Skip to content

Kubernetes Service external access methods

Kubernetes Service external access methods refer to the network configurations and strategies that allow traffic originating from outside the Kubernetes cluster to reach Services and Pods running inside the cluster.^[原理及源码解析__Kubernetes_yaml文件.md]

Background

By default, a Service's access information (such as the VIP and iptables rules generated by kube-proxy) is only valid within the Kubernetes cluster.^[原理及源码解析__Kubernetes_yaml文件.md] To make services accessible to external users, specific configurations or types must be applied to the Service definition.^[原理及源码解析__Kubernetes_yaml文件.md]

Access Methods

There are three primary methods to expose a Service externally, depending on the environment and requirements.

NodePort

NodePort is the most common method for external access.^[原理及源码解析__Kubernetes_yaml文件.md]

To configure it, the Service type is set to NodePort, and specific ports are declared to map the Service port to a port on the host machine.^[原理及源码解析__Kubernetes_yaml文件.md]

Access is achieved by connecting to <Any Node's IP>:NodePort.^[原理及源码解析__Kubernetes_yaml文件.md]

Mechanism: * Traffic Routing: When an external request hits a Node on the specified port, it is forwarded to the Service's ClusterIP. * SNAT: Kubernetes performs a Source Network Address Translation (SNAT) operation on the IP packet as it leaves the host machine (via the POSTROUTING chain), replacing the source address with the host's CNI bridge address or the host's own IP.^[原理及源码解析__Kubernetes_yaml文件.md] * Limitations: If a request arrives at a Node that does not host any of the target Pods, the request will be dropped.^[原理及源码解析__Kubernetes_yaml文件.md]

LoadBalancer

The LoadBalancer type is typically used in public cloud environments.^[原理及源码解析__Kubernetes_yaml文件.md]

When a Service of type LoadBalancer is created, Kubernetes interfaces with a CloudProvider integration layer to call the public cloud's API.^[原理及源码解析__Kubernetes_yaml文件.md] This triggers the automatic creation of an external load balancer provided by the cloud platform.^[原理及源码解析__Kubernetes_yaml文件.md] The backend of this cloud load balancer is then automatically configured with the IP addresses of the Pods selected by the Service.^[原理及源码解析__Kubernetes_yaml文件.md]

ExternalName

ExternalName is a special type of Service introduced in Kubernetes 1.7 that maps a Service to a DNS name rather than a ClusterIP.^[原理及源码解析__Kubernetes_yaml文件.md]

It allows a Kubernetes Service to act as a proxy for an external domain name.^[原理及源码解析__Kubernetes_yaml文件.md]

Mechanism: * DNS CNAME: The implementation adds a CNAME record in the cluster's DNS (kube-dns).^[原理及源码解析__Kubernetes_yaml文件.md] * Behavior: When a client (e.g., my-service.default.svc.cluster.local) is resolved, kube-dns returns the external domain specified in externalName (e.g., my.database.example.com).^[原理及源码解析__Kubernetes_yaml文件.md] This makes accessing the internal Service functionally equivalent to accessing the external domain directly.^[原理及源码解析__Kubernetes_yaml文件.md]

  • [[Services]]
  • Ingress
  • [[ kube-proxy ]]

Sources

  • 原理及源码解析__Kubernetes_yaml文件.md