Kubernetes K8S之Pod跨namespace名称空间访问Service服务
Kubernetes的两个Service(ServiceA、ServiceB)和对应的Pod(PodA、PodB)分别属于不同的namespace名称空间,现需要PodA和PodB跨namespace名称空间并通过Service实现互访。应该如何实现?
场景需求
Kubernetes的两个Service(ServiceA、ServiceB)和对应的Pod(PodA、PodB)分别属于不同的namespace名称空间,现需要PodA和PodB跨namespace名称空间并通过Service实现互访。如何实现?
说明:这里是指通过Service的Name进行通信访问,而不是通过Service的IP【因因为每次重启Service,NAME不会改变,而IP是会改变的】。
主机配置规划
| 服务器名称(hostname) | 系统版本 | 配置 | 内网IP | 外网IP(模拟) |
|---|---|---|---|---|
| k8s-master | CentOS7.7 | 2C/4G/20G | 172.16.1.110 | 10.0.0.110 |
| k8s-node01 | CentOS7.7 | 2C/4G/20G | 172.16.1.111 | 10.0.0.111 |
| k8s-node02 | CentOS7.7 | 2C/4G/20G | 172.16.1.112 | 10.0.0.112 |
创建Service和Pod
相关yaml文件
[root@k8s-master cross_ns]# pwd
/root/k8s_practice/cross_ns
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# cat deply_service_myns.yaml
apiVersion: v1
kind: Namespace
metadata:
name: myns
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-deploy1
namespace: myns
spec:
replicas:
selector:
matchLabels:
app: myapp
release: v1
template:
metadata:
labels:
app: myapp
release: v1
spec:
containers:
- name: myapp
image: registry.cn-beijing.aliyuncs.com/google_registry/myapp:v1
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort:
---
apiVersion: v1
kind: Service
metadata:
name: myapp-clusterip1
namespace: myns
spec:
type: ClusterIP # 默认类型
selector:
app: myapp
release: v1
ports:
- name: http
port:
targetPort: [root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# cat deply_service_mytest.yaml
apiVersion: v1
kind: Namespace
metadata:
name: mytest
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-deploy2
namespace: mytest
spec:
replicas:
selector:
matchLabels:
app: myapp
release: v2
template:
metadata:
labels:
app: myapp
release: v2
spec:
containers:
- name: myapp
image: registry.cn-beijing.aliyuncs.com/google_registry/myapp:v2
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort:
---
apiVersion: v1
kind: Service
metadata:
name: myapp-clusterip2
namespace: mytest
spec:
type: ClusterIP # 默认类型
selector:
app: myapp
release: v2
ports:
- name: http
port:
targetPort:
运行yaml文件
kubectl apply -f deply_service_myns.yaml
kubectl apply -f deply_service_mytest.yaml
查看myns名称空间信息
[root@k8s-master cross_ns]# kubectl get svc -n myns -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
myapp-clusterip1 ClusterIP 10.100.61.11 <none> /TCP 3m app=myapp,release=v1
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get deploy -n myns -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
myapp-deploy1 / 3m7s myapp registry.cn-beijing.aliyuncs.com/google_registry/myapp:v1 app=myapp,release=v1
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get rs -n myns -o wide
NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR
myapp-deploy1-5b9d78576c 3m15s myapp registry.cn-beijing.aliyuncs.com/google_registry/myapp:v1 app=myapp,pod-template-hash=5b9d78576c,release=v1
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get pod -n myns -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myapp-deploy1-5b9d78576c-wfw4n / Running 3m20s 10.244.2.136 k8s-node02 <none> <none>
myapp-deploy1-5b9d78576c-zsfjl / Running 3m20s 10.244.3.193 k8s-node01 <none> <none>
查看mytest名称空间信息
[root@k8s-master cross_ns]# kubectl get svc -n mytest -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
myapp-clusterip2 ClusterIP 10.100.201.103 <none> /TCP 4m9s app=myapp,release=v2
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get deploy -n mytest -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
