Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

close
keyboard_arrow_left
list Table of Contents
file_download PDF
keyboard_arrow_right

Configure ClusterIP Service by Assigning Endpoints

date_range 20-Oct-23

ClusterIP Service without a Selector and Manually Assigned Endpoints

Juniper® Cloud-Native Contrail Networking (CN2) supports the ClusterIP service to work with manually assigned endpoints without adding a selector in the service. ClusterIP is the default type of service, which is used to expose a service on an IP address internal to the cluster. Access is only permitted from within the cluster.

When creating the endpoint for the service, it's important to add the IP address and targetRef in the endpoint. The targetRef should include the pod details such as kind, name, and namespace. Without these details, connectivity to the ClusterIP service will not work.

Pod details provided in the targetRef of the endpoint are used to add the virtual machine interface (VMI) reference of the corresponding pod in the service floating IP (FIP) object.

See the following example of pod details provided in targetRef:

content_copy zoom_out_map
apiVersion: v1
kind: Endpoints
metadata:
  labels:
    app: nginx
  name: nginx
  namespace: clusterip
subsets:
- addresses:
  - ip: 10.128.0.151
    targetRef:
      kind: Pod
      name: nginx-7d79f94b45-9tfjm
      namespace: clusterip
  - ip: 10.128.0.175
    targetRef:
      kind: Pod
      name: nginx-7d79f94b45-kcb4s
      namespace: clusterip
  ports:
  - name: http
    port: 8080
    protocol: TCP

Configure ClusterIP Service

Following is an example procedure to configure ClusterIP service by manually assigning endpoints and without adding a selector.

  1. Deploy the application deployment. In this example, the NGINX application is deployed.
    content_copy zoom_out_map
    apiVersion: v1
    kind: Namespace
    metadata:
      name: clusterip
    ---
    apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
    kind: Deployment
    metadata:
      name: nginx
      namespace: clusterip
    spec:
      strategy:
        type: Recreate
      selector:
        matchLabels:
          app: nginx
      replicas: 2 # tells deployment to run 1 pods matching the template
      template: # create pods using pod definition in this template
        metadata:
          labels:
            app: nginx
        spec:
          containers:
          - name: nginx
            image: svl-artifactory.juniper.net/atom-docker/nginxinc/nginx-unprivileged:1.21
            ports:
            - containerPort: 8080
    
  2. Check the pods.
    content_copy zoom_out_map
    [core@ocp-avyaw-bc6wig-ctrl-3 ~]$ kubectl get po -n clusterip -o wide
    NAME                     READY   STATUS    RESTARTS   AGE    IP             NODE                        NOMINATED NODE   READINESS GATES
    nginx-7d79f94b45-9tfjm   1/1     Running   0          10m   10.128.0.151   ocp-avyaw-bc6wig-worker-2   <none>           <none>
    nginx-7d79f94b45-kcb4s   1/1     Running   0          10m   10.128.0.175   ocp-avyaw-bc6wig-worker-1   <none>           <none>
    
  3. Deploy the ClusterIP service without defining a selector in spec. In this example, the ClusterIP service maps to port 8080 on the application pod.
    content_copy zoom_out_map
    apiVersion: v1
    kind: Service
    metadata:
      name: nginx
      namespace: clusterip
      labels:
        app: nginx
    spec:
      ports:
      - name: http
        port: 8080
        protocol: TCP
        targetPort: 8080
      type: ClusterIP
    
  4. Verify the service.
    content_copy zoom_out_map
    [core@ocp-avyaw-bc6wig-ctrl-3 ~]$ kubectl get svc -n clusterip
    NAME    TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
    nginx   ClusterIP   172.30.74.100   <none>        8080/TCP   3m
    
  5. Create the endpoints for the service. Add the IP address and targetRef with pod details in the endpoints.
    content_copy zoom_out_map
    apiVersion: v1
    kind: Endpoints
    metadata:
      labels:
        app: nginx
      name: nginx
      namespace: clusterip
    subsets:
    - addresses:
      - ip: 10.128.0.151
        targetRef:
          kind: Pod
          name: nginx-7d79f94b45-9tfjm
          namespace: clusterip
      - ip: 10.128.0.175
        targetRef:
          kind: Pod
          name: nginx-7d79f94b45-kcb4s
          namespace: clusterip
      ports:
      - name: http
        port: 8080
        protocol: TCP
    
  6. Check the connectivity to the ClusterIP service from any test pod.
    content_copy zoom_out_map
    [core@ocp-avyaw-bc6wig-ctrl-2 ~]$ kubectl exec -it curl-test -n clusterip sh
    # curl 172.30.74.100:8080
    <!DOCTYPE html>
    <html>
    <head>
    <title>Welcome to nginx!</title>
    <style>
    html { color-scheme: light dark; }
    body { width: 35em; margin: 0 auto;
    font-family: Tahoma, Verdana, Arial, sans-serif; }
    </style>
    </head>
    <body>
    <h1>Welcome to nginx!</h1>
    <p>If you see this page, the nginx web server is successfully installed and
    working. Further configuration is required.</p>
    
    <p>For online documentation and support please refer to
    <a href="http://nginx.org/">nginx.org</a>.<br/>
    Commercial support is available at
    <a href="http://nginx.com/">nginx.com</a>.</p>
    
    <p><em>Thank you for using nginx.</em></p>
    </body>
    </html>
    
external-footer-nav