Kubernetes K8S之Pod跨namespace名称空间访问Service服务
Kubernetes的两个Service(ServiceA、ServiceB)和对应的Pod(PodA、PodB)分别属于不同的namespace名称空间,现需要PodA和PodB跨namespace名称空间并通过Service实现互访。应该如何实现?
场景需求
Kubernetes的两个Service(ServiceA、ServiceB)和对应的Pod(PodA、PodB)分别属于不同的namespace名称空间,现需要PodA和PodB跨namespace名称空间并通过Service实现互访。如何实现?
说明:这里是指通过Service的Name进行通信访问,而不是通过Service的IP【因因为每次重启Service,NAME不会改变,而IP是会改变的】。
主机配置规划
| 服务器名称(hostname) | 系统版本 | 配置 | 内网IP | 外网IP(模拟) |
|---|---|---|---|---|
| k8s-master | CentOS7.7 | 2C/4G/20G | 172.16.1.110 | 10.0.0.110 |
| k8s-node01 | CentOS7.7 | 2C/4G/20G | 172.16.1.111 | 10.0.0.111 |
| k8s-node02 | CentOS7.7 | 2C/4G/20G | 172.16.1.112 | 10.0.0.112 |
创建Service和Pod
相关yaml文件
[root@k8s-master cross_ns]# pwd
/root/k8s_practice/cross_ns
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# cat deply_service_myns.yaml
apiVersion: v1
kind: Namespace
metadata:
name: myns
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-deploy1
namespace: myns
spec:
replicas:
selector:
matchLabels:
app: myapp
release: v1
template:
metadata:
labels:
app: myapp
release: v1
spec:
containers:
- name: myapp
image: registry.cn-beijing.aliyuncs.com/google_registry/myapp:v1
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort:
---
apiVersion: v1
kind: Service
metadata:
name: myapp-clusterip1
namespace: myns
spec:
type: ClusterIP # 默认类型
selector:
app: myapp
release: v1
ports:
- name: http
port:
targetPort: [root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# cat deply_service_mytest.yaml
apiVersion: v1
kind: Namespace
metadata:
name: mytest
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-deploy2
namespace: mytest
spec:
replicas:
selector:
matchLabels:
app: myapp
release: v2
template:
metadata:
labels:
app: myapp
release: v2
spec:
containers:
- name: myapp
image: registry.cn-beijing.aliyuncs.com/google_registry/myapp:v2
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort:
---
apiVersion: v1
kind: Service
metadata:
name: myapp-clusterip2
namespace: mytest
spec:
type: ClusterIP # 默认类型
selector:
app: myapp
release: v2
ports:
- name: http
port:
targetPort:
运行yaml文件
kubectl apply -f deply_service_myns.yaml
kubectl apply -f deply_service_mytest.yaml
查看myns名称空间信息
[root@k8s-master cross_ns]# kubectl get svc -n myns -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
myapp-clusterip1 ClusterIP 10.100.61.11 <none> /TCP 3m app=myapp,release=v1
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get deploy -n myns -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
myapp-deploy1 / 3m7s myapp registry.cn-beijing.aliyuncs.com/google_registry/myapp:v1 app=myapp,release=v1
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get rs -n myns -o wide
NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR
myapp-deploy1-5b9d78576c 3m15s myapp registry.cn-beijing.aliyuncs.com/google_registry/myapp:v1 app=myapp,pod-template-hash=5b9d78576c,release=v1
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get pod -n myns -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myapp-deploy1-5b9d78576c-wfw4n / Running 3m20s 10.244.2.136 k8s-node02 <none> <none>
myapp-deploy1-5b9d78576c-zsfjl / Running 3m20s 10.244.3.193 k8s-node01 <none> <none>
查看mytest名称空间信息
[root@k8s-master cross_ns]# kubectl get svc -n mytest -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
myapp-clusterip2 ClusterIP 10.100.201.103 <none> /TCP 4m9s app=myapp,release=v2
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get deploy -n mytest -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