myapp-deploy2 / 4m15s myapp registry.cn-beijing.aliyuncs.com/google_registry/myapp:v2 app=myapp,release=v2
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get rs -n mytest -o wide
NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR
myapp-deploy2-dc8f96497 4m22s myapp registry.cn-beijing.aliyuncs.com/google_registry/myapp:v2 app=myapp,pod-template-hash=dc8f96497,release=v2
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get pod -n mytest -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myapp-deploy2-dc8f96497-nnkqn / Running 4m27s 10.244.3.194 k8s-node01 <none> <none>
myapp-deploy2-dc8f96497-w47dt / Running 4m27s 10.244.2.137 k8s-node02 <none> <none>
只看Service和Pod
[root@k8s-master cross_ns]# kubectl get pod -A -o wide | grep -E '(my)|(NAME)'
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myns myapp-deploy1-5b9d78576c-wfw4n / Running 41m 10.244.2.136 k8s-node02 <none> <none>
myns myapp-deploy1-5b9d78576c-zsfjl / Running 41m 10.244.3.193 k8s-node01 <none> <none>
mytest myapp-deploy2-dc8f96497-nnkqn / Running 41m 10.244.3.194 k8s-node01 <none> <none>
mytest myapp-deploy2-dc8f96497-w47dt / Running 41m 10.244.2.137 k8s-node02 <none> <none>
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get svc -A -o wide | grep -E '(my)|(NAME)'
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
myns myapp-clusterip1 ClusterIP 10.100.61.11 <none> /TCP 41m app=myapp,release=v1
mytest myapp-clusterip2 ClusterIP 10.100.201.103 <none> /TCP 41m app=myapp,release=v2
pod跨名称空间namespace与Service通信
说明:是通过Service的NAME进行通信,而不是Service的IP【因为每次重启Service,NAME不会改变,而IP是会改变的】。
# 进入ns名称空间下的一个Pod容器
[root@k8s-master cross_ns]# kubectl exec -it -n myns myapp-deploy1-5b9d78576c-wfw4n sh
/ # cd /root/
### 如下说明在同一名称空间下,通信无问题
~ # ping myapp-clusterip1
PING myapp-clusterip1 (10.100.61.11): data bytes
bytes from 10.100.61.11: seq= ttl= time=0.046 ms
bytes from 10.100.61.11: seq= ttl= time=0.081 ms
~ #
~ # wget myapp-clusterip1 -O myns.html
Connecting to myapp-clusterip1 (10.100.61.11:)
myns.html %
~ #
~ # cat myns.html
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a> ### 如下说明在不同的名称空间下,通过Service的NAME进行通信存在问题
~ # ping myapp-clusterip2
ping: bad address 'myapp-clusterip2'
~ #
~ # wget myapp-clusterip2 -O mytest.html
wget: bad address 'myapp-clusterip2'
实现跨namespace与Service通信
通过Service的ExternalName类型即可实现跨namespace名称空间与Service通信。
Service域名格式:$(service name).$(namespace).svc.cluster.local,其中 cluster.local 为指定的集群的域名
相关yaml文件
[root@k8s-master cross_ns]# pwd
/root/k8s_practice/cross_ns
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# cat svc_ExternalName_visit.yaml
# 实现 myns 名称空间的pod,访问 mytest 名称空间的Service:myapp-clusterip2
apiVersion: v1
kind: Service
metadata:
name: myapp-clusterip1-externalname
namespace: myns
spec:
type: ExternalName
externalName: myapp-clusterip2.mytest.svc.cluster.local
ports:
- name: http
port:
targetPort:
---
# 实现 mytest 名称空间的Pod,访问 myns 名称空间的Service:myapp-clusterip1
apiVersion: v1
kind: Service
metadata:
name: myapp-clusterip2-externalname
namespace: mytest
spec:
type: ExternalName
externalName: myapp-clusterip1.myns.svc.cluster.local
ports:
- name: http
port:
targetPort:
运行yaml文件
[root@k8s-master cross_ns]# kubectl apply -f svc_ExternalName_visit.yaml
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get svc -A -o wide | grep -E '(ExternalName)|(NAME)'
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
myns myapp-clusterip1-externalname ExternalName <none> myapp-clusterip2.mytest.svc.cluster.local /TCP 28s <none>
mytest myapp-clusterip2-externalname ExternalName <none> myapp-clusterip1.myns.svc.cluster.local /TCP 28s <none>
