This is a cache of https://docs.openshift.com/rosa/virt/vm_networking/virt-exposing-vm-with-service.html. It is a snapshot of the page at 2024-11-21T03:26:57.074+0000.
Exposing a VM by using a service - Networking | Virtualization | Red Hat OpenShift Service on AWS
×

You can expose a virtual machine within the cluster or outside the cluster by creating a Service object.

About services

A Kubernetes service exposes network access for clients to an application running on a set of pods. Services offer abstraction, load balancing, and, in the case of the NodePort and LoadBalancer types, exposure to the outside world.

ClusterIP

Exposes the service on an internal IP address and as a DNS name to other applications within the cluster. A single service can map to multiple virtual machines. When a client tries to connect to the service, the client’s request is load balanced among available backends. ClusterIP is the default service type.

NodePort

Exposes the service on the same port of each selected node in the cluster. NodePort makes a port accessible from outside the cluster, as long as the node itself is externally accessible to the client.

LoadBalancer

Creates an external load balancer in the current cloud (if supported) and assigns a fixed, external IP address to the service.

Dual-stack support

If IPv4 and IPv6 dual-stack networking is enabled for your cluster, you can create a service that uses IPv4, IPv6, or both, by defining the spec.ipFamilyPolicy and the spec.ipFamilies fields in the Service object.

The spec.ipFamilyPolicy field can be set to one of the following values:

SingleStack

The control plane assigns a cluster IP address for the service based on the first configured service cluster IP range.

PreferDualStack

The control plane assigns both IPv4 and IPv6 cluster IP addresses for the service on clusters that have dual-stack configured.

RequireDualStack

This option fails for clusters that do not have dual-stack networking enabled. For clusters that have dual-stack configured, the behavior is the same as when the value is set to PreferDualStack. The control plane allocates cluster IP addresses from both IPv4 and IPv6 address ranges.

You can define which IP family to use for single-stack or define the order of IP families for dual-stack by setting the spec.ipFamilies field to one of the following array values:

  • [IPv4]

  • [IPv6]

  • [IPv4, IPv6]

  • [IPv6, IPv4]

Creating a service by using the command line

You can create a service and associate it with a virtual machine (VM) by using the command line.

Prerequisites
  • You configured the cluster network to support the service.

Procedure
  1. Edit the VirtualMachine manifest to add the label for service creation:

    apiVersion: kubevirt.io/v1
    kind: VirtualMachine
    metadata:
      name: example-vm
      namespace: example-namespace
    spec:
      running: false
      template:
        metadata:
          labels:
            special: key (1)
    # ...
    1 Add special: key to the spec.template.metadata.labels stanza.

    Labels on a virtual machine are passed through to the pod. The special: key label must match the label in the spec.selector attribute of the Service manifest.

  2. Save the VirtualMachine manifest file to apply your changes.

  3. Create a Service manifest to expose the VM:

    apiVersion: v1
    kind: Service
    metadata:
      name: example-service
      namespace: example-namespace
    spec:
    # ...
      selector:
        special: key (1)
      type: NodePort (2)
      ports: (3)
        protocol: TCP
        port: 80
        targetPort: 9376
        nodePort: 30000
    1 Specify the label that you added to the spec.template.metadata.labels stanza of the VirtualMachine manifest.
    2 Specify ClusterIP, NodePort, or LoadBalancer.
    3 Specifies a collection of network ports and protocols that you want to expose from the virtual machine.
  4. Save the Service manifest file.

  5. Create the service by running the following command:

    $ oc create -f example-service.yaml
  6. Restart the VM to apply the changes.

Verification
  • Query the Service object to verify that it is available:

    $ oc get service -n example-namespace