# Kubernetes Services

A Kubernetes Service is a resource you create to make a single, constant point of entry to a group of pods providing the same service. Each service has an IP address and port that never change while the service exists. Clients can open connections to that IP and port, and those connections are then routed to one of the pods backing that service.

### 1. Use a Service to make Pods accessable from within the cluster

**Example**: Spin up 2 replicas of simple node with ReplicaSet (file: rs_node.yaml)

In [40]:
%%bash
kubectl apply -f rs_node.yaml

replicaset.apps/nodeapp-rs created


Note that pods controlled by the ReplicaSet are labeled with: app=nodeapp

In [43]:
%%bash
kubectl get pods --show-labels

NAME               READY   STATUS    RESTARTS   AGE   LABELS
nodeapp-rs-fsdlw   1/1     Running   0          6s    app=nodeapp
nodeapp-rs-lbjq4   1/1     Running   0          6s    app=nodeapp


**Create service**: Map port 80 to 8091 of all pods with label: app=nodeapp (specified in svc_node.yaml)

In [44]:
%%bash
kubectl apply -f svc_node.yaml

service/node-service created


In [45]:
%%bash
kubectl get services

NAME           TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
kubernetes     ClusterIP   10.96.0.1        <none>        443/TCP   18s
node-service   ClusterIP   10.106.105.163   <none>        80/TCP    1s


**Now you can connect to the service from other pods within the kubernetes cluster by the stable Cluster IP**

**How the service is discovered in other pods?**
- Either by automatically generated env variables
- Or by DNS (preferred)

**This is demonstrated by the job "batch-job-access-service"**

Create and upload the image and start the job...

In [30]:
%%bash
docker build -t ardconsulting/test:py-batch-access-service batch-job-access-service

Sending build context to Docker daemon  3.584kB
Step 1/5 : FROM python:3
 ---> 7f5b6ccd03e9
Step 2/5 : RUN pip install requests
 ---> Using cache
 ---> ee0941a9f06c
Step 3/5 : WORKDIR /usr/app
 ---> Using cache
 ---> ce19f15bb6af
Step 4/5 : COPY ./ ./
 ---> 0a8b245e8a61
Step 5/5 : CMD python main.py
 ---> Running in ac99a8f983f8
Removing intermediate container ac99a8f983f8
 ---> 182caf6b4559
Successfully built 182caf6b4559
Successfully tagged ardconsulting/test:py-batch-access-service


In [32]:
%%bash
docker push ardconsulting/test:py-batch-access-service

The push refers to repository [docker.io/ardconsulting/test]
56849504e859: Preparing
55cc563f1ba5: Preparing
241cc8c6acb3: Preparing
ccbefb30278f: Preparing
7a8a38bf5538: Preparing
0d77d4546954: Preparing
98d95bdfa037: Preparing
da9418a2e1b1: Preparing
2e5b4ca91984: Preparing
527ade4639e0: Preparing
c2c789d2d3c5: Preparing
8803ef42039d: Preparing
0d77d4546954: Waiting
98d95bdfa037: Waiting
da9418a2e1b1: Waiting
2e5b4ca91984: Waiting
527ade4639e0: Waiting
c2c789d2d3c5: Waiting
8803ef42039d: Waiting
55cc563f1ba5: Layer already exists
7a8a38bf5538: Layer already exists
241cc8c6acb3: Layer already exists
56849504e859: Layer already exists
ccbefb30278f: Layer already exists
0d77d4546954: Layer already exists
98d95bdfa037: Layer already exists
da9418a2e1b1: Layer already exists
2e5b4ca91984: Layer already exists
527ade4639e0: Layer already exists
c2c789d2d3c5: Layer already exists
8803ef42039d: Layer already exists
py-batch-access-service: digest: sha256:ea25b9467f9c5fcd657c58febe52756bbb705

In [33]:
%%bash
kubectl apply -f job_access_service.yaml

job.batch/batch-job-access-service created


**View Job Logs**

In [34]:
%%bash
kubectl get pods

NAME                             READY   STATUS    RESTARTS   AGE
batch-job-access-service-g6zzt   1/1     Running   0          4s
nodeapp-rs-6t2n5                 1/1     Running   0          27s
nodeapp-rs-6vs9f                 1/1     Running   0          27s


