kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update service.md

This commit is contained in:
PriyanshuAhlawat 2022-03-24 17:56:10 +05:30
parent dc947abf0a
commit 49436e3dcb
1 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
content/en/docs/concepts/services-networking/service.md
View File

@ -184,10 +184,10 @@ In the example above, traffic is routed to the single endpoint defined in
the YAML: `192.0.2.42:9376` (TCP). the YAML: `192.0.2.42:9376` (TCP).
{{< note >}} {{< note >}}
The Kubernetes API server does not allow proxying to endpoints that are not mapped to The Kubernetes API server does not allow proxying to endpoints that are not mapped to
pods. Actions such as `kubectl proxy <service-name>` where the service has no pods. Actions such as `kubectl proxy <service-name>` where the service has no
selector will fail due to this constraint. This prevents the Kubernetes API server selector will fail due to this constraint. This prevents the Kubernetes API server
from being used as a proxy to endpoints the caller may not be authorized to access. from being used as a proxy to endpoints the caller may not be authorized to access.
{{< /note >}} {{< /note >}}
An ExternalName Service is a special case of Service that does not have An ExternalName Service is a special case of Service that does not have
@ -251,7 +251,7 @@ There are a few reasons for using proxying for Services:
Later in this page you can read about various kube-proxy implementations work. Overall, Later in this page you can read about various kube-proxy implementations work. Overall,
you should note that, when running `kube-proxy`, kernel level rules may be you should note that, when running `kube-proxy`, kernel level rules may be
modified (for example, iptables rules might get created), which won't get cleaned up, modified (for example, iptables rules might get created), which won't get cleaned up,
in some cases until you reboot. Thus, running kube-proxy is something that should in some cases until you reboot. Thus, running kube-proxy is something that should
only be done by an administrator which understands the consequences of having a only be done by an administrator which understands the consequences of having a
low level, privileged network proxying service on a computer. Although the `kube-proxy` low level, privileged network proxying service on a computer. Although the `kube-proxy`
@ -278,6 +278,8 @@ Lastly, the user-space proxy installs iptables rules which capture traffic to
the Service's `clusterIP` (which is virtual) and `port`. The rules the Service's `clusterIP` (which is virtual) and `port`. The rules
redirect that traffic to the proxy port which proxies the backend Pod. redirect that traffic to the proxy port which proxies the backend Pod.
{{< note >}} Kube-proxy in userspace mode is deprecated. {{< /note >}}
By default, kube-proxy in userspace mode chooses a backend via a round-robin algorithm. By default, kube-proxy in userspace mode chooses a backend via a round-robin algorithm.
![Services overview diagram for userspace proxy](/images/docs/services-userspace-overview.svg) ![Services overview diagram for userspace proxy](/images/docs/services-userspace-overview.svg)
@ -708,13 +710,13 @@ Your cluster must have the `ServiceLoadBalancerClass` [feature gate](/docs/refer
other versions of Kubernetes, check the documentation for that release. other versions of Kubernetes, check the documentation for that release.
By default, `spec.loadBalancerClass` is `nil` and a `LoadBalancer` type of Service uses By default, `spec.loadBalancerClass` is `nil` and a `LoadBalancer` type of Service uses
the cloud provider's default load balancer implementation if the cluster is configured with the cloud provider's default load balancer implementation if the cluster is configured with
a cloud provider using the `--cloud-provider` component flag. a cloud provider using the `--cloud-provider` component flag.
If `spec.loadBalancerClass` is specified, it is assumed that a load balancer If `spec.loadBalancerClass` is specified, it is assumed that a load balancer
implementation that matches the specified class is watching for Services. implementation that matches the specified class is watching for Services.
Any default load balancer implementation (for example, the one provided by Any default load balancer implementation (for example, the one provided by
the cloud provider) will ignore Services that have this field set. the cloud provider) will ignore Services that have this field set.
`spec.loadBalancerClass` can be set on a Service of type `LoadBalancer` only. `spec.loadBalancerClass` can be set on a Service of type `LoadBalancer` only.
Once set, it cannot be changed. Once set, it cannot be changed.
The value of `spec.loadBalancerClass` must be a label-style identifier, The value of `spec.loadBalancerClass` must be a label-style identifier,
with an optional prefix such as "`internal-vip`" or "`example.com/internal-vip`". with an optional prefix such as "`internal-vip`" or "`example.com/internal-vip`".
Unprefixed names are reserved for end-users. Unprefixed names are reserved for end-users.
@ -997,7 +999,7 @@ There are other annotations to manage Classic Elastic Load Balancers that are de
service.beta.kubernetes.io/aws-load-balancer-security-groups: "sg-53fae93f" service.beta.kubernetes.io/aws-load-balancer-security-groups: "sg-53fae93f"
# A list of existing security groups to be configured on the ELB created. Unlike the annotation # A list of existing security groups to be configured on the ELB created. Unlike the annotation
# service.beta.kubernetes.io/aws-load-balancer-extra-security-groups, this replaces all other security groups previously assigned to the ELB and also overrides the creation # service.beta.kubernetes.io/aws-load-balancer-extra-security-groups, this replaces all other security groups previously assigned to the ELB and also overrides the creation
# of a uniquely generated security group for this ELB. # of a uniquely generated security group for this ELB.
# The first security group ID on this list is used as a source to permit incoming traffic to target worker nodes (service traffic and health checks). # The first security group ID on this list is used as a source to permit incoming traffic to target worker nodes (service traffic and health checks).
# If multiple ELBs are configured with the same security group ID, only a single permit line will be added to the worker node security groups, that means if you delete any # If multiple ELBs are configured with the same security group ID, only a single permit line will be added to the worker node security groups, that means if you delete any
@ -1007,7 +1009,7 @@ There are other annotations to manage Classic Elastic Load Balancers that are de
service.beta.kubernetes.io/aws-load-balancer-extra-security-groups: "sg-53fae93f,sg-42efd82e" service.beta.kubernetes.io/aws-load-balancer-extra-security-groups: "sg-53fae93f,sg-42efd82e"
# A list of additional security groups to be added to the created ELB, this leaves the uniquely generated security group in place, this ensures that every ELB # A list of additional security groups to be added to the created ELB, this leaves the uniquely generated security group in place, this ensures that every ELB
# has a unique security group ID and a matching permit line to allow traffic to the target worker nodes (service traffic and health checks). # has a unique security group ID and a matching permit line to allow traffic to the target worker nodes (service traffic and health checks).
# Security groups defined here can be shared between services. # Security groups defined here can be shared between services.
service.beta.kubernetes.io/aws-load-balancer-target-node-labels: "ingress-gw,gw-name=public-api" service.beta.kubernetes.io/aws-load-balancer-target-node-labels: "ingress-gw,gw-name=public-api"
# A comma separated list of key-value pairs which are used # A comma separated list of key-value pairs which are used