myapp-deploy2 / 4m15s myapp registry.cn-beijing.aliyuncs.com/google_registry/myapp:v2 app=myapp,release=v2
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get rs -n mytest -o wide
NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR
myapp-deploy2-dc8f96497 4m22s myapp registry.cn-beijing.aliyuncs.com/google_registry/myapp:v2 app=myapp,pod-template-hash=dc8f96497,release=v2
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get pod -n mytest -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myapp-deploy2-dc8f96497-nnkqn / Running 4m27s 10.244.3.194 k8s-node01 <none> <none>
myapp-deploy2-dc8f96497-w47dt / Running 4m27s 10.244.2.137 k8s-node02 <none> <none>
只看Service和Pod
[root@k8s-master cross_ns]# kubectl get pod -A -o wide | grep -E '(my)|(NAME)'
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myns myapp-deploy1-5b9d78576c-wfw4n / Running 41m 10.244.2.136 k8s-node02 <none> <none>
myns myapp-deploy1-5b9d78576c-zsfjl / Running 41m 10.244.3.193 k8s-node01 <none> <none>
mytest myapp-deploy2-dc8f96497-nnkqn / Running 41m 10.244.3.194 k8s-node01 <none> <none>
mytest myapp-deploy2-dc8f96497-w47dt / Running 41m 10.244.2.137 k8s-node02 <none> <none>
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get svc -A -o wide | grep -E '(my)|(NAME)'
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
myns myapp-clusterip1 ClusterIP 10.100.61.11 <none> /TCP 41m app=myapp,release=v1
mytest myapp-clusterip2 ClusterIP 10.100.201.103 <none> /TCP 41m app=myapp,release=v2
pod跨名称空间namespace与Service通信
说明:是通过Service的NAME进行通信,而不是Service的IP【因为每次重启Service,NAME不会改变,而IP是会改变的】。
# 进入ns名称空间下的一个Pod容器
[root@k8s-master cross_ns]# kubectl exec -it -n myns myapp-deploy1-5b9d78576c-wfw4n sh
/ # cd /root/
### 如下说明在同一名称空间下,通信无问题
~ # ping myapp-clusterip1
PING myapp-clusterip1 (10.100.61.11): data bytes
bytes from 10.100.61.11: seq= ttl= time=0.046 ms
bytes from 10.100.61.11: seq= ttl= time=0.081 ms
~ #
~ # wget myapp-clusterip1 -O myns.html
Connecting to myapp-clusterip1 (10.100.61.11:)
myns.html %
~ #
~ # cat myns.html
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a> ### 如下说明在不同的名称空间下,通过Service的NAME进行通信存在问题
~ # ping myapp-clusterip2
ping: bad address 'myapp-clusterip2'
~ #
~ # wget myapp-clusterip2 -O mytest.html
wget: bad address 'myapp-clusterip2'
实现跨namespace与Service通信
通过Service的ExternalName类型即可实现跨namespace名称空间与Service通信。
Service域名格式:$(service name).$(namespace).svc.cluster.local,其中 cluster.local 为指定的集群的域名
相关yaml文件
[root@k8s-master cross_ns]# pwd
/root/k8s_practice/cross_ns
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# cat svc_ExternalName_visit.yaml
# 实现 myns 名称空间的pod,访问 mytest 名称空间的Service:myapp-clusterip2
apiVersion: v1
kind: Service
metadata:
name: myapp-clusterip1-externalname
namespace: myns
spec:
type: ExternalName
externalName: myapp-clusterip2.mytest.svc.cluster.local
ports:
- name: http
port:
targetPort:
---
# 实现 mytest 名称空间的Pod,访问 myns 名称空间的Service:myapp-clusterip1
apiVersion: v1
kind: Service
metadata:
name: myapp-clusterip2-externalname
namespace: mytest
spec:
type: ExternalName
externalName: myapp-clusterip1.myns.svc.cluster.local
ports:
- name: http
port:
targetPort:
运行yaml文件
[root@k8s-master cross_ns]# kubectl apply -f svc_ExternalName_visit.yaml
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get svc -A -o wide | grep -E '(ExternalName)|(NAME)'
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
myns myapp-clusterip1-externalname ExternalName <none> myapp-clusterip2.mytest.svc.cluster.local /TCP 28s <none>
mytest myapp-clusterip2-externalname ExternalName <none> myapp-clusterip1.myns.svc.cluster.local /TCP 28s <none>
