So far, we've been deploying publicly accessible services. In this lab, we'll create a private/cluster-local service that is not accessible from outside the cluster. You can read more on private cluster-local services in the docs.
Create a service-local.yaml file.
Notice how we labeled our service with cluster-local. This makes the service private.
Deploy the service:
kubectl apply -f service-local.yamlYou can check that service is private:
kubectl get ksvc helloworld-local
NAME URL
helloworld-local http://helloworld-local.default.svc.cluster.localNotice that the URL has svc.cluster.local (and not the xip.io domain) in it which makes it not publicly accessible.
You can also take an existing public service and turn into a local service by simply adding the label.
For example, deploy the first version of helloworld service:
kubectl apply -f service-v1.yamlYou should be able to access it via curl because it's public:
curl http://helloworld.default.$ISTIO_INGRESS.xip.io
Hello v1Label the service with cluster-local:
kubectl label kservice helloworld serving.knative.dev/visibility=cluster-local
service.serving.knative.dev/helloworld labeledThe service now is local and you cannot curl it with the public URL.
To make it public again, you can remove the label:
kubectl label kservice helloworld serving.knative.dev/visibility-
service.serving.knative.dev/helloworld labeledAnd, curl should work again now.