← 返回首页
🌐

Kubernetes Service网络

📂 devops ⏱ 2 min 288 words
kubernetesservice网络进阶

Kubernetes Service网络

Service概述

Service为Pod提供稳定的网络访问入口,实现服务发现和负载均衡。

Service类型

ClusterIP

集群内部访问:

apiVersion: v1
kind: Service
metadata:
  name: myapp-svc
spec:
  type: ClusterIP
  selector:
    app: myapp
  ports:
    - port: 80
      targetPort: 8080

NodePort

通过节点端口访问:

apiVersion: v1
kind: Service
metadata:
  name: myapp-nodeport
spec:
  type: NodePort
  selector:
    app: myapp
  ports:
    - port: 80
      targetPort: 8080
      nodePort: 30080  # 范围:30000-32767

LoadBalancer

云平台负载均衡:

apiVersion: v1
kind: Service
metadata:
  name: myapp-lb
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: nlb
spec:
  type: LoadBalancer
  selector:
    app: myapp
  ports:
    - port: 80
      targetPort: 8080

ExternalName

映射外部服务:

apiVersion: v1
kind: Service
metadata:
  name: external-db
spec:
  type: ExternalName
  externalName: db.example.com

服务发现

环境变量

# Pod中会自动注入环境变量
MYAPP_SVC_SERVICE_HOST=10.96.0.100
MYAPP_SVC_SERVICE_PORT=80

DNS解析

# 集群内DNS解析
myapp-svc                    # 同一命名空间
myapp-svc.namespace          # 指定命名空间
myapp-svc.namespace.svc      # 完整FQDN

Headless Service

apiVersion: v1
kind: Service
metadata:
  name: myapp-headless
spec:
  clusterIP: None  # 不分配ClusterIP
  selector:
    app: myapp
  ports:
    - port: 80
      targetPort: 8080

Headless Service用于StatefulSet等需要稳定网络标识的场景。

Ingress

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: myapp-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
    - host: myapp.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: myapp-svc
                port:
                  number: 80

实践:部署完整服务

# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: web
spec:
  replicas: 3
  selector:
    matchLabels:
      app: web
  template:
    metadata:
      labels:
        app: web
    spec:
      containers:
        - name: web
          image: nginx:alpine
          ports:
            - containerPort: 80

---
# service.yaml
apiVersion: v1
kind: Service
metadata:
  name: web-svc
spec:
  type: ClusterIP
  selector:
    app: web
  ports:
    - port: 80
      targetPort: 80

---
# ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: web-ingress
spec:
  rules:
    - host: web.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: web-svc
                port:
                  number: 80

# 部署
kubectl apply -f deployment.yaml
kubectl apply -f service.yaml
kubectl apply -f ingress.yaml

# 验证
kubectl get svc
kubectl get ingress
kubectl exec -it test-pod -- curl web-svc

网络排查

# 查看Service详情
kubectl describe svc myapp-svc

# 查看Endpoints
kubectl get endpoints myapp-svc

# DNS测试
kubectl exec -it test-pod -- nslookup myapp-svc

# 连通性测试
kubectl exec -it test-pod -- curl myapp-svc:80

总结

Kubernetes Service是实现服务发现和负载均衡的关键组件。理解不同类型的Service,可以灵活配置应用的网络访问方式。