pod跨名称空间namespace与Service通信
到目前所有service和pod信息查看
[root@k8s-master cross_ns]# kubectl get svc -A -o wide | grep -E '(my)|(NAME)'
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
myns myapp-clusterip1 ClusterIP 10.100.61.11 <none> /TCP 62m app=myapp,release=v1
myns myapp-clusterip1-externalname ExternalName <none> myapp-clusterip2.mytest.svc.cluster.local /TCP 84s <none>
mytest myapp-clusterip2 ClusterIP 10.100.201.103 <none> /TCP 62m app=myapp,release=v2
mytest myapp-clusterip2-externalname ExternalName <none> myapp-clusterip1.myns.svc.cluster.local /TCP 84s <none>
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get pod -A -o wide | grep -E '(my)|(NAME)'
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myns myapp-deploy1-5b9d78576c-wfw4n / Running 62m 10.244.2.136 k8s-node02 <none> <none>
myns myapp-deploy1-5b9d78576c-zsfjl / Running 62m 10.244.3.193 k8s-node01 <none> <none>
mytest myapp-deploy2-dc8f96497-nnkqn / Running 62m 10.244.3.194 k8s-node01 <none> <none>
mytest myapp-deploy2-dc8f96497-w47dt / Running 62m 10.244.2.137 k8s-node02 <none> <none>
myns 名称空间的pod,访问 mytest 名称空间的Service:myapp-clusterip2
[root@k8s-master cross_ns]# kubectl exec -it -n myns myapp-deploy1-5b9d78576c-wfw4n sh
/ # cd /root/
### 如下说明在同一名称空间下,通信无问题
~ # ping myapp-clusterip1
PING myapp-clusterip1 (10.100.61.11): data bytes
bytes from 10.100.61.11: seq= ttl= time=0.057 ms
bytes from 10.100.61.11: seq= ttl= time=0.071 ms
………………
~ #
~ # wget myapp-clusterip1 -O myns.html
Connecting to myapp-clusterip1 (10.100.61.11:)
myns.html %
~ #
~ # cat myns.html
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a> ### 如下说明通过Service externalname类型,实现了Pod跨namespace名称空间与Service访问
~ # ping myapp-clusterip1-externalname
PING myapp-clusterip1-externalname (10.100.201.103): data bytes
bytes from 10.100.201.103: seq= ttl= time=0.050 ms
bytes from 10.100.201.103: seq= ttl= time=0.311 ms
………………
~ #
~ # wget myapp-clusterip1-externalname -O mytest.html
Connecting to myapp-clusterip1-externalname (10.100.201.103:)
mytest.html %
~ #
~ # cat mytest.html
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
mytest 名称空间的Pod,访问 myns 名称空间的Service:myapp-clusterip1
[root@k8s-master cross_ns]# kubectl exec -it -n mytest myapp-deploy2-dc8f96497-w47dt sh
/ # cd /root/
### 如下说明在同一名称空间下,通信无问题
~ # ping myapp-clusterip2
PING myapp-clusterip2 (10.100.201.103): data bytes
bytes from 10.100.201.103: seq= ttl= time=0.087 ms
bytes from 10.100.201.103: seq= ttl= time=0.073 ms
………………
~ #
~ # wget myapp-clusterip2 -O mytest.html
Connecting to myapp-clusterip2 (10.100.201.103:)
mytest.html %
~ #
~ # cat mytest.html
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a> ### 如下说明通过Service externalname类型,实现了Pod跨namespace名称空间与Service访问
~ # ping myapp-clusterip2-externalname
PING myapp-clusterip2-externalname (10.100.61.11): data bytes
bytes from 10.100.61.11: seq= ttl= time=0.089 ms
bytes from 10.100.61.11: seq= ttl= time=0.071 ms
………………
~ #
~ # wget myapp-clusterip2-externalname -O myns.html
Connecting to myapp-clusterip2-externalname (10.100.61.11:)
myns.html %
~ #
~ # cat myns.html
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
由上可见,实现了Pod跨namespace名称空间与Service访问。
完毕!
———END———
如果觉得不错就关注下呗 (-^O^-) !
Kubernetes K8S之Pod跨namespace名称空间访问Service服务的更多相关文章
- K8S中如何跨namespace 访问服务?为什么ping不通ClusterIP?
1.K8S中如何跨namespace 访问服务? 2.在Pod中为什么ping不通ClusterIP? 简述: Rancher2.0中的一个用户,在K8S环境中,创建两个namespace,对应用进行 ...
- pod(一):Kubernetes(k8s)创建pod的两种方式
目录 一.系统环境 二.前言 三.pod 四.创建pod 4.1 环境介绍 4.2 使用命令行的方式创建pod 4.2.1 创建最简单的pod 4.2.2 创建pod,指定镜像下载策略 4.2.3 创 ...
