⎈ A Hands-On Guide to Kubernetes Endpoints & EndpointSlices 🛠️
⇢ Understanding Kubernetes Endpoints and Endpoint Slices: A Comprehensive Guide
In the world of Kubernetes, efficient service discovery and routing are essential for managing complex containerized applications. Kubernetes Endpoints and Endpoint Slices play a critical role in this process, linking services to the pods that handle the actual workload. This blog post aims to provide a comprehensive understanding of these concepts, their importance, how they work, and best practices for using them.
What are Kubernetes Endpoints?
Kubernetes Endpoints are API objects that define a list of IP addresses and ports. These addresses correspond to the pods that are dynamically assigned to a service. Essentially, an Endpoint in Kubernetes is a bridge connecting a service to the pods that fulfill the service’s requests.
When a service is created, Kubernetes automatically creates an associated Endpoint object. The Endpoint object maintains the IP addresses and port numbers of the pods that match the service’s selector criteria.
How Kubernetes Endpoints Work
To understand how Kubernetes Endpoints work, let’s break down the process:
- Service Creation: When you create a service in Kubernetes, you define a selector that matches a set of pods. This selector determines which pods the service will route traffic to.
- Endpoint Creation: Kubernetes
automaticallycreates an Endpoint object associated with the service. This object contains the IP addresses and ports of the pods that match the selector. - Updating Endpoints: As pods are added or removed, or their statuses change, Kubernetes
continuously updatesthe Endpoint object to reflect the current set of matching pods. This ensures that the service always routes traffic to the appropriate pods.
Anatomy of an Endpoint Object
Let’s take a look at a sample Endpoint object:
apiVersion: v1
kind: Endpoints
metadata:
name: my-service
subsets:
- addresses:
- ip: 10.0.0.1
- ip: 10.0.0.2
ports:
- port: 80In this example:
- The
addressesfield lists the IP addresses of the pods that match the service selector. - The
portsfield lists the ports on which the pods are listening.
The Role of Endpoints in Service Discovery
Service discovery in Kubernetes relies heavily on Endpoints. When a service receives a request, it uses the information in the associated Endpoint object to route the request to one of the available pods. This mechanism ensures that traffic is evenly distributed among healthy pods.
DNS and Endpoints
Kubernetes services are accessible via DNS. For example, if you have a service named my-service in the default namespace, it can be resolved with the DNS name my-service.default.svc.cluster.local. When this DNS name is resolved, it points to the IP addresses listed in the corresponding Endpoint object.
What are Endpoint Slices?
Endpoint Slices are a more scalable and efficient way to manage endpoints in Kubernetes. Introduced in Kubernetes 1.16, Endpoint Slices provide a way to distribute the network endpoints across multiple resources, reducing the load on the Kubernetes API server and improving the performance of large clusters.
An Endpoint Slice represents a subset of the endpoints that make up a service. Instead of having a single large Endpoint object for a service, multiple smaller Endpoint Slice objects are created, each representing a portion of the endpoints.
By default, the control plane creates and manages EndpointSlices to have no more than 100 endpoints each. You can configure this with the --max-endpoints-per-slice kube-controller-manager flag, up to a maximum of 1000.
EndpointSlices can act as the source of truth for kube-proxy when it comes to how to route internal traffic.
Address types
EndpointSlices support three address types:
- IPv4
- IPv6
- FQDN (Fully Qualified Domain Name)
Each EndpointSlice object represents a specific IP address type. If you have a Service that is available via IPv4 and IPv6, there will be at least two EndpointSlice objects (one for IPv4, and one for IPv6).
How Endpoint Slices Work
Endpoint Slices work similarly to Endpoints but with added benefits for scalability and performance:
- Service Creation: When a service is created, Kubernetes creates Endpoint Slices instead of a single Endpoint object.
- Endpoint Slice Creation: Each Endpoint Slice contains a subset of the total endpoints for the service. This distribution helps in managing large numbers of endpoints more efficiently.
- Updating Endpoint Slices: Like Endpoints, Endpoint Slices are continuously updated as pods are added, removed, or their statuses change. Kubernetes ensures that the Endpoint Slices reflect the current set of matching pods.
