▪ 실습
- ClusterIP
- NodePort
• ClusterIP
- 3pod.yaml (목적지 파드)
apiVersion: v1
kind: Pod
metadata:
name: webpod1
labels:
app: webpod
spec:
nodeName: w1-k8s
containers:
- name: container
image: traefik/whoami
terminationGracePeriodSeconds: 0
---
apiVersion: v1
kind: Pod
metadata:
name: webpod2
labels:
app: webpod
spec:
nodeName: w2-k8s
containers:
- name: container
image: traefik/whoami
terminationGracePeriodSeconds: 0
---
apiVersion: v1
kind: Pod
metadata:
name: webpod3
labels:
app: webpod
spec:
nodeName: w3-k8s
containers:
- name: container
image: traefik/whoami
terminationGracePeriodSeconds: 0
- netpod.yaml (클라이언트)
apiVersion: v1
kind: Pod
metadata:
name: net-pod
spec:
nodeName: m-k8s
containers:
- name: netshoot-pod
image: nicolaka/netshoot
command: ["tail"]
args: ["-f", "/dev/null"]
terminationGracePeriodSeconds: 0
- svc-clusterip.yaaml (서비스)
apiVersion: v1
kind: Service
metadata:
name: svc-clusterip
spec:
ports:
- name: svc-webport
port: 9000
targetPort: 80
selector:
app: webpod
type: ClusterIP
- 동작 확인
- iptables rule 확인
- PREROUTING
- KUBE-SERVICES
- KUBE-SVC-###
- KUBE-SEP-#<파드1>, KUBE-SEP-#<파드2>, KUBE-SEP-#<파드3>
- SEP : SERVICE ENDPOINT
[root@m-k8s clusterIP]# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 32 packets, 2248 bytes)
pkts bytes target prot opt in out source destination
1018 70687 KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */
Chain KUBE-SERVICES (2 references)
pkts bytes target prot opt in out source destination
208 12480 KUBE-SVC-KBDEBIL6IU6WL7RF tcp -- * * 0.0.0.0/0 10.101.45.138 /* default/svc-clusterip:svc-webport cluster IP */ tcp dpt:9000
Chain KUBE-SVC-KBDEBIL6IU6WL7RF (1 references)
pkts bytes target prot opt in out source destination
71 4260 KUBE-SEP-4GLOYZ5YBL4ZIC54 all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/svc-clusterip:svc-webport */ statistic mode random probability 0.33333333349
69 4140 KUBE-SEP-OSRWDXZKC43CGPGW all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/svc-clusterip:svc-webport */ statistic mode random probability 0.50000000000
68 4080 KUBE-SEP-X4VKZM5IYTJMJGTP all -- * * 0.0.0.0/0 0.0.0.0/0 /* default/svc-clusterip:svc-webport */
Chain KUBE-SEP-4GLOYZ5YBL4ZIC54 (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-MARK-MASQ all -- * * 172.16.103.135 0.0.0.0/0 /* default/svc-clusterip:svc-webport */
71 4260 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/svc-clusterip:svc-webport */ tcp to:172.16.103.135:80
Chain KUBE-SEP-OSRWDXZKC43CGPGW (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-MARK-MASQ all -- * * 172.16.132.14 0.0.0.0/0 /* default/svc-clusterip:svc-webport */
69 4140 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/svc-clusterip:svc-webport */ tcp to:172.16.132.14:80
Chain KUBE-SEP-X4VKZM5IYTJMJGTP (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-MARK-MASQ all -- * * 172.16.221.148 0.0.0.0/0 /* default/svc-clusterip:svc-webport */
68 4080 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/svc-clusterip:svc-webport */ tcp to:172.16.221.148:80
