Revise Service concept, part 13 #38563
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
k8s-ci-robot
added
do-not-merge/work-in-progress
k8s-ci-robot
added
language/en
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
sftim
commented
Dec 19, 2022
Comment on lines
-382
to
-441
| For example, the Service `redis-primary` which exposes TCP port 6379 and has been | ||
| allocated cluster IP address 10.0.0.11, produces the following environment | ||
| variables: | ||
|
|
||
| ```shell | ||
| REDIS_PRIMARY_SERVICE_HOST=10.0.0.11 | ||
| REDIS_PRIMARY_SERVICE_PORT=6379 | ||
| REDIS_PRIMARY_PORT=tcp://10.0.0.11:6379 | ||
| REDIS_PRIMARY_PORT_6379_TCP=tcp://10.0.0.11:6379 | ||
| REDIS_PRIMARY_PORT_6379_TCP_PROTO=tcp | ||
| REDIS_PRIMARY_PORT_6379_TCP_PORT=6379 | ||
| REDIS_PRIMARY_PORT_6379_TCP_ADDR=10.0.0.11 | ||
| ``` | ||
|
|
||
| {{< note >}} | ||
| When you have a Pod that needs to access a Service, and you are using | ||
| the environment variable method to publish the port and cluster IP to the client | ||
| Pods, you must create the Service *before* the client Pods come into existence. | ||
| Otherwise, those client Pods won't have their environment variables populated. | ||
|
|
||
| If you only use DNS to discover the cluster IP for a Service, you don't need to | ||
| worry about this ordering issue. | ||
| {{< /note >}} |
There was a problem hiding this comment.
sftim
commented
Dec 19, 2022
Comment on lines
356
to
403
| ## Choosing your own IP address | ||
|
|
||
| You can specify your own cluster IP address as part of a `Service` creation | ||
| request. To do this, set the `.spec.clusterIP` field. For example, if you | ||
| already have an existing DNS entry that you wish to reuse, or legacy systems | ||
| that are configured for a specific IP address and difficult to re-configure. | ||
|
|
||
| The IP address that you choose must be a valid IPv4 or IPv6 address from within the | ||
| `service-cluster-ip-range` CIDR range that is configured for the API server. | ||
| If you try to create a Service with an invalid clusterIP address value, the API | ||
| server will return a 422 HTTP status code to indicate that there's a problem. |
There was a problem hiding this comment.
sftim
commented
Dec 19, 2022
Comment on lines
+1116
to
+1146
| ### Environment variables | ||
|
|
||
| When a Pod is run on a Node, the kubelet adds a set of environment variables | ||
| for each active Service. It adds `{SVCNAME}_SERVICE_HOST` and `{SVCNAME}_SERVICE_PORT` variables, | ||
| where the Service name is upper-cased and dashes are converted to underscores. | ||
| It also supports variables (see [makeLinkVariables](https://github.com/kubernetes/kubernetes/blob/dd2d12f6dc0e654c15d5db57a5f9f6ba61192726/pkg/kubelet/envvars/envvars.go#L72)) | ||
| that are compatible with Docker Engine's | ||
| "_[legacy container links](https://docs.docker.com/network/links/)_" feature. | ||
|
|
||
| For example, the Service `redis-primary` which exposes TCP port 6379 and has been | ||
| allocated cluster IP address 10.0.0.11, produces the following environment | ||
| variables: | ||
|
|
||
| ```shell | ||
| REDIS_PRIMARY_SERVICE_HOST=10.0.0.11 | ||
| REDIS_PRIMARY_SERVICE_PORT=6379 | ||
| REDIS_PRIMARY_PORT=tcp://10.0.0.11:6379 | ||
| REDIS_PRIMARY_PORT_6379_TCP=tcp://10.0.0.11:6379 | ||
| REDIS_PRIMARY_PORT_6379_TCP_PROTO=tcp | ||
| REDIS_PRIMARY_PORT_6379_TCP_PORT=6379 | ||
| REDIS_PRIMARY_PORT_6379_TCP_ADDR=10.0.0.11 |
There was a problem hiding this comment.