pod跨名称空间namespace与Service通信
到目前所有service和pod信息查看
[root@k8s-master cross_ns]# kubectl get svc -A -o wide | grep -E '(my)|(NAME)'
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
myns myapp-clusterip1 ClusterIP 10.100.61.11 <none> /TCP 62m app=myapp,release=v1
myns myapp-clusterip1-externalname ExternalName <none> myapp-clusterip2.mytest.svc.cluster.local /TCP 84s <none>
mytest myapp-clusterip2 ClusterIP 10.100.201.103 <none> /TCP 62m app=myapp,release=v2
mytest myapp-clusterip2-externalname ExternalName <none> myapp-clusterip1.myns.svc.cluster.local /TCP 84s <none>
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get pod -A -o wide | grep -E '(my)|(NAME)'
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myns myapp-deploy1-5b9d78576c-wfw4n / Running 62m 10.244.2.136 k8s-node02 <none> <none>
myns myapp-deploy1-5b9d78576c-zsfjl / Running 62m 10.244.3.193 k8s-node01 <none> <none>
mytest myapp-deploy2-dc8f96497-nnkqn / Running 62m 10.244.3.194 k8s-node01 <none> <none>
mytest myapp-deploy2-dc8f96497-w47dt / Running 62m 10.244.2.137 k8s-node02 <none> <none>
myns 名称空间的pod,访问 mytest 名称空间的Service:myapp-clusterip2
[root@k8s-master cross_ns]# kubectl exec -it -n myns myapp-deploy1-5b9d78576c-wfw4n sh
/ # cd /root/
### 如下说明在同一名称空间下,通信无问题
~ # ping myapp-clusterip1
PING myapp-clusterip1 (10.100.61.11): data bytes
bytes from 10.100.61.11: seq= ttl= time=0.057 ms
bytes from 10.100.61.11: seq= ttl= time=0.071 ms
………………
~ #
~ # wget myapp-clusterip1 -O myns.html
Connecting to myapp-clusterip1 (10.100.61.11:)
myns.html %
~ #
~ # cat myns.html
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a> ### 如下说明通过Service externalname类型,实现了Pod跨namespace名称空间与Service访问
~ # ping myapp-clusterip1-externalname
PING myapp-clusterip1-externalname (10.100.201.103): data bytes
bytes from 10.100.201.103: seq= ttl= time=0.050 ms
bytes from 10.100.201.103: seq= ttl= time=0.311 ms
………………
~ #
~ # wget myapp-clusterip1-externalname -O mytest.html
Connecting to myapp-clusterip1-externalname (10.100.201.103:)
mytest.html %
~ #
~ # cat mytest.html
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
mytest 名称空间的Pod,访问 myns 名称空间的Service:myapp-clusterip1
[root@k8s-master cross_ns]# kubectl exec -it -n mytest myapp-deploy2-dc8f96497-w47dt sh
/ # cd /root/
### 如下说明在同一名称空间下,通信无问题
~ # ping myapp-clusterip2
PING myapp-clusterip2 (10.100.201.103): data bytes
bytes from 10.100.201.103: seq= ttl= time=0.087 ms
bytes from 10.100.201.103: seq= ttl= time=0.073 ms
………………
~ #
~ # wget myapp-clusterip2 -O mytest.html
Connecting to myapp-clusterip2 (10.100.201.103:)
mytest.html %
~ #
~ # cat mytest.html
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a> ### 如下说明通过Service externalname类型,实现了Pod跨namespace名称空间与Service访问
~ # ping myapp-clusterip2-externalname
PING myapp-clusterip2-externalname (10.100.61.11): data bytes
bytes from 10.100.61.11: seq= ttl= time=0.089 ms
bytes from 10.100.61.11: seq= ttl= time=0.071 ms
………………
~ #
~ # wget myapp-clusterip2-externalname -O myns.html
Connecting to myapp-clusterip2-externalname (10.100.61.11:)
myns.html %
~ #
~ # cat myns.html
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
由上可见,实现了Pod跨namespace名称空间与Service访问。
完毕!
———END———
如果觉得不错就关注下呗 (-^O^-) !
Kubernetes K8S之Pod跨namespace名称空间访问Service服务的更多相关文章
- K8S中如何跨namespace 访问服务?为什么ping不通ClusterIP?
1.K8S中如何跨namespace 访问服务? 2.在Pod中为什么ping不通ClusterIP? 简述: Rancher2.0中的一个用户,在K8S环境中,创建两个namespace,对应用进行 ...
- pod(一):Kubernetes(k8s)创建pod的两种方式
目录 一.系统环境 二.前言 三.pod 四.创建pod 4.1 环境介绍 4.2 使用命令行的方式创建pod 4.2.1 创建最简单的pod 4.2.2 创建pod,指定镜像下载策略 4.2.3 创 ...