- k8s核心资源之:名称空间(ns)
简介 是对一组资源和对象的抽象集合,比如可以用来将系统内部的对象划分为不同的项目组或者用户组. 常见的pod.service.replicaSet和deployment等都是属于某一个namespac ...
- 简单操作:10分钟实现在kubernetes(k8s)里面部署服务器集群并访问项目(docker三)
前言 经过docker安装.k8s开启并登录,我们终于到 "部署k8s服务器集群并访问项目" 这一步了,实现的过程中有太多坑,好在都填平了,普天同庆. 在进行当前课题之前,我们需要 ...
- kubernetes 中,Pod、Deployment、ReplicaSet、Service 之间关系分析
deploy控制RS,RS控制Pod,这一整套,向外提供稳定可靠的Service. 详见:https://blog.csdn.net/ucsheep/article/details/81781509
- Kubernetes K8S之Service服务详解与示例
K8S之Service概述与代理说明,并详解所有的service服务类型与示例 主机配置规划 服务器名称(hostname) 系统版本 配置 内网IP 外网IP(模拟) k8s-master Cent ...
- 同一个POD中默认共享哪些名称空间
如果通过POD的形式来启动多个容器那么它们的名称空间会是共享的么,所以我这里讨论是在默认情况下同一个POD的不同容器的哪些名称空间是打通的.这里先说一下结论,共享的是UTS.IPC.NET.USER. ...
- Kubernetes K8S之鉴权RBAC详解
Kubernetes K8S之鉴权概述与RBAC详解 K8S认证与授权 认证「Authentication」 认证有如下几种方式: 1.HTTP Token认证:通过一个Token来识别合法用户. H ...
- Kubernetes k8s 基于Docker For Windows
开启和安装Kubernetes k8s 基于Docker For Windows 0.最近发现,Docker For Windows Stable在Enable Kubernetes这个问题上 ...
随机推荐
- 漏洞重温之XSS(上)
漏洞简介 跨站脚本攻击(XSS)是指恶意攻击者往Web页面里插入恶意Script代码,当用户浏览页面之时,嵌入web网页中的script代码会被执行,从而达到恶意攻击用户的目的. XSS漏洞通常是通过 ...
- 一、Spring的基本应用
1.spring导包 导入maven包 <dependencies> <dependency> <groupId>org.springframework</g ...
- 编译hotspot8
编译hotspot8 ubuntu desktop 18 全新准备与编译过程再记录下: # 建议使用此gcc和g++版本,过高版本比如gcc7或引发编译报错 sudo apt-get install ...
- 使用 .NET Core 3.x 构建RESTful Api(第三部分)
关于HTTP HEAD 和 HTTP GET: 从执行性能来说,这两种其实并没有什么区别.最大的不同就是对于HTTP HEAD 来说,Api消费者请求接口数据时,如果是通过HTTP HEAD的方式去请 ...
- PYTHON替代MATLAB在线性代数学习中的应用(使用Python辅助MIT 18.06 Linear Algebra学习)
前言 MATLAB一向是理工科学生的必备神器,但随着中美贸易冲突的一再升级,禁售与禁用的阴云也持续笼罩在高等学院的头顶.也许我们都应当考虑更多的途径,来辅助我们的学习和研究工作. 虽然PYTHON和众 ...
- python 10 else EasyGui(转载)
else语句 if else 要么怎么样,要么不怎么样 while else 干完了能怎样,干不完就不怎样 (异常处理) else 没有问题,就干吧 try: int('a') except Valu ...
- 《java多线程——线程简介与其创建(1)》
Java 给多线程编程提供了内置的支持. 一条线程指的是进程中一个单一顺序的控制流,一个进程中可以并发多个线程,每条线程并行执行不同的任务. 多线程是多任务的一种特别的形式,但多线程使用了更小的资源开 ...
- Antd cracoTs Js 配置流程
JS:文档:0.1.4 配置 js 环境.note链接:http://note.youdao.com/noteshare?id=e32fa75c1baa014b5819fa5e22887dbc& ...
- OpenStack 服务心跳机制和状态监控
参考链接: OpenStack服务心跳机制和状态监控 https://blog.csdn.net/qqhappy8/article/details/79304221
- 第1篇 Scrum冲刺博客
一.Alpha阶段各成员任务 梁天龙 任务名称 预计工时 编辑历史记录 2 登陆按键设计 3 考勤记录页面 2 人数记录页面 2 学习课程页面 4 建议页面 2 黄岳康 任务名称 ...