Kubernetes K8S之Pod跨namespace名称空间访问Service服务
Kubernetes的两个Service(ServiceA、ServiceB)和对应的Pod(PodA、PodB)分别属于不同的namespace名称空间,现需要PodA和PodB跨namespace名称空间并通过Service实现互访。应该如何实现?
场景需求
Kubernetes的两个Service(ServiceA、ServiceB)和对应的Pod(PodA、PodB)分别属于不同的namespace名称空间,现需要PodA和PodB跨namespace名称空间并通过Service实现互访。如何实现?
说明:这里是指通过Service的Name进行通信访问,而不是通过Service的IP【因因为每次重启Service,NAME不会改变,而IP是会改变的】。
主机配置规划
| 服务器名称(hostname) | 系统版本 | 配置 | 内网IP | 外网IP(模拟) |
|---|---|---|---|---|
| k8s-master | CentOS7.7 | 2C/4G/20G | 172.16.1.110 | 10.0.0.110 |
| k8s-node01 | CentOS7.7 | 2C/4G/20G | 172.16.1.111 | 10.0.0.111 |
| k8s-node02 | CentOS7.7 | 2C/4G/20G | 172.16.1.112 | 10.0.0.112 |
创建Service和Pod
相关yaml文件
[root@k8s-master cross_ns]# pwd
/root/k8s_practice/cross_ns
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# cat deply_service_myns.yaml
apiVersion: v1
kind: Namespace
metadata:
name: myns
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-deploy1
namespace: myns
spec:
replicas:
selector:
matchLabels:
app: myapp
release: v1
template:
metadata:
labels:
app: myapp
release: v1
spec:
containers:
- name: myapp
image: registry.cn-beijing.aliyuncs.com/google_registry/myapp:v1
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort:
---
apiVersion: v1
kind: Service
metadata:
name: myapp-clusterip1
namespace: myns
spec:
type: ClusterIP # 默认类型
selector:
app: myapp
release: v1
ports:
- name: http
port:
targetPort: [root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# cat deply_service_mytest.yaml
apiVersion: v1
kind: Namespace
metadata:
name: mytest
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-deploy2
namespace: mytest
spec:
replicas:
selector:
matchLabels:
app: myapp
release: v2
template:
metadata:
labels:
app: myapp
release: v2
spec:
containers:
- name: myapp
image: registry.cn-beijing.aliyuncs.com/google_registry/myapp:v2
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort:
---
apiVersion: v1
kind: Service
metadata:
name: myapp-clusterip2
namespace: mytest
spec:
type: ClusterIP # 默认类型
selector:
app: myapp
release: v2
ports:
- name: http
port:
targetPort:
运行yaml文件
kubectl apply -f deply_service_myns.yaml
kubectl apply -f deply_service_mytest.yaml
查看myns名称空间信息
[root@k8s-master cross_ns]# kubectl get svc -n myns -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
myapp-clusterip1 ClusterIP 10.100.61.11 <none> /TCP 3m app=myapp,release=v1
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get deploy -n myns -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
myapp-deploy1 / 3m7s myapp registry.cn-beijing.aliyuncs.com/google_registry/myapp:v1 app=myapp,release=v1
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get rs -n myns -o wide
NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR
myapp-deploy1-5b9d78576c 3m15s myapp registry.cn-beijing.aliyuncs.com/google_registry/myapp:v1 app=myapp,pod-template-hash=5b9d78576c,release=v1
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get pod -n myns -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myapp-deploy1-5b9d78576c-wfw4n / Running 3m20s 10.244.2.136 k8s-node02 <none> <none>
myapp-deploy1-5b9d78576c-zsfjl / Running 3m20s 10.244.3.193 k8s-node01 <none> <none>
查看mytest名称空间信息
[root@k8s-master cross_ns]# kubectl get svc -n mytest -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
myapp-clusterip2 ClusterIP 10.100.201.103 <none> /TCP 4m9s app=myapp,release=v2
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get deploy -n mytest -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