- k8s核心资源之:名称空间(ns)
简介 是对一组资源和对象的抽象集合,比如可以用来将系统内部的对象划分为不同的项目组或者用户组. 常见的pod.service.replicaSet和deployment等都是属于某一个namespac ...
- 简单操作:10分钟实现在kubernetes(k8s)里面部署服务器集群并访问项目(docker三)
前言 经过docker安装.k8s开启并登录,我们终于到 "部署k8s服务器集群并访问项目" 这一步了,实现的过程中有太多坑,好在都填平了,普天同庆. 在进行当前课题之前,我们需要 ...
- kubernetes 中,Pod、Deployment、ReplicaSet、Service 之间关系分析
deploy控制RS,RS控制Pod,这一整套,向外提供稳定可靠的Service. 详见:https://blog.csdn.net/ucsheep/article/details/81781509
- Kubernetes K8S之Service服务详解与示例
K8S之Service概述与代理说明,并详解所有的service服务类型与示例 主机配置规划 服务器名称(hostname) 系统版本 配置 内网IP 外网IP(模拟) k8s-master Cent ...
- 同一个POD中默认共享哪些名称空间
如果通过POD的形式来启动多个容器那么它们的名称空间会是共享的么,所以我这里讨论是在默认情况下同一个POD的不同容器的哪些名称空间是打通的.这里先说一下结论,共享的是UTS.IPC.NET.USER. ...
- Kubernetes K8S之鉴权RBAC详解
Kubernetes K8S之鉴权概述与RBAC详解 K8S认证与授权 认证「Authentication」 认证有如下几种方式: 1.HTTP Token认证:通过一个Token来识别合法用户. H ...
- Kubernetes k8s 基于Docker For Windows
开启和安装Kubernetes k8s 基于Docker For Windows 0.最近发现,Docker For Windows Stable在Enable Kubernetes这个问题上 ...
随机推荐
- Vue Vuex中的严格模式/实例解析/dispatch/commit /state/getters
严格模式 import getters from './getters' import mutations from './mutations' import actions from './acti ...
- 第一个Mybatis
第一个Mybatis 思路:搭建环境-->导入Mybatis-->编写代码-->测试 1.搭建环境 新建maven工程,配置xml文件 <?xml version=" ...
- 存储系列之 XFS文件系统简介
引言:磁盘容量越来越大,文件系统管理的文件也是越来越大.越来越多,如何破解?唯有快!于是动态分配.B+树开始登上舞台.还记得当年MySQL的索引结构吗,好的作品所见略同. 一.XFS为什么替换Ext4 ...
- python设计模式之修饰器模式
python设计模式之修饰器模式 无论何时我们想对一个对象添加额外的功能,都有下面这些不同的可选方法. [ ] 如果合理,可以直接将功能添加到对象所属的类(例如,添加一个新的方法) [ ] 使用组合 ...
- MMD日文乱码解决
记录一下自己在学习MMD遇到的问题. 日文乱码是很常见的,因为很多MMD资源是日本的. 1.解压乱码 我以好压为例,其他解压软件也是可以通过设置解决的 设置
- mac 安卓生成证书(uniapp项目安卓证书申请)
mac 安卓生成证书 义务需求: 最近在开发基于uniapp框架的app,到了打包发布的阶段,来尝试打包为安卓的apk安装包.在用HBuild打包的时候需要提供安卓的数字证书(.keystore 文 ...
- eric4 编译 中文 控件 报错 解决
eric4 在qt设计师界面, 设计 中文名控件 时,有时候不能编译,报错如下: 解决办法: 打开eric4---setting----preferences 按下图操作后 ,重新启动eric4即可解 ...
- Jmeter系列(49)- 详解 HTTP Cookie 管理器
如果你想从头学习Jmeter,可以看看这个系列的文章哦 https://www.cnblogs.com/poloyy/category/1746599.html 简单介绍 功能一 首先,它像网络浏览器 ...
- 完全基于 Java 的开源深度学习平台,亚马逊的大佬带你上手
本文适合有 Java 基础的人群 作者:DJL-Lanking HelloGitHub 推出的<讲解开源项目>系列.有幸邀请到了亚马逊 + Apache 的工程师:Lanking( htt ...
- 分块练习C. interval
分块练习C. interval 题目描述 \(N\)个数\(a_i\),\(m\)个操作 \(1\). 从第一个数开始,每隔\(k_i\)个的位置上的数增加\(x_i\) \(2\). 查询\(l\) ...