Anatomy of an Endpoint Slice Object
Let’s take a look at a sample Endpoint Slice object:
apiVersion: discovery.k8s.io/v1
kind: EndpointSlice
metadata:
name: my-service-abc123
addressType: IPv4
endpoints:
- addresses:
- 10.0.0.1
- 10.0.0.2
ports:
- port: 80In this example:
- The
endpointsfield lists the IP addresses of a subset of pods. - The
portsfield lists the ports on which these pods are listening. - The
addressTypeindicates the type of address, such as IPv4 or IPv6.
The Role of Endpoint Slices in Service Discovery
Endpoint Slices improve upon the traditional Endpoints by offering better scalability and performance. They distribute the network endpoints across multiple objects, reducing the load on the Kubernetes API server and improving service discovery in large clusters.
DNS and Endpoint Slices
Just like with Endpoints, Kubernetes services using Endpoint Slices are accessible via DNS. The DNS resolution process remains the same, but the underlying management of endpoints is more efficient.
Hands-on Example: Deploying a Service with Endpoints and Endpoint Slices
Let’s go through a hands-on example to see how Endpoints and Endpoint Slices work in practice.
Step 1: Create a Deployment
First, create a simple Nginx deployment:
apiVersion: apps/v1
kind: Deployment
metadata:
name: ep-test
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx-container
image: nginx:latestSave this YAML as nginx-deployment.yaml and apply it:
kubectl apply -f nginx-deployment.yamlStep 2: Create a Service
Next, create a service to expose the Nginx deployment:
apiVersion: v1
kind: Service
metadata:
name: nginx-svc
spec:
type: NodePort
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80Save this YAML as nginx-service.yaml and apply it:
kubectl apply -f nginx-service.yamlOutput:
$ kubectl get po,svc
NAME READY STATUS RESTARTS AGE
pod/ep-test-5bb85d69d8-8p2v5 1/1 Running 0 63s
pod/ep-test-5bb85d69d8-cf7c4 1/1 Running 0 62s
pod/ep-test-5bb85d69d8-vfkl5 1/1 Running 0 62s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/nginx-svc NodePort 10.245.58.203 <none> 80:31907/TCP 63sStep 3: Verify Endpoints and Endpoint Slices
After creating the service, Kubernetes automatically creates the associated Endpoints and Endpoint Slices.
Check the Endpoints:
kubectl get endpoints nginx-svc -o yamlYou should see output similar to this:
apiVersion: v1
kind: Endpoints
metadata:
annotations:
endpoints.kubernetes.io/last-change-trigger-time: "2024-06-09T18:48:32Z"
creationTimestamp: "2024-06-09T18:48:30Z"
name: nginx-svc
namespace: endpoints
resourceVersion: "15095762"
uid: 8ecd5c61-bf96-41a2-b961-681b13f70b0b
subsets:
- addresses:
- ip: 10.244.0.227
nodeName: pool-t5ss0fagn-rxkuu
targetRef:
kind: Pod
name: ep-test-5bb85d69d8-8p2v5
namespace: endpoints
uid: 4e8f2873-3abe-4f11-adfc-8a7b579db114
- ip: 10.244.0.250
nodeName: pool-t5ss0fagn-rxkuu
targetRef:
kind: Pod
name: ep-test-5bb85d69d8-vfkl5
namespace: endpoints
uid: 30fea27d-bc8f-4dd7-9daa-9e03bb3d82a2
- ip: 10.244.0.88
nodeName: pool-t5ss0fagn-jeb47
targetRef:
kind: Pod
name: ep-test-5bb85d69d8-cf7c4
namespace: endpoints
uid: 2ac548ea-4b44-4c51-9c79-f337441439b4
ports:
- port: 80
protocol: TCPStep 4: Verify Endpoint Slices
Check the Endpoint Slices:
kubectl get endpointslices -l kubernetes.io/service-name=nginx-svc -o yamlYou should see output similar to this:
$ kubectl get endpointslices nginx-svc-t9zx4 -o yaml
addressType: IPv4
apiVersion: discovery.k8s.io/v1
endpoints:
- addresses:
- 10.244.0.88
conditions:
ready: true
serving: true
terminating: false
nodeName: pool-t5ss0fagn-jeb47
targetRef:
kind: Pod
name: ep-test-5bb85d69d8-cf7c4
namespace: endpoints
uid: 2ac548ea-4b44-4c51-9c79-f337441439b4
