Service

Services

Docs

A Service in Kubernetes is an abstraction which defines a logical set of Pods and a policy by which to access them. Services enable a loose coupling between dependent Pods. Services are the abstraction that allow pods to die and replicate in Kubernetes without impacting your application.

The set of Pods targeted by a Service is usually determined by a LabelSelector.

Although each Pod has a unique IP address, those IPs are not exposed outside the cluster without a Service. Services allow your applications to receive traffic. Services can be exposed in different ways by specifying a type in the ServiceSpec:

• ClusterIP (default) - Exposes the Service on an internal IP in the cluster. This type makes the Service only reachable from within the cluster.

• NodePort - Exposes the Service on the same port of each selected Node in the cluster using NAT. Makes a Service accessible from outside the cluster using <NodeIP>:<NodePort>. Superset of ClusterIP.

• LoadBalancer - Creates an external load balancer in the current cloud (if supported) and assigns a fixed, external IP to the Service. Superset of NodePort.

• ExternalName - Maps the Service to the contents of the externalName field (e.g. foo.bar.example.com), by returning a CNAME record with its value. No proxying of any kind is set up. This type requires v1.7 or higher of kube-dns, or CoreDNS version 0.0.8 or higher.

kubectl expose deployment nginx --port=80 --type=NodePort
kubectl get svc
kubectl describe services/[service_name]

K8s Service vs Istio Virtual Service

Kubernetes service

Kubernetes service manages a pod's networking. It specifies whether your pods are exposed internally (ClusterIP), externally (NodePort or LoadBalancer) or as a CNAME of other DNS entries (externalName).

As an example this foo-service will expose the pods with label app: foo. Any requests sent to the node on port 30007 will be forwarded to the pod on port 80.

apiVersion: v1
kind: Service
metadata:
  name: foo-service
spec:
  type: NodePort
  selector:
    app: foo
  ports:
    - port: 80
      targetPort: 80
      nodePort: 30007

Istio virtualservice

Istio virtualservice is one level higher than Kuberenetes service. It can be used to apply traffic routing, fault injection, retries and many other configurations to services.

As an example this foo-retry-virtualservice will retry 3 times with a timeout 2s each for failed requests to foo.

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: foo-retry-virtualservice
spec:
  hosts:
  - foo
  http:
  - route:
    - destination:
        host: foo
    retries:
      attempts: 3
      perTryTimeout: 2s

Another example of this foo-delay-virtualservice will apply a 0.5s delay to 0.1% of requests to foo.

apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: foo-delay-virtualservice
spec:
  hosts:
  - foo
  http:
  - fault:
      delay:
        percentage:
          value: 0.1
        fixedDelay: 5s
    route:
    - destination:
        host: foo

Ref

https://kubernetes.io/docs/concepts/services-networking/service/ https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ https://istio.io/latest/docs/reference/config/networking/virtual-service/ https://istio.io/latest/docs/concepts/traffic-management/#virtual-services

Service endpoint and endpoint slices