myapp-deploy2 / 4m15s myapp registry.cn-beijing.aliyuncs.com/google_registry/myapp:v2 app=myapp,release=v2
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get rs -n mytest -o wide
NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR
myapp-deploy2-dc8f96497 4m22s myapp registry.cn-beijing.aliyuncs.com/google_registry/myapp:v2 app=myapp,pod-template-hash=dc8f96497,release=v2
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get pod -n mytest -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myapp-deploy2-dc8f96497-nnkqn / Running 4m27s 10.244.3.194 k8s-node01 <none> <none>
myapp-deploy2-dc8f96497-w47dt / Running 4m27s 10.244.2.137 k8s-node02 <none> <none>
只看Service和Pod
[root@k8s-master cross_ns]# kubectl get pod -A -o wide | grep -E '(my)|(NAME)'
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myns myapp-deploy1-5b9d78576c-wfw4n / Running 41m 10.244.2.136 k8s-node02 <none> <none>
myns myapp-deploy1-5b9d78576c-zsfjl / Running 41m 10.244.3.193 k8s-node01 <none> <none>
mytest myapp-deploy2-dc8f96497-nnkqn / Running 41m 10.244.3.194 k8s-node01 <none> <none>
mytest myapp-deploy2-dc8f96497-w47dt / Running 41m 10.244.2.137 k8s-node02 <none> <none>
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get svc -A -o wide | grep -E '(my)|(NAME)'
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
myns myapp-clusterip1 ClusterIP 10.100.61.11 <none> /TCP 41m app=myapp,release=v1
mytest myapp-clusterip2 ClusterIP 10.100.201.103 <none> /TCP 41m app=myapp,release=v2
pod跨名称空间namespace与Service通信
说明:是通过Service的NAME进行通信,而不是Service的IP【因为每次重启Service,NAME不会改变,而IP是会改变的】。
# 进入ns名称空间下的一个Pod容器
[root@k8s-master cross_ns]# kubectl exec -it -n myns myapp-deploy1-5b9d78576c-wfw4n sh
/ # cd /root/
### 如下说明在同一名称空间下,通信无问题
~ # ping myapp-clusterip1
PING myapp-clusterip1 (10.100.61.11): data bytes
bytes from 10.100.61.11: seq= ttl= time=0.046 ms
bytes from 10.100.61.11: seq= ttl= time=0.081 ms
~ #
~ # wget myapp-clusterip1 -O myns.html
Connecting to myapp-clusterip1 (10.100.61.11:)
myns.html %
~ #
~ # cat myns.html
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a> ### 如下说明在不同的名称空间下,通过Service的NAME进行通信存在问题
~ # ping myapp-clusterip2
ping: bad address 'myapp-clusterip2'
~ #
~ # wget myapp-clusterip2 -O mytest.html
wget: bad address 'myapp-clusterip2'
实现跨namespace与Service通信
通过Service的ExternalName类型即可实现跨namespace名称空间与Service通信。
Service域名格式:$(service name).$(namespace).svc.cluster.local,其中 cluster.local 为指定的集群的域名
相关yaml文件
[root@k8s-master cross_ns]# pwd
/root/k8s_practice/cross_ns
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# cat svc_ExternalName_visit.yaml
# 实现 myns 名称空间的pod,访问 mytest 名称空间的Service:myapp-clusterip2
apiVersion: v1
kind: Service
metadata:
name: myapp-clusterip1-externalname
namespace: myns
spec:
type: ExternalName
externalName: myapp-clusterip2.mytest.svc.cluster.local
ports:
- name: http
port:
targetPort:
---
# 实现 mytest 名称空间的Pod,访问 myns 名称空间的Service:myapp-clusterip1
apiVersion: v1
kind: Service
metadata:
name: myapp-clusterip2-externalname
namespace: mytest
spec:
type: ExternalName
externalName: myapp-clusterip1.myns.svc.cluster.local
ports:
- name: http
port:
targetPort:
运行yaml文件
[root@k8s-master cross_ns]# kubectl apply -f svc_ExternalName_visit.yaml
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get svc -A -o wide | grep -E '(ExternalName)|(NAME)'
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
myns myapp-clusterip1-externalname ExternalName <none> myapp-clusterip2.mytest.svc.cluster.local /TCP 28s <none>
mytest myapp-clusterip2-externalname ExternalName <none> myapp-clusterip1.myns.svc.cluster.local /TCP 28s <none>
