一、首先说headless Service和普通Service的区别
headless不分配clusterIP
headless service可以通过解析service的DNS,返回所有Pod的地址和DNS(statefulSet部署的Pod才有DNS)
普通的service,只能通过解析service的DNS返回service的ClusterIP
二、statefulSet和Deployment控制器的区别
statefulSet下的Pod有DNS地址,通过解析Pod的DNS可以返回Pod的IP
deployment下的Pod没有DNS
三、通过StatefulSet和headless server部署的服务效果
1.另一个pod里 可以通过dns+[pod的端口]访问到该服务
image.png
四、普通Service解析service的DNS结果
Service的ClusterIP工作原理:一个service可能对应一组endpoints(所有pod的地址+端口),client访问ClusterIP,通过iptables或者ipvs转发到Real Server(Pod),具体操作如下
image.png
[root@VM-1-95-centos ~]# kubectl exec -it a.demo.com-deployment-7df958f9-jskjz -- /bin/sh
/ # nslookup a-demo-com-svc.default.svc.cluster.local
nslookup: can't resolve '(null)': Name does not resolve
Name: a-demo-com-svc.default.svc.cluster.local
Address 1: 10.254.158.84 a-demo-com-svc.default.svc.cluster.local
从上面的结果能看到,虽然Service有2个endpoint,但是DNS查询时只会返回Service的ClusterIP地址,具体Client访问的是哪个real server,由iptables或者ipvs决定
五、headless Service的解析service的DNS结果
image.png
[root@VM-1-95-centos ~]# kubectl exec -it a.demo.com-deployment-7df958f9-jskjz -- /bin/sh
/ # nslookup eureka-demo-com-svc.default.svc.cluster.local
nslookup: can't resolve '(null)': Name does not resolve
Name: eureka-demo-com-svc.default.svc.cluster.local
Address 1: 172.16.63.2 eureka-demo-com-0.eureka-demo-com-svc.default.svc.cluster.local
Address 2: 172.16.67.3 eureka-demo-com-1.eureka-demo-com-svc.default.svc.cluster.local
Address 3: 172.16.98.14 eureka-demo-com-2.eureka-demo-com-svc.default.svc.cluster.local
据结果看到,dns查询会返回3个endpoint,也就是3个pod地址和DNS,通过解析pod的DNS也能返回Pod的IP
六、headless Service就是没头的Service,有什么使用场景呢?
第一种:自主选择权,有时候client想自己决定使用哪个Real Server,可以通过查询DNS来获取Real Server的信息
第二种:headless service关联的每个endpoint(也就是Pod),都会有对应的DNS域名;这样Pod之间就可以互相访问
[root@VM-1-95-centos ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
a-demo-com-svc ClusterIP 10.254.158.84 <none> 80/TCP 17d
b-demo-com-svc ClusterIP 10.254.31.156 <none> 80/TCP 17d
c-demo-com-svc ClusterIP 10.254.53.251 <none> 80/TCP 17d
eureka-demo-com-svc ClusterIP None <none> 8761/TCP 17d
kubernetes ClusterIP 10.254.0.1 <none> 443/TCP 17d
sentinel-demo-com-svc ClusterIP 10.254.57.201 <none> 8080/TCP 17d
www-demo-com-svc ClusterIP 10.254.254.238 <none> 80/TCP 17d
zipkin-demo-com-svc ClusterIP 10.254.56.220 <none> 9411/TCP 17d
[root@VM-1-95-centos ~]# kubectl exec -it a.demo.com-deployment-7df958f9-jskjz -- /bin/sh
/ # nslookup eureka-demo-com-svc.default.svc.cluster.local
nslookup: can't resolve '(null)': Name does not resolve
Name: eureka-demo-com-svc.default.svc.cluster.local
Address 1: 172.16.98.14 eureka-demo-com-2.eureka-demo-com-svc.default.svc.cluster.local
Address 2: 172.16.63.2 eureka-demo-com-0.eureka-demo-com-svc.default.svc.cluster.local
Address 3: 172.16.67.3 eureka-demo-com-1.eureka-demo-com-svc.default.svc.cluster.local
/ #
/ # nslookup eureka-demo-com-0.eureka-demo-com-svc.default.svc.cluster.local
nslookup: can't resolve '(null)': Name does not resolve
Name: eureka-demo-com-0.eureka-demo-com-svc.default.svc.cluster.local
Address 1: 172.16.63.2 eureka-demo-com-0.eureka-demo-com-svc.default.svc.cluster.local
/ #
/ #
/ # nslookup eureka-demo-com-1.eureka-demo-com-svc.default.svc.cluster.local
nslookup: can't resolve '(null)': Name does not resolve
Name: eureka-demo-com-1.eureka-demo-com-svc.default.svc.cluster.local
Address 1: 172.16.67.3 eureka-demo-com-1.eureka-demo-com-svc.default.svc.cluster.local
/ #
/ # nslookup eureka-demo-com-2.eureka-demo-com-svc.default.svc.cluster.local
nslookup: can't resolve '(null)': Name does not resolve
Name: eureka-demo-com-2.eureka-demo-com-svc.default.svc.cluster.local
Address 1: 172.16.98.14 eureka-demo-com-2.eureka-demo-com-svc.default.svc.cluster.local
如上,eureka就是我们场景的StatefulSet,对应的pod就是eureka-demo-com-0,eureka-demo-com-1,eureka-demo-com-2,他们之间能互相访问,这样对于一些集群类型的应用就可以解决互相身份识别的问题了
七、为什么要用headless service+statefulSet部署有状态应用?
1.headless service会为关联的service分配一个域
<service name>.$<namespace name>.svc.cluster.local
2.StatefulSet会为关联的Pod保持一个不变的Pod Name
statefulset中Pod的hostname格式为$(StatefulSet name)-$(pod序号)
3.StatefulSet会为关联的Pod分配一个dnsName
$<Pod Name>.$<service name>.$<namespace name>.svc.cluster.local
网友评论