Creating and Managing Services

Services provide stable endpoints for Pods based on a set of labels.

In this chapter you will create the monolith service and "expose" the secure-monolith Pod externally. You will learn how to:

  • Create a service

  • Use label selectors to expose a limited set of Pods externally

Tutorial: Create a Service

Explore the monolith service configuration file in manifests/app/services/monolith.yaml

Notice:

  • The service type (None, ClusterIP, NodePort or LoadBalancer)

  • Pod selector to identify all pods targeted by the service

  • ports configuration:

    • targetPort to define which container port(s) your service targets

    • port to define on which port your service is exposed inside the cluster

    • nodePort (optional), to explicitely specify on which port to expose your service outside of the cluster.

Then create the monolith service using kubectl:

kubectl apply -f manifests/app/services/monolith.yaml

Specifically on Google Cloud Platform, you need to allow incoming traffic to your cluster node’s port. Use the gcloud compute firewall-rules command to allow traffic to the monolith service:

gcloud compute firewall-rules create allow-monolith-nodeport --allow=tcp:31000

Exercise: Interact with the Monolith Service Remotely

Hints

On GCP, Kubernetes cluster nodes are standard Google Compute Engine VM instances managed by GKE.

With service of type NodePort, you should be able to connect to your monolith throught the service node port, which is defined to 31000 in our yaml.

List the GCP VMs which compose the GKE cluster to get their public IP addresses

gcloud compute instances list

Output:

NAME                                           ZONE            MACHINE_TYPE   INTERNAL_IP  EXTERNAL_IP     STATUS
gke-istio-workshop-default-pool-e37360ba-369z  europe-west1-b  n1-standard-1  10.132.0.3   35.205.92.225   RUNNING
gke-istio-workshop-default-pool-e37360ba-3hz4  europe-west1-b  n1-standard-1  10.132.0.2   35.240.127.238  RUNNING
gke-istio-workshop-default-pool-e37360ba-8345  europe-west1-b  n1-standard-1  10.132.0.4   35.233.127.229  RUNNING

Then use any of the External IP to connect to the NodePort

curl -k https://<EXTERNAL_IP>:31000

Quiz

  • Why are you unable to get a response from the monolith service? (answer below)

Exercise: Explore the monolith Service

Hints

kubectl get services monolith
kubectl describe services monolith

You can also use GCP console to look for services (and later for ingress) in the Services & Ingress menu.

Quiz

  • How many endpoints does the monolith service have?

  • What labels must a Pod have to be picked up by the monolith service?

Tutorial: Add Labels to Pods

Currently the monolith service does not have any endpoints. One way to troubleshoot an issue like this is to use the kubectl get pods command with a label query.

kubectl get pods -l "app=monolith"
kubectl get pods -l "app=monolith,secure=enabled"

Notice this last query does not print any results

Use the kubectl label command to add the missing secure=enabled label to the secure-monolith Pod.

kubectl label pods secure-monolith 'secure=enabled'

View the list of endpoints on the monolith service:

kubectl describe services monolith

Quiz

  • How many endpoints does the monolith service have?

Exercise: Interact with the Monolith Service Remotely

Hints

gcloud compute instances list
curl -k https://<EXTERNAL_IP>:31000

Tutorial: Remove Labels from Pods

In this exercise you will observe what happens when a required label is removed from a Pod.

Use the kubectl label command to remove the secure label from the secure-monolith Pod.

kubectl label pods secure-monolith secure-

View the list of endpoints on the monolith service:

kubectl describe services monolith

Quiz

  • How many endpoints does the monolith service have?

Summary

In this chapter you learned how to expose Pods using services and labels.

Next >