In [36]:
%%bash 
kubectl logs batch-job-access-service-g6zzt

Batch Job started
##############################
Env Variables:
KUBERNETES_PORT: tcp://10.96.0.1:443
KUBERNETES_SERVICE_PORT: 443
HOSTNAME: batch-job-access-service-g6zzt
NODE_SERVICE_SERVICE_HOST: 10.108.113.242
PYTHON_PIP_VERSION: 20.1.1
HOME: /root
GPG_KEY: E3FF2839C048B25C084DEBE9B26995E310250568
NODE_SERVICE_SERVICE_PORT: 80
NODE_SERVICE_PORT: tcp://10.108.113.242:80
PYTHON_GET_PIP_URL: https://github.com/pypa/get-pip/raw/eff16c878c7fd6b688b9b4c4267695cf1a0bf01b/get-pip.py
NODE_SERVICE_PORT_80_TCP_ADDR: 10.108.113.242
KUBERNETES_PORT_443_TCP_ADDR: 10.96.0.1
PATH: /usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
NODE_SERVICE_PORT_80_TCP_PORT: 80
NODE_SERVICE_PORT_80_TCP_PROTO: tcp
KUBERNETES_PORT_443_TCP_PORT: 443
KUBERNETES_PORT_443_TCP_PROTO: tcp
LANG: C.UTF-8
PYTHON_VERSION: 3.8.3
NODE_SERVICE_PORT_80_TCP: tcp://10.108.113.242:80
KUBERNETES_PORT_443_TCP: tcp://10.96.0.1:443
KUBERNETES_SERVICE_PORT_HTTPS: 443
KUBERNETES_SERVICE_HOST: 10.96.0.1
PWD: /usr

### 2. Use a Service to make Pods accessable from outside

**Service of Type LoadBalancer**: svc_node_external.yaml

In [6]:
%%bash
kubectl apply -f svc_node_external.yaml

service/node-service-external created


In [12]:
%%bash
kubectl get services

NAME                    TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
kubernetes              ClusterIP      10.96.0.1       <none>        443/TCP        53s
node-service            ClusterIP      10.96.90.142    <none>        80/TCP         27s
node-service-external   LoadBalancer   10.109.175.97   <pending>     80:30390/TCP   15s


**Access from outside the cluster by external IP**. Test it...

In [143]:
%%bash
curl localhost:80

<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.19.0</center>
</body>
</html>


  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   153  100   153    0     0   2390      0 --:--:-- --:--:-- --:--:--  2390


### 3. Access many services from outside through the same IP by Ingress

Whereas a LoadBalancer requires its own public IP address for every service, an Ingress only requires one IP, even when providing access to dozens of services. When a client sends an HTTP request to the Ingress, the host and path in the request determine which service the request is forwarded to.

Deploy Docker Desktop Ingress support...

In [87]:
%%bash
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/cloud/deploy.yaml

namespace/ingress-nginx created
serviceaccount/ingress-nginx created
configmap/ingress-nginx-controller created
clusterrole.rbac.authorization.k8s.io/ingress-nginx created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx created
role.rbac.authorization.k8s.io/ingress-nginx created
rolebinding.rbac.authorization.k8s.io/ingress-nginx created
service/ingress-nginx-controller-admission created
service/ingress-nginx-controller created
deployment.apps/ingress-nginx-controller created
validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created
clusterrole.rbac.authorization.k8s.io/ingress-nginx-admission created
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
job.batch/ingress-nginx-admission-create created
job.batch/ingress-nginx-admission-patch created
role.rbac.authorization.k8s.io/ingress-nginx-admission created
rolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created
serviceaccount/ingress-nginx-admission

**Ingress Example**: ingress_node.yaml

In [55]:
%%bash
kubectl apply -f ingress_node.yaml

ingress.networking.k8s.io/node-ingress configured


This ingress forwards requests at localhost to the service "node-service". Make sure the service is running...

In [54]:
%%bash
kubectl get services

NAME           TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
kubernetes     ClusterIP   10.96.0.1        <none>        443/TCP   3m5s
node-service   ClusterIP   10.106.105.163   <none>        80/TCP    2m48s


In [48]:
%%bash
kubectl get ingresses

NAME           HOSTS       ADDRESS     PORTS   AGE
node-ingress   localhost   localhost   80      31m


In [56]:
%%bash
kubectl describe ingress node-ingress

Name:             node-ingress
Namespace:        default
Address:          localhost
Default backend:  default-http-backend:80 (<none>)
Rules:
  Host       Path  Backends
  ----       ----  --------
  localhost  
             /   node-service:80 (10.1.0.59:8091,10.1.0.60:8091)
Annotations:
  kubectl.kubernetes.io/last-applied-configuration:  {"apiVersion":"networking.k8s.io/v1beta1","kind":"Ingress","metadata":{"annotations":{},"name":"node-ingress","namespace":"default"},"spec":{"rules":[{"host":"localhost","http":{"paths":[{"backend":{"serviceName":"node-service","servicePort":80},"path":"/"}]}}]}}

Events:
  Type    Reason  Age               From                      Message
  ----    ------  ----              ----                      -------
  Normal  CREATE  16m               nginx-ingress-controller  Ingress default/node-ingress
  Normal  UPDATE  3s (x8 over 16m)  nginx-ingress-controller  Ingress default/node-ingress


In [57]:
%%bash
curl localhost

Welcome from host: nodeapp-rs-fsdlw

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    35  100    35    0     0    673      0 --:--:-- --:--:-- --:--:--   673


In [58]:
%%bash
kubectl delete all --all

pod "nodeapp-rs-fsdlw" deleted
pod "nodeapp-rs-lbjq4" deleted
service "kubernetes" deleted
service "node-service" deleted
replicaset.apps "nodeapp-rs" deleted
