Service without selectors

Services use selectors to match the pods to direct the traffic. However, sometimes you need to implement a proxy to be the bridge between the Kubernetes cluster and another namespace, another cluster, or an external resource. In the following example, we'll demonstrate how to implement a proxy for http://www.google.com in your cluster. This is just an example; the source of the proxy in your case might be the endpoint of your database or another resource in the cloud:

How a Service without a selector works

The configuration file is similar to the previous one, just without the selector section:

// create a service without selectors
# cat 3-2-3_service_wo_selector_srv.yaml
kind: Service
apiVersion: v1
metadata:
  name: google-proxy
spec:
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80

// create service without selectors
# kubectl create -f 3-2-3_service_wo_selector_srv.yaml
service "google-proxy" created

No Kubernetes endpoint will be created, since there's no selector. Kubernetes doesn't know where to route the traffic, since no selector can match the pods. We'll have to create the endpoints manually.

In the Endpoints object, the source addresses can't be the DNS name, so we'll use nslookup to find the current Google IP from the domain, and add it to Endpoints.subsets.addresses.ip:

// get an IP from google.com
# nslookup www.google.com
Server:    192.168.1.1
Address:  192.168.1.1#53

Non-authoritative answer:
Name:  google.com
Address: 172.217.0.238

// create endpoints for the ip from google.com
# cat 3-2-3_service_wo_selector_endpoints.yaml
kind: Endpoints
apiVersion: v1
metadata:
  name: google-proxy
subsets:
  - addresses:
      - ip: 172.217.0.238
    ports:
      - port: 80
    
// create Endpoints
# kubectl create -f 3-2-3_service_wo_selector_endpoints.yaml
endpoints "google-proxy" created

Let's create another pod in the cluster to access our Google proxy:

// pod for accessing google proxy
# cat 3-2-3_proxy-chk.yaml
apiVersion: v1
kind: Pod
metadata:
  name: proxy-chk
spec:
  containers:
  - name: centos
    image: centos
    command: ["/bin/sh", "-c", "while : ;do curl -L http://${GOOGLE_PROXY_SERVICE_HOST}:80/; sleep 10; done"]


// create the pod
# kubectl create -f 3-2-3_proxy-chk.yaml
pod "proxy-chk" created

Let's check stdout from the pod:

// get logs from proxy-chk
# kubectl logs proxy-chk
% Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
100   219  100   219    0     0   2596      0 --:--:-- --:--:-- --:--:--  2607
100   258  100   258    0     0   1931      0 --:--:-- --:--:-- --:--:--  1931
<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en-CA">

 ...

Hurray! We can now confirm that the proxy works. The traffic to the Service will be routed to the endpoints we specified. If it doesn't work, make sure you add the proper inbound rules to the network of your external resources.

Endpoints don't support DNS as a source. Alternatively, we can use the ExternalName, which doesn't have selectors either. This requires kube-dns version >= 1.7.

In some use cases, users need neither load balancing nor proxy functionalities for the Service. In those cases, we can set CluterIP = "None" as a so-called headless service. For more information, please refer to https://kubernetes.io/docs/concepts/services-networking/service/#headless-services.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset