上都是多节点的,所以教学视屏上的所以Demo没法搞. 前些时间公司的一个用 ...
- 学习笔记之-Kubernetes(K8S)介绍,集群环境搭建,Pod详解,Pod控制器详解,Service详解,数据存储,安全认证,DashBoard
笔记来源于观看黑马程序员Kubernetes(K8S)教程 第一章 kubernetes介绍 应用部署方式演变 在部署应用程序的方式上,主要经历了三个时代: 传统部署:互联网早期,会直接将应用程序部署 ...
- TalkingData的Spark On Kubernetes实践
众所周知,Spark是一个快速.通用的大规模数据处理平台,和Hadoop的MapReduce计算框架类似.但是相对于MapReduce,Spark凭借其可伸缩.基于内存计算等特点,以及可以直接读写Ha ...
- 基于 Kubernetes 实践弹性的 CI/CD 系统
大家好,我是来自阿里云容器服务团队的华相.首先简单解释一下何为 Kubernetes 来帮助大家理解.Kuberentes 是一个生产可用的容器编排系统.Kuberentes 一方面在集群中把所有 N ...
- 基于 Kubernetes 实践弹性的 CI/CD 系统 1
大家好,我是来自阿里云容器服务团队的华相.首先简单解释一下何为 Kubernetes 来帮助大家理解.Kuberentes 是一个生产可用的容器编排系统.Kuberentes 一方面在集群中把所有 N ...
- kubernetes集群内部DNS解析原理
kubernetes集群内部DNS解析原理 当kubernetes初始化完成后,在kube-system名称空间下会出现kube-dns的service服务与coredns的pod $ kubectl ...
- TOP100summit分享实录 | JFrog高欣:Kubernetes is hard!JFrog的Kubernetes实践 1
本文内容节选自由msup主办的第七届TOP100summit,JFrog架构师高欣分享的<Kubernetes is hard!JFrog的Kubernetes实践>实录. 本文为JFro ...
- DockOne微信分享(一八三):滴滴弹性云Kubernetes实践...
当前Kubetnetes已经成为容器编排领域事实的行业标准,越来越多的公司选择使用Kubernetes来搭建其容器云平台.本次分享主要介绍滴滴弹性云在围绕Kubernetes打造企业级私有云过程中的一 ...
最新文章
- 如何保证数据库服务器的安全性
- 三大主流软件负载均衡器(LVS、Nginx、HAproxy) 与商业SLB比较
- python获取剪切板内容_如何从python中读取(windows)剪贴板中的文本?
- 去除List集合中的重复值(四种好用的方法)
- mysql5.5主从同步复制配置
- 对话 SmartX:领跑超融合中高端市场之道——用专注加专业构筑企业云基础
- mysql图片数据类型_Mysql数据类型简介(大概了解)
- linux添加ctrl c,Linux ctrl-c explained(ctrl-c 详解)
- zul使用java_zk中zul页面中组件的id和java类中的变量绑定实现
- 走向Java架构师之路:成为架构师要掌握的8大能力
- EndNote 高校_再也不用苦苦寻找EndNote安装包~【EndNote网页版】
- 如何在电脑上开启2个微信(如何进行应用分身)
- 转载:Fiddler 教程
- python教程cos_Python爬虫入门教程 12-100 半次元COS图爬取
- laravel结合easyWeChat的使用
- 中国电压力锅市场盈利前景与未来发展趋势研究报告2022版
- 基于JPEG压缩编码的数据压缩算法的研究与实现(转)
- 从微信公众号获取关注名单
- 使用 Bud and Go 构建全栈应用程序
- 如何将本地的项目推送至git仓库