kubernetes의 Service.spec.type의 기본값은 ClusterIP이다.
clusterip는 iptables 기반이다. k8s 서비스를 클러스터 내부 IP에 노출하고 클러스터 내에서만 서비스에 도달할 수 있게 한다.
(참고 : kubernetes)
이외 3가지가 더 있다.
Ingress를 사용하지 않으면 Nodeport를 사용한다.
하지만 개인적으로 Ingress를 두는 것이 운영하는 데 훨씬 도움이 되는 것 같다.
LoadBalancer는 LBaaS로 사용자가 로드 밸런서를 추가할 수 있는 형태이다.
아마존의 경우는 아래와 같이 사용할 수 있다.
https://aws.amazon.com/ko/blogs/opensource/network-load-balancer-nginx-ingress-controller-eks/
https://github.com/kubernetes/ingress-nginx/blob/master/docs/deploy/index.md
실제 사용 예를 살펴본다. 아래 ingress-nginx에 잘 나와 있다.
https://github.com/kubernetes/ingress-nginx/blob/master/docs/deploy/index.md
type이 LoadBalancer 타입일 경우에는 어떻게 설정되어 있는지 확인할 수 있다.
aws L4 LB를 사용하려면 다음과 같이 사용한다.
https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/aws/service-l4.yaml
kind: Service
apiVersion: v1
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
annotations:
# Enable PROXY protocol
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
# Ensure the ELB idle timeout is less than nginx keep-alive timeout. By default,
# NGINX keep-alive is set to 75s. If using WebSockets, the value will need to be
# increased to '3600' to avoid any potential issues.
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
spec:
type: LoadBalancer
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
ports:
- name: http
port: 80
targetPort: http
- name: https
port: 443
targetPort: https
---
l7인 경우는 다음과 같이 설정한다.
kind: Service
apiVersion: v1
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
annotations:
# replace with the correct value of the generated certificate in the AWS console
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-west-2:XXXXXXXX:certificate/XXXXXX-XXXXXXX-XXXXXXX-XXXXXXXX"
# the backend instances are HTTP
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
# Map port 443
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
# Ensure the ELB idle timeout is less than nginx keep-alive timeout. By default,
# NGINX keep-alive is set to 75s. If using WebSockets, the value will need to be
# increased to '3600' to avoid any potential issues.
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
spec:
type: LoadBalancer
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
ports:
- name: http
port: 80
targetPort: http
- name: https
port: 443
targetPort: http
---
마지막으로 EnternalName은 CoreDNS에서 지원하는 CNAME 값이다.
지금까지 설명한 내용은 다음 문서에 있다.
https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
ClusterIP
: Exposes the Service on a cluster-internal IP. Choosing this value makes the Service only reachable from within the cluster. This is the default ServiceType
.NodePort
: Exposes the Service on each Node’s IP at a static port (the NodePort
). A ClusterIP
Service, to which the NodePort
Service routes, is automatically created. You’ll be able to contact the NodePort
Service, from outside the cluster, by requesting <NodeIP>:<NodePort>
.LoadBalancer
: Exposes the Service externally using a cloud provider’s load balancer. NodePort
and ClusterIP
Services, to which the external load balancer routes, are automatically created.ExternalName
: Maps the Service to the contents of the externalName
field (e.g. foo.bar.example.com
), by returning a CNAME
record
with its value. No proxying of any kind is set up.