kubernetes endpoint - ghdrako/doc_snipets GitHub Wiki

n endpoint is a resource that gets the IP addresses of one or more pods dynamically assigned to it, along with a port. An endpoint can be viewed using kubectl get endpoints.

$ kubectl get endpoints
NAME         ENDPOINTS            AGE
kubernetes   192.168.64.13:8443   10d

An endpoint resource is referenced by a kubernetes service, so that the service has a record of the internal IPs of pods in order to be able to communicate with them.

We need endpoints as an abstraction layer because the 'service' in kubernetes acts as part of the orchestration to ensure distribution of traffic to pods (including only sending traffic to healthy pods). For example if a pod dies, a replacement pod will be generated, with a new IP address. Conceptually, the dead pod IP will be removed from the endpoint object, and the IP of the newly created pod will be added, so that the service is updated and 'knows' which pods to connect to

https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#exposing-pods-to-the-cluster

An easy way to investigate and see the relationship is:

  • kubectl describe pods - and observe the IP addresses of your pods
  • kubectl get ep - and observe the IP addresses assigned to your endpoint
  • kubectl describe service myServiceName - and observe the Endpoints associated with your service

Those endpoints can be:

  • An internal pod running inside the cluster - this is the form that is more familiar. It is created automatically behind the scenes for us when we create service and pods and match the service label selector to the pods labels.

  • An external IP which is not a pod - this is the least known option.

The external IP can reside outside the cluster - for example external web server or database.It can also reside in a different namespace - if you want to point your Service to a Service in a different Namespace inside your cluster.

Regarding external Endpoints - If you do not specify a label selector in your service - Kubernetes can’t create the list of endpoints because he doesn’t know which pods should be included and proxied by the service.

An Endpoint can reside inside one of the nodes in your cluster, or outside your cluster / environment.

If its an internal endpoint (which means that the pod label matches a service label selector) - you can reach it with:

$kubectl describe svc/my-service


Name:                     my-service
Namespace:                default
Labels:                   <none>
Annotations:              kubectl.kubernetes.io/last-applied-configuration:
                            {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":" my-service","namespace":"...
Selector:                 run=some-run
Type:                     NodePort
IP:                       10.100.92.162
Port:                     <unset>  8080/TCP
TargetPort:               80/TCP
NodePort:                 <unset>  31300/TCP
Endpoints:                172.21.21.2:80,172.21.38.56:80,172.21.39.160:80
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

Or directly with:

$kubectl get endpoints my-service

NAME           ENDPOINTS                                       AGE
my-service   172.21.21.2:80,172.21.38.56:80,172.21.39.160:80   63d

Regarding external Enpoints:

You create a service without a label selector:

apiVersion: v1
kind: Service
metadata:
  name: my-service #<------ Should match the name of Endpoints object
spec:
  ports:
    - protocol: TCP
      port: 8080
      targetPort: 9376

So the corresponding Endpoint object will not be created automatically and you manually add the Endpoints object and map the Service to the desired network address and port where the external resource is running:

apiVersion: v1
kind: Endpoints
metadata:
  name: my-service #<------ Should match the name of Service
subsets:
  - addresses:
      - ip: 192.0.2.45
    ports:
      - port: 9376

When the Endpoints are related to pods inside our cluster - we would want them to be also managed by K8S - in this case they will also need to be generated by K8S.

⚠️ **GitHub.com Fallback** ⚠️