-
Notifications
You must be signed in to change notification settings - Fork 14.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Revise Service concept, part 13 #38563
Revise Service concept, part 13 #38563
Conversation
For example, the Service `redis-primary` which exposes TCP port 6379 and has been | ||
allocated cluster IP address 10.0.0.11, produces the following environment | ||
variables: | ||
|
||
```shell | ||
REDIS_PRIMARY_SERVICE_HOST=10.0.0.11 | ||
REDIS_PRIMARY_SERVICE_PORT=6379 | ||
REDIS_PRIMARY_PORT=tcp://10.0.0.11:6379 | ||
REDIS_PRIMARY_PORT_6379_TCP=tcp://10.0.0.11:6379 | ||
REDIS_PRIMARY_PORT_6379_TCP_PROTO=tcp | ||
REDIS_PRIMARY_PORT_6379_TCP_PORT=6379 | ||
REDIS_PRIMARY_PORT_6379_TCP_ADDR=10.0.0.11 | ||
``` | ||
|
||
{{< note >}} | ||
When you have a Pod that needs to access a Service, and you are using | ||
the environment variable method to publish the port and cluster IP to the client | ||
Pods, you must create the Service *before* the client Pods come into existence. | ||
Otherwise, those client Pods won't have their environment variables populated. | ||
|
||
If you only use DNS to discover the cluster IP for a Service, you don't need to | ||
worry about this ordering issue. | ||
{{< /note >}} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
## Choosing your own IP address | ||
|
||
You can specify your own cluster IP address as part of a `Service` creation | ||
request. To do this, set the `.spec.clusterIP` field. For example, if you | ||
already have an existing DNS entry that you wish to reuse, or legacy systems | ||
that are configured for a specific IP address and difficult to re-configure. | ||
|
||
The IP address that you choose must be a valid IPv4 or IPv6 address from within the | ||
`service-cluster-ip-range` CIDR range that is configured for the API server. | ||
If you try to create a Service with an invalid clusterIP address value, the API | ||
server will return a 422 HTTP status code to indicate that there's a problem. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
### Environment variables | ||
|
||
When a Pod is run on a Node, the kubelet adds a set of environment variables | ||
for each active Service. It adds `{SVCNAME}_SERVICE_HOST` and `{SVCNAME}_SERVICE_PORT` variables, | ||
where the Service name is upper-cased and dashes are converted to underscores. | ||
It also supports variables (see [makeLinkVariables](https://github.com/kubernetes/kubernetes/blob/dd2d12f6dc0e654c15d5db57a5f9f6ba61192726/pkg/kubelet/envvars/envvars.go#L72)) | ||
that are compatible with Docker Engine's | ||
"_[legacy container links](https://docs.docker.com/network/links/)_" feature. | ||
|
||
For example, the Service `redis-primary` which exposes TCP port 6379 and has been | ||
allocated cluster IP address 10.0.0.11, produces the following environment | ||
variables: | ||
|
||
```shell | ||
REDIS_PRIMARY_SERVICE_HOST=10.0.0.11 | ||
REDIS_PRIMARY_SERVICE_PORT=6379 | ||
REDIS_PRIMARY_PORT=tcp://10.0.0.11:6379 | ||
REDIS_PRIMARY_PORT_6379_TCP=tcp://10.0.0.11:6379 | ||
REDIS_PRIMARY_PORT_6379_TCP_PROTO=tcp | ||
REDIS_PRIMARY_PORT_6379_TCP_PORT=6379 | ||
REDIS_PRIMARY_PORT_6379_TCP_ADDR=10.0.0.11 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is moved, not net new.
### DNS | ||
|
||
You can (and almost always should) set up a DNS service for your Kubernetes | ||
cluster using an [add-on](/docs/concepts/cluster-administration/addons/). | ||
|
||
A cluster-aware DNS server, such as CoreDNS, watches the Kubernetes API for new | ||
Services and creates a set of DNS records for each one. If DNS has been enabled | ||
throughout your cluster then all Pods should automatically be able to resolve | ||
Services by their DNS name. | ||
|
||
For example, if you have a Service called `my-service` in a Kubernetes | ||
namespace `my-ns`, the control plane and the DNS Service acting together | ||
create a DNS record for `my-service.my-ns`. Pods in the `my-ns` namespace | ||
should be able to find the service by doing a name lookup for `my-service` | ||
(`my-service.my-ns` would also work). | ||
|
||
Pods in other namespaces must qualify the name as `my-service.my-ns`. These names | ||
will resolve to the cluster IP assigned for the Service. | ||
|
||
Kubernetes also supports DNS SRV (Service) records for named ports. If the | ||
`my-service.my-ns` Service has a port named `http` with the protocol set to | ||
`TCP`, you can do a DNS SRV query for `_http._tcp.my-service.my-ns` to discover | ||
the port number for `http`, as well as the IP address. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is moved, not net new. I also rewrote it.
✅ Pull request preview available for checkingBuilt without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify site settings. |
3c9ec82
to
fa5837f
Compare
fa5837f
to
6e36e37
Compare
c5f3848
to
cb152eb
Compare
I simplified this PR, putting some of the changes into #39499 instead. |
cb152eb
to
ff8d0e3
Compare
161c1cb
to
051551e
Compare
<!-- preserve existing hyperlinks --> | ||
<a id="shortcomings" /> | ||
<a id="the-gory-details-of-virtual-ips" /> | ||
<a id="proxy-modes" /> | ||
<a id="proxy-mode-userspace" /> | ||
<a id="proxy-mode-iptables" /> | ||
<a id="proxy-mode-ipvs" /> | ||
<a id="ips-and-vips" /> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is moved from its previous home near the end of the page.
051551e
to
fcda9e9
Compare
Further revised - I think it's ready for review again. I can't see an easy way to make this change smaller and still be useful to merge in one go. |
fcda9e9
to
a0d80ea
Compare
a0d80ea
to
e5dfc37
Compare
e5dfc37
to
73ea29a
Compare
73ea29a
to
a4b74c8
Compare
These changes reorganize the structure of the page to provide a new focus on the 4 types of Service.
a4b74c8
to
c148e37
Compare
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: kbhawkey The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/lgtm |
LGTM label has been added. Git tree hash: 25272abde400d28e7d936e775e26b5bccd1dc2f9
|
Split out from #30817
View that PR to see these changes in context.
These changes reorganize the structure of the page to provide a new focus on the 4 types of Service. These changes are the ones that come after what you can see in #38562.