update service doc

zhan9san · zhan9san · commit 2b16bfd76ae0 · 2022-03-24T20:49:25.000+08:00
diff --git a/site/content/en/docs/handbook/accessing.md b/site/content/en/docs/handbook/accessing.md
@@ -25,10 +25,77 @@ A NodePort service is the most basic way to get external traffic directly to you
 We also have a shortcut for fetching the minikube IP and a service's `NodePort`:
 
 ```shell
-minikube service --url <service-name>
+minikube service <service-name> --url
 ```
 
-## Getting the NodePort using kubectl
+### Using `minikube service` with tunnel
+
+The network is limited if you are using a Docker driver on darwin, Windows or WSL, and the Node IP is not reachable directly.
+
+If minikube runs on Linux with Docker driver, no tunnel will be created.
+
+Services of type `NodePort` can be exposed via the `minikube service <service-name> --url` command. It must be run in a separate terminal window to keep the [tunnel](https://en.wikipedia.org/wiki/Port_forwarding#Local_port_forwarding) open. Ctrl-C in the terminal can be used to terminate the process at which time the network routes will be cleaned up.
+
+### Example of NodePort
+
+1. Create a kubernetes deployment
+
+    ```shell
+    kubectl create deployment hello-minikube1 --image=k8s.gcr.io/echoserver:1.4
+    ```
+
+2. Create a kubernetes service type NodePort
+
+    ```shell
+    kubectl expose deployment hello-minikube1 --type=NodePort --port=8080
+    ```
+
+3. Check Node Port
+
+    ```shell
+    kubectl get svc
+    ```
+    <pre>
+    $ kc get svc
+    AME              TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
+    hello-minikube1   NodePort    10.100.238.34   <none>        8080:31389/TCP   3s
+    </pre>
+
+4. Run service tunnel
+
+    ```shell
+    minikube service hello-minikube1 --url
+    ```
+
+    `minikube service hello-minikube1 --url` runs as a process, creating a [tunnel](https://en.wikipedia.org/wiki/Port_forwarding#Local_port_forwarding) to cluster. The command exposes the service directly to any program running on the host operating system.
+
+    <details>
+    <summary>
+    service output example
+    </summary>
+    <pre>
+    $ minikube service hello-minikube1 --url
+    http://127.0.0.1:57123
+    ❗  Because you are using a Docker driver on darwin, the terminal needs to be open to run it.
+    </pre>
+    </details>
+
+    check ssh tunnel in another terminal
+
+    ```shell
+    $ ps -ef | grep docker@127.0.0.1
+    ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -N docker@127.0.0.1 -p 55972 -i /Users/FOO/.minikube/machines/minikube/id_rsa -L TUNNEL_PORT:CLUSTER_IP:TARGET_PORT
+    ```
+
+5. Try in your browser
+
+    open in your browser (make sure there is no proxy set)
+
+    ```shell
+    http://127.0.0.1:TUNNEL_PORT
+    ```
+
+### Getting the NodePort using kubectl
 
 The minikube VM is exposed to the host system via a host-only IP address, that can be obtained with the `minikube ip` command. Any services of type `NodePort` can be accessed over that IP address, on the NodePort.
 
@@ -54,77 +121,78 @@ This flag also accepts a comma separated list of ports and port ranges.
 
 A LoadBalancer service is the standard way to expose a service to the internet. With this method, each service gets its own IP address.
 
-## Using `minikube tunnel`
+### Using `minikube tunnel`
 
 Services of type `LoadBalancer` can be exposed via the `minikube tunnel` command. It must be run in a separate terminal window to keep the `LoadBalancer` running.  Ctrl-C in the terminal can be used to terminate the process at which time the network routes will be cleaned up.
 
-## Example
+### Example of LoadBalancer
 
-#### Run tunnel in a separate terminal
+1. Run tunnel in a separate terminal
 
-it will ask for password.
+    it will ask for password.
 