pod跨名称空间namespace与Service通信
到目前所有service和pod信息查看
[root@k8s-master cross_ns]# kubectl get svc -A -o wide | grep -E '(my)|(NAME)'
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
myns myapp-clusterip1 ClusterIP 10.100.61.11 <none> /TCP 62m app=myapp,release=v1
myns myapp-clusterip1-externalname ExternalName <none> myapp-clusterip2.mytest.svc.cluster.local /TCP 84s <none>
mytest myapp-clusterip2 ClusterIP 10.100.201.103 <none> /TCP 62m app=myapp,release=v2
mytest myapp-clusterip2-externalname ExternalName <none> myapp-clusterip1.myns.svc.cluster.local /TCP 84s <none>
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get pod -A -o wide | grep -E '(my)|(NAME)'
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myns myapp-deploy1-5b9d78576c-wfw4n / Running 62m 10.244.2.136 k8s-node02 <none> <none>
myns myapp-deploy1-5b9d78576c-zsfjl / Running 62m 10.244.3.193 k8s-node01 <none> <none>
mytest myapp-deploy2-dc8f96497-nnkqn / Running 62m 10.244.3.194 k8s-node01 <none> <none>
mytest myapp-deploy2-dc8f96497-w47dt / Running 62m 10.244.2.137 k8s-node02 <none> <none>
myns 名称空间的pod,访问 mytest 名称空间的Service:myapp-clusterip2
[root@k8s-master cross_ns]# kubectl exec -it -n myns myapp-deploy1-5b9d78576c-wfw4n sh
/ # cd /root/
### 如下说明在同一名称空间下,通信无问题
~ # ping myapp-clusterip1
PING myapp-clusterip1 (10.100.61.11): data bytes
bytes from 10.100.61.11: seq= ttl= time=0.057 ms
bytes from 10.100.61.11: seq= ttl= time=0.071 ms
………………
~ #
~ # wget myapp-clusterip1 -O myns.html
Connecting to myapp-clusterip1 (10.100.61.11:)
myns.html %
~ #
~ # cat myns.html
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a> ### 如下说明通过Service externalname类型,实现了Pod跨namespace名称空间与Service访问
~ # ping myapp-clusterip1-externalname
PING myapp-clusterip1-externalname (10.100.201.103): data bytes
bytes from 10.100.201.103: seq= ttl= time=0.050 ms
bytes from 10.100.201.103: seq= ttl= time=0.311 ms
………………
~ #
~ # wget myapp-clusterip1-externalname -O mytest.html
Connecting to myapp-clusterip1-externalname (10.100.201.103:)
mytest.html %
~ #
~ # cat mytest.html
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
mytest 名称空间的Pod,访问 myns 名称空间的Service:myapp-clusterip1
[root@k8s-master cross_ns]# kubectl exec -it -n mytest myapp-deploy2-dc8f96497-w47dt sh
/ # cd /root/
### 如下说明在同一名称空间下,通信无问题
~ # ping myapp-clusterip2
PING myapp-clusterip2 (10.100.201.103): data bytes
bytes from 10.100.201.103: seq= ttl= time=0.087 ms
bytes from 10.100.201.103: seq= ttl= time=0.073 ms
………………
~ #
~ # wget myapp-clusterip2 -O mytest.html
Connecting to myapp-clusterip2 (10.100.201.103:)
mytest.html %
~ #
~ # cat mytest.html
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a> ### 如下说明通过Service externalname类型,实现了Pod跨namespace名称空间与Service访问
~ # ping myapp-clusterip2-externalname
PING myapp-clusterip2-externalname (10.100.61.11): data bytes
bytes from 10.100.61.11: seq= ttl= time=0.089 ms
bytes from 10.100.61.11: seq= ttl= time=0.071 ms
………………
~ #
~ # wget myapp-clusterip2-externalname -O myns.html
Connecting to myapp-clusterip2-externalname (10.100.61.11:)
myns.html %
~ #
~ # cat myns.html
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
由上可见,实现了Pod跨namespace名称空间与Service访问。
完毕!
———END———
如果觉得不错就关注下呗 (-^O^-) !
Kubernetes K8S之Pod跨namespace名称空间访问Service服务的更多相关文章
- K8S中如何跨namespace 访问服务?为什么ping不通ClusterIP?
1.K8S中如何跨namespace 访问服务? 2.在Pod中为什么ping不通ClusterIP? 简述: Rancher2.0中的一个用户,在K8S环境中,创建两个namespace,对应用进行 ...
- pod(一):Kubernetes(k8s)创建pod的两种方式
目录 一.系统环境 二.前言 三.pod 四.创建pod 4.1 环境介绍 4.2 使用命令行的方式创建pod 4.2.1 创建最简单的pod 4.2.2 创建pod,指定镜像下载策略 4.2.3 创 ...