This is moved, not net new.
sftim
commented
Dec 19, 2022
Comment on lines
+1154
to
+1186
| ### DNS | ||
|
|
||
| You can (and almost always should) set up a DNS service for your Kubernetes | ||
| cluster using an [add-on](/docs/concepts/cluster-administration/addons/). | ||
|
|
||
| A cluster-aware DNS server, such as CoreDNS, watches the Kubernetes API for new | ||
| Services and creates a set of DNS records for each one. If DNS has been enabled | ||
| throughout your cluster then all Pods should automatically be able to resolve | ||
| Services by their DNS name. | ||
|
|
||
| For example, if you have a Service called `my-service` in a Kubernetes | ||
| namespace `my-ns`, the control plane and the DNS Service acting together | ||
| create a DNS record for `my-service.my-ns`. Pods in the `my-ns` namespace | ||
| should be able to find the service by doing a name lookup for `my-service` | ||
| (`my-service.my-ns` would also work). | ||
|
|
||
| Pods in other namespaces must qualify the name as `my-service.my-ns`. These names | ||
| will resolve to the cluster IP assigned for the Service. | ||
|
|
||
| Kubernetes also supports DNS SRV (Service) records for named ports. If the | ||
| `my-service.my-ns` Service has a port named `http` with the protocol set to | ||
| `TCP`, you can do a DNS SRV query for `_http._tcp.my-service.my-ns` to discover | ||
| the port number for `http`, as well as the IP address. |
There was a problem hiding this comment.
This is moved, not net new. I also rewrote it.
✅ Pull request preview available for checkingBuilt without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify site settings. |
k8s-ci-robot
added
the
needs-rebase
sftim
force-pushed
the
20221219_revise_service_concept_after_introduction_for_a_bit
branch
from
3c9ec82 to
fa5837f
Compare
k8s-ci-robot
removed
the
needs-rebase
tengqm
reviewed
Jan 14, 2023
k8s-ci-robot
added
the
needs-rebase
sftim
force-pushed
the
20221219_revise_service_concept_after_introduction_for_a_bit
branch
from
fa5837f to
6e36e37
Compare
k8s-ci-robot
removed
the
needs-rebase
sftim
force-pushed
the
20221219_revise_service_concept_after_introduction_for_a_bit
branch
2 times, most recently
from
c5f3848 to
cb152eb
Compare
|
I simplified this PR, putting some of the changes into #39499 instead. |
sftim
force-pushed
the
20221219_revise_service_concept_after_introduction_for_a_bit
branch
from
cb152eb to
ff8d0e3
Compare
sftim
force-pushed
the
20221219_revise_service_concept_after_introduction_for_a_bit
branch
3 times, most recently
from
161c1cb to
051551e
Compare
sftim
commented
Feb 23, 2023
Comment on lines
+1180
to
+1199
| <!-- preserve existing hyperlinks --> | ||
| <a id="shortcomings" /> | ||
| <a id="the-gory-details-of-virtual-ips" /> | ||
| <a id="proxy-modes" /> | ||
| <a id="proxy-mode-userspace" /> | ||
| <a id="proxy-mode-iptables" /> | ||
| <a id="proxy-mode-ipvs" /> | ||
| <a id="ips-and-vips" /> |
There was a problem hiding this comment.
This is moved from its previous home near the end of the page.
sftim
force-pushed
the
20221219_revise_service_concept_after_introduction_for_a_bit
branch
from
051551e to
fcda9e9
Compare
|
Further revised - I think it's ready for review again. I can't see an easy way to make this change smaller and still be useful to merge in one go. |
kbhawkey
reviewed
Feb 26, 2023
sftim
force-pushed
the
20221219_revise_service_concept_after_introduction_for_a_bit
branch
from
fcda9e9 to
a0d80ea
Compare
k8s-ci-robot
added
the
needs-rebase
sftim
force-pushed
the
20221219_revise_service_concept_after_introduction_for_a_bit
branch
from
a0d80ea to
e5dfc37
Compare
k8s-ci-robot
removed
the
needs-rebase
sftim
force-pushed
the
20221219_revise_service_concept_after_introduction_for_a_bit
branch
from
e5dfc37 to
73ea29a
Compare
sftim
force-pushed
the
20221219_revise_service_concept_after_introduction_for_a_bit
branch
from
73ea29a to
a4b74c8
Compare
k8s-ci-robot
added
the
needs-rebase
These changes reorganize the structure of the page to provide a new focus on the 4 types of Service.
sftim
force-pushed
the
20221219_revise_service_concept_after_introduction_for_a_bit
branch
from
a4b74c8 to
c148e37
Compare
k8s-ci-robot
removed
the
needs-rebase
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: kbhawkey The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
LGTM label has been added. Git tree hash: 25272abde400d28e7d936e775e26b5bccd1dc2f9
|
sftim
deleted the
20221219_revise_service_concept_after_introduction_for_a_bit
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Split out from #30817
View that PR to see these changes in context.
These changes reorganize the structure of the page to provide a new focus on the 4 types of Service. These changes are the ones that come after what you can see in #38562.