- addresses:
- 10.244.0.227
conditions:
ready: true
serving: true
terminating: false
nodeName: pool-t5ss0fagn-rxkuu
targetRef:
kind: Pod
name: ep-test-5bb85d69d8-8p2v5
namespace: endpoints
uid: 4e8f2873-3abe-4f11-adfc-8a7b579db114
- addresses:
- 10.244.0.250
conditions:
ready: true
serving: true
terminating: false
nodeName: pool-t5ss0fagn-rxkuu
targetRef:
kind: Pod
name: ep-test-5bb85d69d8-vfkl5
namespace: endpoints
uid: 30fea27d-bc8f-4dd7-9daa-9e03bb3d82a2
kind: EndpointSlice
metadata:
annotations:
endpoints.kubernetes.io/last-change-trigger-time: "2024-06-09T18:48:32Z"
creationTimestamp: "2024-06-09T18:48:30Z"
generateName: nginx-svc-
generation: 4
labels:
endpointslice.kubernetes.io/managed-by: endpointslice-controller.k8s.io
kubernetes.io/service-name: nginx-svc
name: nginx-svc-t9zx4
namespace: endpoints
ownerReferences:
- apiVersion: v1
blockOwnerDeletion: true
controller: true
kind: Service
name: nginx-svc
uid: b205cb1b-55bd-4d07-82b3-c60dff0b83f0
resourceVersion: "15095763"
uid: 12de64ee-6f80-4adc-aaac-bf2aa8156e1c
ports:
- name: ""
port: 80
protocol: TCPIn this output, you can see that the Endpoint addresses are distributed across multiple Endpoint Slices.
Common Use Cases for Endpoints and Endpoint Slices
- Load Balancing: Both Endpoints and Endpoint Slices enable Kubernetes services to distribute traffic evenly across multiple pods, ensuring high availability and efficient resource utilization.
- Service Discovery: By maintaining a dynamic list of IP addresses for matching pods, Endpoints and Endpoint Slices facilitate seamless service discovery within a cluster.
- Health Monitoring: Continuous updates to Endpoints and Endpoint Slices ensure that only healthy pods receive traffic, improving the reliability of your applications.
Best Practices for Working with Endpoints and Endpoint Slices
- Use Readiness Probes: Ensure that your pods are ready to receive traffic before they are added to an Endpoint or Endpoint Slice. Kubernetes provides readiness probes to help with this.
- Avoid Manual Management: Let Kubernetes manage Endpoints and Endpoint Slices
automatically. Manual management can lead to inconsistencies and increased operational overhead. - Monitor Health: Use monitoring tools to keep an eye on the health and status of Endpoints and Endpoint Slices. This can help you quickly identify and resolve issues.
Conclusion
Kubernetes Endpoints and Endpoint Slices are fundamental components of the Kubernetes service discovery mechanism. They provide a dynamic link between services and the pods that handle the workload, ensuring efficient load balancing and high availability. By understanding how these concepts work and following best practices, you can optimize your Kubernetes deployments for better performance and reliability.
Source Code
You’re invited to explore our GitHub repository, which houses a comprehensive collection of source code for Kubernetes.
Also, if we welcome your feedback and suggestions! If you encounter any issues or have ideas for improvements, please open an issue on our GitHub repository. 🚀
Connect With Me
If you found this blog insightful and are eager to delve deeper into topics like AWS, cloud strategies, Kubernetes, or anything related, I’m excited to connect with you on LinkedIn. Let’s spark meaningful conversations, share insights, and explore the vast realm of cloud computing together.
Feel free to reach out, share your thoughts, or ask any questions. I look forward to connecting and growing together in this dynamic field!
My LinkedIn: https://www.linkedin.com/in/anveshmuppeda/
My GitHub: https://github.com/anveshmuppeda
Happy deploying! 🚀
Happy Kubernetings! ⎈
