Customize endpoint to implement internal pod access to external applications
In addition to exposing the pod’s IP and port, endpoint can also proxy to external IP and port.
scenes to be used
-
The company’s business has not yet been moved to the cloud. Some of it is cloud-native and some of it is physical.
-
During the period of business migration to the cloud, cloud migration is gradually implemented to ensure decoupling between various modules.
For example, using a cloud database or an entity database server, because containerizing the database is not recommended in actual production environments.
Therefore, after some static services are migrated to the cloud, pods still need to access external application services.
K8s Endpoint custom experiment
Or use tomcat + mysql’s zrlog to experiment
First, prepare the zrlog code of tomcat. I directly use the yaml file used in the previous blog post experiment, because the main discussion now is that the pod communicates with the external network through the service.
[root@server153 test]# cat tomcat-deploy.yaml
apiVersion: v1
kind: Service # Declare version as Service
metadata:
name: tomcat-service # Define the name of the Service
labels:
name: show-tomcat-pod # Define the label of Service
spec:
type: NodePort # Define the type of Service and automatically assign a cluster serviceip
selector:
app: tomcat-deploy #Define the label selector, which will proxy the Pod of backend app=tomcat-deploy
ports:
- port: 80 #Internally exposed port
targetPort: 8080 #The port of the agent’s pod
nodePort: 31111 #Port exposed to external access to the host (default: 30000-32767)
---
apiVersion: apps/v1
Kind: Deployment
metadata:
labels:
app: tomcat-deploy
name: tomcat-deploy
namespace:default
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: tomcat-deploy
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
labels:
app: tomcat-deploy
spec:
#Create init container
initContainers:
#code mirror
- image: www.test.com/mytest/zrlog:v1
#init container name
name: init
#Copy the code to the anonymous data volume
command: ["cp","-r","/tmp/ROOT.war","/www"]
#Mount the anonymous data volume to the /www directory in the container
volumeMounts:
- mountPath: /www
name: tomcat-volume
#Create tomcat container
containers:
- image: oxnme/tomcat
imagePullPolicy: Always
name: tomcat
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
#Mount the data volume to the tomcat code directory
volumeMounts:
- mountPath: /usr/local/tomcat/webapps/
name: tomcat-volume
dnsPolicy:ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
terminationGracePeriodSeconds: 10
#Create anonymous data volume
volumes:
- name: tomcat-volume
emptyDir: {<!-- -->}
Tomcat’s file yaml file can be used like this, but it still exposes the 31111 port of the host.
Then configure our mysql database, create the database and create a user to connect to the database, and give permissions
[root@server160 ~]# mysql -uroot -pMySQL@666 mysql> CREATE USER 'zrtest'@'%' IDENTIFIED BY 'MySQL@666'; Query OK, 0 rows affected (0.02 sec) mysql> CREATE DATABASE Zrlog; Query OK, 1 row affected (0.00 sec) mysql> GRANT ALL PRIVILEGES ON `Zrlog`.* TO 'zrtest'@'%'; Query OK, 0 rows affected (0.00 sec) mysql> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec) mysql> show databases; + -------------------- + | Database | + -------------------- + | information_schema | | Zrlog | | mysql | | performance_schema | | sys | | zabbix | + -------------------- + 6 rows in set (0.00 sec)
The database is configured like this
Then configure our custom Endpoint and service
[root@server153 test]# cat endpoint.yaml
apiVersion: v1
Kind: Endpoints
metadata:
name: mysql
namespace:default
#Specify the target address of the custom point
subsets:
- addresses:
#External reids ip
-ip: 192.168.121.160
# The real working port of external redis
ports:
- port: 3306
# Define the name of the port, which must be consistent with ports.name in service
name:mysqlport
---
#Everyone is familiar with the service configuration here, mainly the endpoint above.
Kind: Service
apiVersion: v1
metadata:
name: mysql
namespace:default
spec:
ports:
- port: 3306
protocol:TCP
name:mysqlport
targetPort: 3306
type:ClusterIP
This configuration is enough, and then execute the configuration file
[root@server153 test]# kubectl apply -f tomcat-deploy.yaml [root@server153 test]# kubectl apply -f endpoint.yaml
Then go to view the details of mysql endpoint
[root@server153 test]# kubectl describe endpoints mysql
Name: mysql
Namespace: default
Labels: <none>
Annotations: <none>
Subsets:
Addresses: 192.168.121.160
NotReadyAddresses: <none>
Ports:
Name Port Protocol
---- ---- --------
mysqlport 3306 TCP
Events: <none>
There is also service information
[root@server153 test]# kubectl describe services mysql Name: mysql Namespace: default Labels: <none> Annotations: <none> Selector: <none> Type: ClusterIP IP Family Policy: SingleStack IP Families: IPv4 IP: 10.1.30.160 IPs: 10.1.30.160 Port: mysqlport 3306/TCP TargetPort: 3306/TCP Endpoints: 192.168.121.160:3306 Session Affinity: None Events: <none>
You can see that the service is proxied to the 160 host, and then go to the browser to access the 31111 port for installation and testing.
View database contents
mysql> use Zrlog; mysql> show tables; + ----------------- + | Tables_in_Zrlog | + ----------------- + | comment | | link | | log | | lognav | | plugin | | tag | | type | | user | | website | + ----------------- + 9 rows in set (0.00 sec)
You can see that this is what it looks like after the installation is completed. It is impossible to access the external network only by relying on the automatic discovery service of the service.
Therefore, the role of the customized Endpoint is reflected, which is still necessary to understand.
Because of the particularity of database data, it is generally not containerized.
I hope everyone has to help