• NodePort
- echo-pod.yaml (목적지 파드)
apiVersion: apps/v1
kind: Deployment
metadata:
name: deploy-echo
spec:
replicas: 3
selector:
matchLabels:
app: deploy-websrv
template:
metadata:
labels:
app: deploy-websrv
spec:
terminationGracePeriodSeconds: 0
containers:
- name: cndk-websrv
image: k8s.gcr.io/echoserver:1.5
ports:
- containerPort: 8080
- svc-nodeport.yaml (서비스)
apiVersion: v1
kind: Service
metadata:
name: svc-nodeport
spec:
ports:
- name: svc-webport
port: 9000
targetPort: 8080
# nodePort 미지정시 임의 할당 / 30000 – 32767
selector:
app: deploy-websrv
type: NodePort
- 동작 확인
[root@m-k8s nodePort]# ss -4tlnp | egrep "(Process|30282)"
LISTEN 0 128 *:30282 *:* users:(("kube-proxy",pid=2560,fd=12))
- iptables rule 확인
- PREROUTING
- KUBE-SERVICES
- KUBE-NODEPORTS
- KUBE-SVC-###
- KUBE-SEP-#<파드1>, KUBE-SEP-#<파드2>, KUBE-SEP-#<파드3>
[root@m-k8s nodePort]# iptables -t nat -S
-A PREROUTING -m comment --comment "kubernetes service portals" -j KUBE-SERVICES
-A KUBE-SERVICES -m comment --comment "kubernetes service nodeports; NOTE: this must be the last rule in this chain" -m addrtype --dst-type LOCAL -j KUBE-NODEPORTS
-A KUBE-NODEPORTS -p tcp -m comment --comment "default/svc-nodeport:svc-webport" -m tcp --dport 30282 -j KUBE-SVC-VTR7MTHHNMFZ3OFS
-A KUBE-SVC-VTR7MTHHNMFZ3OFS -m comment --comment "default/svc-nodeport:svc-webport" -m statistic --mode random --probability 0.33333333349 -j KUBE-SEP-ZFQZV32UODUPBKSN
-A KUBE-SVC-VTR7MTHHNMFZ3OFS -m comment --comment "default/svc-nodeport:svc-webport" -m statistic --mode random --probability 0.50000000000 -j KUBE-SEP-TIDBC43XW5IICFED
-A KUBE-SVC-VTR7MTHHNMFZ3OFS -m comment --comment "default/svc-nodeport:svc-webport" -j KUBE-SEP-2JHZOYSDCT4K5OXZ
-A KUBE-SEP-ZFQZV32UODUPBKSN -s 172.16.103.136/32 -m comment --comment "default/svc-nodeport:svc-webport" -j KUBE-MARK-MASQ
-A KUBE-SEP-ZFQZV32UODUPBKSN -p tcp -m comment --comment "default/svc-nodeport:svc-webport" -m tcp -j DNAT --to-destination 172.16.103.136:8080
-A KUBE-SEP-TIDBC43XW5IICFED -s 172.16.132.15/32 -m comment --comment "default/svc-nodeport:svc-webport" -j KUBE-MARK-MASQ
-A KUBE-SEP-TIDBC43XW5IICFED -p tcp -m comment --comment "default/svc-nodeport:svc-webport" -m tcp -j DNAT --to-destination 172.16.132.15:8080
-A KUBE-SEP-2JHZOYSDCT4K5OXZ -s 172.16.221.149/32 -m comment --comment "default/svc-nodeport:svc-webport" -j KUBE-MARK-MASQ
-A KUBE-SEP-2JHZOYSDCT4K5OXZ -p tcp -m comment --comment "default/svc-nodeport:svc-webport" -m tcp -j DNAT --to-destination 172.16.221.149:8080
# 출발지IP를 접속한 노드의 IP 로 SNAT(MASQUERADE) 처리
-A KUBE-POSTROUTING -m comment --comment "kubernetes service traffic requiring SNAT" -j MASQUERADE
Ref.
Kubernetes NodePort vs LoadBalancer vs Ingress? When should I use what?
'Kubernetes' 카테고리의 다른 글
| 컨테이너에서 JVM은 왜 메모리 먹는 하마였을까? (1) | 2022.11.10 |
|---|---|
| 리소스의 메모리와 CPU 자원 관리 (0) | 2022.11.10 |
| Pod의 우선 순위 (0) | 2022.11.10 |
| Pod 안전하게 생성/배포 및 QoS 정책 설정 (0) | 2022.11.10 |
| K8S Service Network (0) | 2022.11.08 |