一、service是什么

业务的访问入口， 类似于反向代理的作用
同时带有负载均衡

通过标签选择器在service和后端的pod间建立对应关系

[root@k8s-master ~]# kubectl get svc -A
NAMESPACE     NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)                  AGE
default       kubernetes   ClusterIP   10.96.0.1    <none>        443/TCP                  122d
kube-system   kube-dns     ClusterIP   10.96.0.10   <none>        53/UDP,53/TCP,9153/TCP   122d

1、服务的命名格式

服务名称.命名空间.svc.域名

示例: 在web命名空间，服务名称test-service
test-service.web.svc.cluster.local

支持简写

2、服务发现

在k8s集群中创建服务时，会自动联系kube-dns服务注册自己的名称、IP的对应关系(A记录)
在k8s集群中创建pod时，k8s会自动将kube-dns服务的地址分配给对应的POD

3、服务类型

• ClusterIP
  默认的服务类型
  该服务只能在k8s集群内部被访问

• NodePort
  用于发布服务，暴露端口

• LoadBalance
  用于发布服务
  只能在云平台使用，配合云上的负载均衡器使用

二、clusterIP类型服务

• 仅允许集群内部访问

1、创建服务

apiVersion: apps/v1
kind: Deployment
metadata:
    name: test1-nginx
spec:
    replicas: 2
    selector:
        matchLabels:
            app: nginx
    template:
        metadata:
            labels:
                app: nginx
        spec:
            containers:
            - name: test1-nginx
              image: nginx:1.16
              imagePullPolicy: IfNotPresent
---
apiVersion: v1
kind: Service
metadata:
    name: test1-nginx
spec:
    ports:
    - port: 80
    selector:
        app: nginx

[root@k8s-master svcTest]# kubectl get pod 
NAME                           READY   STATUS    RESTARTS   AGE
test1-nginx-5d858b7fc5-nw7zp   1/1     Running   0          20s
test1-nginx-5d858b7fc5-t75r5   1/1     Running   0          20s

[root@k8s-master svcTest]# kubectl get svc 
NAME          TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
kubernetes    ClusterIP   10.96.0.1       <none>        443/TCP   122d
test1-nginx   ClusterIP   10.96.251.208   <none>        80/TCP    31s

2、创建客户端POD，测试访问服务

apiVersion: apps/v1
kind: Deployment
metadata:
    name: client
spec:
    replicas: 1
    selector:
        matchLabels:
            app: client
    template:
        metadata:
            labels:
                app: client
        spec:
            containers:
            - name: client
              image: centos:7
              imagePullPolicy: IfNotPresent
              command:
              - sleep
              - "36000"

测试服务可正常访问

[root@k8s-master svcTest]# kubectl exec -ti client-5cb5995997-qgqk4 bash

// 查看pod分配 的DNS服务器地址
[root@client-5cb5995997-qgqk4 ~]# cat /etc/resolv.conf 
search default.svc.cluster.local svc.cluster.local cluster.local linux.com
nameserver 10.96.0.10
options ndots:5

[root@client-5cb5995997-qgqk4 ~]# ping test1-nginx 
PING test1-nginx.default.svc.cluster.local (10.96.251.208) 56(84) bytes of data.


[root@client-5cb5995997-qgqk4 ~]# curl test1-nginx
[root@client-5cb5995997-qgqk4 ~]# curl test1-nginx.default.svc.cluster.local
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@client-5cb5995997-qgqk4 ~]# 

测试service负载均衡

[root@k8s-master svcTest]# kubectl exec -ti test1-nginx-5d858b7fc5-nw7zp bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
root@test1-nginx-5d858b7fc5-nw7zp:/# 
root@test1-nginx-5d858b7fc5-nw7zp:/# echo "123" > /usr/share/nginx/html/index.html 
root@test1-nginx-5d858b7fc5-nw7zp:/# exit
exit
[root@k8s-master svcTest]# 
[root@k8s-master svcTest]# kubectl exec -ti test1-nginx-5d858b7fc5-t75r5 bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
root@test1-nginx-5d858b7fc5-t75r5:/# echo "456" > /usr/share/nginx/html/index.html 
root@test1-nginx-5d858b7fc5-t75r5:/# exit
exit
[root@k8s-master svcTest]# 
[root@k8s-master svcTest]# kubectl exec -ti client-5cb5995997-qgqk4 bash
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
[root@client-5cb5995997-qgqk4 /]# 
[root@client-5cb5995997-qgqk4 /]# curl test1-nginx
123
[root@client-5cb5995997-qgqk4 /]# curl test1-nginx
456

三、NodePort类型服务

将k8s集群中的服务发布出去，客户端借助物理机可以访问

apiVersion: apps/v1
kind: Deployment
metadata:
    name: test2-nginx
spec:
    replicas: 2
    selector:
        matchLabels:
            app: nginx2
    template:
        metadata:
            labels:
                app: nginx2
        spec:
            containers:
            - name: test2-nginx
              image: nginx:1.16
              imagePullPolicy: IfNotPresent
---
apiVersion: v1
kind: Service
metadata:
    name: test2-nginx
spec:
    type: NodePort
    ports:
    - port: 80
      nodePort: 30000                 // 端口范围：30000-32767
    selector:
        app: nginx2

[root@k8s-master svcTest]# kubectl get pod 
NAME                           READY   STATUS    RESTARTS   AGE
test2-nginx-569d77d6cb-2bh99   1/1     Running   0          89s
test2-nginx-569d77d6cb-tqtgw   1/1     Running   0          89s

[root@k8s-master svcTest]# kubectl get svc 
NAME          TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
kubernetes    ClusterIP   10.96.0.1      <none>        443/TCP        123d
test2-nginx   NodePort    10.96.55.131   <none>        80:30000/TCP   45s

测试访问

• kubeadm部署的集群
  可以通过集群中任意节点的IP访问服务

• 二进制方式部署的集群
  通过查看pod所在的物理机访问服务