- k8s核心资源之:名称空间(ns)
简介 是对一组资源和对象的抽象集合,比如可以用来将系统内部的对象划分为不同的项目组或者用户组. 常见的pod.service.replicaSet和deployment等都是属于某一个namespac ...
- 简单操作:10分钟实现在kubernetes(k8s)里面部署服务器集群并访问项目(docker三)
前言 经过docker安装.k8s开启并登录,我们终于到 "部署k8s服务器集群并访问项目" 这一步了,实现的过程中有太多坑,好在都填平了,普天同庆. 在进行当前课题之前,我们需要 ...
- kubernetes 中,Pod、Deployment、ReplicaSet、Service 之间关系分析
deploy控制RS,RS控制Pod,这一整套,向外提供稳定可靠的Service. 详见:https://blog.csdn.net/ucsheep/article/details/81781509
- Kubernetes K8S之Service服务详解与示例
K8S之Service概述与代理说明,并详解所有的service服务类型与示例 主机配置规划 服务器名称(hostname) 系统版本 配置 内网IP 外网IP(模拟) k8s-master Cent ...
- 同一个POD中默认共享哪些名称空间
如果通过POD的形式来启动多个容器那么它们的名称空间会是共享的么,所以我这里讨论是在默认情况下同一个POD的不同容器的哪些名称空间是打通的.这里先说一下结论,共享的是UTS.IPC.NET.USER. ...
- Kubernetes K8S之鉴权RBAC详解
Kubernetes K8S之鉴权概述与RBAC详解 K8S认证与授权 认证「Authentication」 认证有如下几种方式: 1.HTTP Token认证:通过一个Token来识别合法用户. H ...
- Kubernetes k8s 基于Docker For Windows
开启和安装Kubernetes k8s 基于Docker For Windows 0.最近发现,Docker For Windows Stable在Enable Kubernetes这个问题上 ...
随机推荐
- 2020-04-28:工作中如何解决MQ消息堆积和消息重复的问题?
福哥答案2020-04-28:此答案来自群员,感谢群员支持. 消息堆积 只能考虑 增多消费者 以及后端其他服务 组件的吞吐能力 别的有办法吗 如果更彻底一点 分撒单个队列里的消息 队列 更分门别类 或 ...
- Oracle创建主键优劣
创建主键方式 一个表的主键是唯一标识,不能有重复,不允许为空. 一个表的主键可以由一个字段或多个字段共同组成. -- 列级,表级建立主键 1.create table constraint_test ...
- java.util.Scanner中hasNext()方法和next()方法的区别
先说结论: 两者均根据空格划分数据 两者在没有数据输入时均会等待输入 next()方法会将空格划分的数据依次输出,运行一次,输出一个 hasNext()方法会跟着next()方法移动,当前数据不为空, ...
- python智能图片识别系统(图片切割、图片识别、区别标识)
@ 目录 技术介绍 运行效果 关键代码 写在最后 技术介绍 你好! python flask图片识别系统使用到的技术有:图片背景切割.图片格式转换(pdf转png).图片模板匹配.图片区别标识. 运行 ...
- Mybatis如何在插入(ID是后台生成的)后返回ID?
获得ID方法:
- (转)软件产品化,国内IT人之痛
原文链接:http://blog.csdn.net/harrymeng/article/details/5254415 记得在网上看过一则印度软件的有趣故事,意思是先从印度6个不同城市的软件公司中选出 ...
- jupyter 安装 卸载 包
# 安装 !pip install 库名 # 卸载 !pip uninstall 库名 -y
- 原生js实现 vue的数据双向绑定
原生js实现一个简单的vue的数据双向绑定 vue是采用数据劫持结合发布者-订阅者模式的方式,通过Object.defineProperty()来劫持各个属性的setter,getter,在数据变动时 ...
- 设置Anaconda启动jupyter的默认目录
要解决的问题:安装好Anaconda后打开jupyter总是会自动跳到c:下的用户目录,通过以下方法可以修改其默认打开的目录 吐槽:竟然没有设置默认打开目录的选项,只能通过修改配置文件完成,让人不爽. ...
- fsck知识点记录
最近处理一个生产环境问题时,碰下一个以下现象,记录一下,便于以后出现类似问题时,快速的查找相应命令 问题现象 由于物理机的内存条出现故障,导致该节点上的所有虚机网络都不通,机房人员修复完物理内存以后, ...