-```shell
-minikube tunnel
-```
+    ```shell
+    minikube tunnel
+    ```
 
-`minikube tunnel` runs as a process, creating a network route on the host to the service CIDR of the cluster using the cluster's IP address as a gateway.  The tunnel command exposes the external IP directly to any program running on the host operating system.
-
-<details>
-<summary>
-tunnel output example
-</summary>
-<pre>
-Password:
-Status:
- machine: minikube
- pid: 39087
- route: 10.96.0.0/12 -> 192.168.64.194
- minikube: Running
- services: [hello-minikube]
-    errors:
-  minikube: no errors
-  router: no errors
-  loadbalancer emulator: no errors
-...
-...
-...
-</pre>
-</details>
-
-#### Create a kubernetes deployment
+    `minikube tunnel` runs as a process, creating a network route on the host to the service CIDR of the cluster using the cluster's IP address as a gateway.  The tunnel command exposes the external IP directly to any program running on the host operating system.
 
-```shell
-kubectl create deployment hello-minikube1 --image=k8s.gcr.io/echoserver:1.4
-```
+    <details>
+    <summary>
+    tunnel output example
+    </summary>
+    <pre>
+    Password:
+    Status:
+    machine: minikube
+    pid: 39087
+    route: 10.96.0.0/12 -> 192.168.64.194
+    minikube: Running
+    services: [hello-minikube]
+        errors:
+      minikube: no errors
+      router: no errors
+      loadbalancer emulator: no errors
+    ...
+    ...
+    ...
+    </pre>
+    </details>
 
-#### Create a kubernetes service type LoadBalancer
+2. Create a kubernetes deployment
 
-```shell
-kubectl expose deployment hello-minikube1 --type=LoadBalancer --port=8080
-```
+    ```shell
+    kubectl create deployment hello-minikube1 --image=k8s.gcr.io/echoserver:1.4
+    ```
 
-### Check external IP
+3. Create a kubernetes service type LoadBalancer
 
-```shell
-kubectl get svc
-```
-<pre>
-$ kc get svc
-NAME              TYPE           CLUSTER-IP      EXTERNAL-IP     PORT(S)          AGE
-hello-minikube1   LoadBalancer   10.96.184.178   10.96.184.178   8080:30791/TCP   40s
-</pre>
+    ```shell
+    kubectl expose deployment hello-minikube1 --type=LoadBalancer --port=8080
+    ```
 
-note that without minikube tunnel, kubernetes would be showing external IP as "pending".
+4. Check external IP
 
-### Try in your browser
+    ```shell
+    kubectl get svc
+    ```
+    <pre>
+    $ kc get svc
+    NAME              TYPE           CLUSTER-IP      EXTERNAL-IP     PORT(S)          AGE
+    hello-minikube1   LoadBalancer   10.96.184.178   10.96.184.178   8080:30791/TCP   40s
+    </pre>
 
-open in your browser (make sure there is no proxy set)
-```
-http://REPLACE_WITH_EXTERNAL_IP:8080
-```
+    note that without minikube tunnel, kubernetes would be showing external IP as "pending".
+
+5. Try in your browser
+
+    open in your browser (make sure there is no proxy set)
 
-Each service will get its own external ip.
+    ```shell
+    http://REPLACE_WITH_EXTERNAL_IP:8080
+    ```
+
+    Each service will get its own external ip.
 
 ----
 
@@ -150,12 +218,12 @@ Adding a route requires root privileges for the user, and thus there are differe
 
 <https://superuser.com/questions/1328452/sudoers-nopasswd-for-single-executable-but-allowing-others>
 
-
 ### Access to ports <1024 on Windows requires root permission
+
 If you are using Docker driver on Windows, there is a chance that you have an old version of SSH client you might get an error like - `Privileged ports can only be forwarded by root.` or you might not be able to access the service even after `minikube tunnel` if the access port is less than 1024 but for ports greater than 1024 works fine.
 
 In order to resolve this, ensure that you are running the latest version of SSH client. You can install the latest version of the SSH client on Windows by running the following in a Command Prompt with an Administrator Privileges (Requires [chocolatey package manager](https://chocolatey.org/install))
-```
+```cmd
 choco install openssh
 ```
-The latest version (`OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5`) which is available on Windows 10 by default doesn't work. You can track the issue with this over here - https://github.com/PowerShell/Win32-OpenSSH/issues/1693
+The latest version (`OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5`) which is available on Windows 10 by default doesn't work. You can track the issue with this over here - https://github.com/PowerShell/Win32-OpenSSH/issues/1693
