本文主要是介绍Linux:k8s集群访问集群外部服务(Endpoints),希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
k8s集群访问集群外部服务(Endpoints)
像数据库这个的服务我们一般是不会用k8s直接来跑的,最好是部署在集群外部的服务器,那么集群内部的pod怎么去访问外部的服务呢?可以使用Endpoints将外部的服务映射到集群内部,然后集群内部就能进行解析,直接访问。实际上,不映射到集群内部,也是可以访问的,下面以mysql服务为例进行说明。
环境准备
(搭建一个K8S集群,略)
master 192.168.146.10
node1 192.168.146.11
node2 192.168.146.12
node3 192.168.146.13
在任意一台机器安装数据库
[root@node3 ~]# yum -y install mariadb-server
#授权账户
[root@node3 ~]# systemctl start mariadb
[root@node3 ~]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 5.5.65-MariaDB MariaDB ServerCopyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> delete from mysql.user where user="";
Query OK, 2 rows affected (0.00 sec)MariaDB [(none)]> grant all on *.* to "pod"@"192.168.146.%" identified by "123";
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> select user,host,password from mysql.user;
+------+---------------+-------------------------------------------+
| user | host | password |
+------+---------------+-------------------------------------------+
| root | localhost | |
| root | node3 | |
| root | 127.0.0.1 | |
| root | ::1 | |
| pod | 192.168.146.% | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 |
+------+---------------+-------------------------------------------+
5 rows in set (0.00 sec)
创建一个pod
(哪个节点都可以,只要你配置了使用kubectl命令)
---
apiVersion: apps/v1
kind: Deployment
metadata:name: yum
spec:selector:matchLabels:app: yumreplicas: 1template:metadata:labels:app: yumspec:containers:- name: yumimage: registry.cn-shenzhen.aliyuncs.com/jay23/centos_yum:v1.0command: ["sh","-c","sleep 10000"]
进入pod,尝试连接数据库
[root@master mysql]# kubectl apply -f deploy2.yaml
deployment.apps/yum created
[root@master mysql]# kubectl get po
NAME READY STATUS RESTARTS AGE
counter 1/1 Running 0 5h4m
dummylogs-6d66db57f8-bp2t5 1/1 Running 1 4h44m
dummylogs-6d66db57f8-k4z76 1/1 Running 1 4h44m
dummylogs-6d66db57f8-m5b2k 1/1 Running 1 4h44m
dummylogs2-77f4d88788-52cmn 1/1 Running 1 4h44m
dummylogs2-77f4d88788-t996h 1/1 Running 1 4h44m
dummylogs2-77f4d88788-vk4h6 1/1 Running 1 4h44m
yum-d9fc97f8-w6mp8 1/1 Running 0 4s
[root@master mysql]# kubectl exec -it yum-d9fc97f8-w6mp8 -- bash
#安装一个数据库客户端
[root@yum-d9fc97f8-w6mp8 /]# yum -y install mariadb
#测试连接
[root@yum-d9fc97f8-w6mp8 /]# mysql -upod -h192.168.146.13 -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 5.5.65-MariaDB MariaDB ServerCopyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]>
通过以上的实验可以看出,只要宿主机可以通讯,那么pod内也是可以直接通过宿主机的IP访问集群之外的服务。因为虽然是pod发出的请求,实际上经过转发,出去的时候是以宿主机的IP进行访问的,所以我们授权的时候,保证运行pod的宿主机能登录数据库就行了,并不是对pod的IP进行授权。
那么Endpoints的作用是什么呢?
下面我们来创建Endpoints:
---
kind: Service
apiVersion: v1
metadata:name: testep #通过name绑定到下面的Endpoints,否则就用自己的Endpoints
spec:ports:- port: 3306
---
kind: Endpoints
apiVersion: v1
metadata:name: testep #与上面的name要对应
subsets:
- addresses:- ip: 192.168.146.13ports:- port: 3306
查看Endpoints和Service的关系
[root@master mysql]# vim deploy.yaml
[root@master mysql]# kubectl apply -f deploy.yaml
service/testep unchanged
endpoints/testep configured
[root@master mysql]# kubectl describe svc testep
Name: testep
Namespace: default
Labels: <none>
Annotations: Selector: <none>
Type: ClusterIP
IP: 10.111.21.40
Port: <unset> 3306/TCP
TargetPort: 3306/TCP
Endpoints: 192.168.146.13:3306 #如果不指定Endpoints,这里就是service的ClusterIP
Session Affinity: None
Events: <none>
此时,再进入刚刚的pod进行测试
[root@master mysql]# kubectl exec -it yum-d9fc97f8-w6mp8 -- bash
[root@yum-d9fc97f8-w6mp8 /]# mysql -upod -htestep -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 9
Server version: 5.5.65-MariaDB MariaDB ServerCopyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]>
发现可以使用Service的名称访问到数据库,大体的流程是这样的:
pod里面是可以解析svc的名字的,又因为svc的Endpoints链接的是其他机器的数据库,所以可以直接通过svc访问到集群之外的数据库。这就是Endpoints的作用。
这篇关于Linux:k8s集群访问集群外部服务(Endpoints)的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
