Kubernetes K8S之Pod跨namespace名称空间访问Service服务

微信扫一扫,分享到朋友圈

Kubernetes K8S之Pod跨namespace名称空间访问Service服务

Kubernetes的两个Service(ServiceA、ServiceB)和对应的Pod(PodA、PodB)分别属于不同的namespace名称空间,现需要PodA和PodB跨namespace名称空间并通过Service实现互访。应该如何实现?

场景需求

Kubernetes的两个Service(ServiceA、ServiceB)和对应的Pod(PodA、PodB)分别属于不同的namespace名称空间,现 需要PodA和PodB跨namespace名称空间并通过Service实现互访 。如何实现?

说明:这里是指通过Service的Name进行通信访问,而不是通过Service的IP【因因为每次重启Service,NAME不会改变,而IP是会改变的】。

主机配置规划

服务器名称(hostname) 系统版本 配置 内网IP 外网IP(模拟)
k8s-master CentOS7.7 2C/4G/20G 172.16.1.110 10.0.0.110
k8s-node01 CentOS7.7 2C/4G/20G 172.16.1.111 10.0.0.111
k8s-node02 CentOS7.7 2C/4G/20G 172.16.1.112 10.0.0.112

创建Service和Pod

相关yaml文件

1 [root@k8s-master cross_ns]# pwd
2 /root/k8s_practice/cross_ns
3 [root@k8s-master cross_ns]#
4 [root@k8s-master cross_ns]# cat deply_service_myns.yaml
5 apiVersion: v1
6 kind: Namespace
7 metadata:
8   name: myns
9 ---
10 apiVersion: apps/v1
11 kind: Deployment
12 metadata:
13   name: myapp-deploy1
14   namespace: myns
15 spec:
16   replicas: 2
17   selector:
18     matchLabels:
19       app: myapp
20       release: v1
21   template:
22     metadata:
23       labels:
24         app: myapp
25         release: v1
26     spec:
27       containers:
28       - name: myapp
29         image: registry.cn-beijing.aliyuncs.com/google_registry/myapp:v1
30         imagePullPolicy: IfNotPresent
31         ports:
32         - name: http
33           containerPort: 80
34 ---
35 apiVersion: v1
36 kind: Service
37 metadata:
38   name: myapp-clusterip1
39   namespace: myns
40 spec:
41   type: ClusterIP  # 默认类型
42   selector:
43     app: myapp
44     release: v1
45   ports:
46   - name: http
47     port: 80
48     targetPort: 80
49
50 [root@k8s-master cross_ns]#
51 [root@k8s-master cross_ns]# cat deply_service_mytest.yaml
52 apiVersion: v1
53 kind: Namespace
54 metadata:
55   name: mytest
56 ---
57 apiVersion: apps/v1
58 kind: Deployment
59 metadata:
60   name: myapp-deploy2
61   namespace: mytest
62 spec:
63   replicas: 2
64   selector:
65     matchLabels:
66       app: myapp
67       release: v2
68   template:
69     metadata:
70       labels:
71         app: myapp
72         release: v2
73     spec:
74       containers:
75       - name: myapp
76         image: registry.cn-beijing.aliyuncs.com/google_registry/myapp:v2
77         imagePullPolicy: IfNotPresent
78         ports:
79         - name: http
80           containerPort: 80
81 ---
82 apiVersion: v1
83 kind: Service
84 metadata:
85   name: myapp-clusterip2
86   namespace: mytest
87 spec:
88   type: ClusterIP  # 默认类型
89   selector:
90     app: myapp
91     release: v2
92   ports:
93   - name: http
94     port: 80
95     targetPort: 80

运行yaml文件

1 kubectl apply -f deply_service_myns.yaml
2 kubectl apply -f deply_service_mytest.yaml

查看myns名称空间信息

1 [root@k8s-master cross_ns]# kubectl get svc -n myns -o wide
2 NAME               TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)   AGE   SELECTOR
3 myapp-clusterip1   ClusterIP   10.100.61.11   <none>        80/TCP    3m    app=myapp,release=v1
4 [root@k8s-master cross_ns]#
5 [root@k8s-master cross_ns]# kubectl get deploy -n myns -o wide
6 NAME            READY   UP-TO-DATE   AVAILABLE   AGE    CONTAINERS   IMAGES                                                      SELECTOR
7 myapp-deploy1   2/2     2            2           3m7s   myapp        registry.cn-beijing.aliyuncs.com/google_registry/myapp:v1   app=myapp,release=v1
8 [root@k8s-master cross_ns]#
9 [root@k8s-master cross_ns]# kubectl get rs -n myns -o wide
10 NAME                       DESIRED   CURRENT   READY   AGE     CONTAINERS   IMAGES                                                      SELECTOR
11 myapp-deploy1-5b9d78576c   2         2         2       3m15s   myapp        registry.cn-beijing.aliyuncs.com/google_registry/myapp:v1   app=myapp,pod-template-hash=5b9d78576c,release=v1
12 [root@k8s-master cross_ns]#
13 [root@k8s-master cross_ns]# kubectl get pod -n myns -o wide
14 NAME                             READY   STATUS    RESTARTS   AGE     IP             NODE         NOMINATED NODE   READINESS GATES
15 myapp-deploy1-5b9d78576c-wfw4n   1/1     Running   0          3m20s   10.244.2.136   k8s-node02   <none>           <none>
16 myapp-deploy1-5b9d78576c-zsfjl   1/1     Running   0          3m20s   10.244.3.193   k8s-node01   <none>           <none>

查看mytest名称空间信息

1 [root@k8s-master cross_ns]# kubectl get svc -n mytest -o wide
2 NAME               TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE    SELECTOR
3 myapp-clusterip2   ClusterIP   10.100.201.103   <none>        80/TCP    4m9s   app=myapp,release=v2
4 [root@k8s-master cross_ns]#
5 [root@k8s-master cross_ns]# kubectl get deploy -n mytest -o wide
6 NAME            READY   UP-TO-DATE   AVAILABLE   AGE     CONTAINERS   IMAGES                                                      SELECTOR
7 myapp-deploy2   2/2     2            2           4m15s   myapp        registry.cn-beijing.aliyuncs.com/google_registry/myapp:v2   app=myapp,release=v2
8 [root@k8s-master cross_ns]#
9 [root@k8s-master cross_ns]# kubectl get rs -n mytest -o wide
10 NAME                      DESIRED   CURRENT   READY   AGE     CONTAINERS   IMAGES                                                      SELECTOR
11 myapp-deploy2-dc8f96497   2         2         2       4m22s   myapp        registry.cn-beijing.aliyuncs.com/google_registry/myapp:v2   app=myapp,pod-template-hash=dc8f96497,release=v2
12 [root@k8s-master cross_ns]#
13 [root@k8s-master cross_ns]# kubectl get pod -n mytest -o wide
14 NAME                            READY   STATUS    RESTARTS   AGE     IP             NODE         NOMINATED NODE   READINESS GATES
15 myapp-deploy2-dc8f96497-nnkqn   1/1     Running   0          4m27s   10.244.3.194   k8s-node01   <none>           <none>
16 myapp-deploy2-dc8f96497-w47dt   1/1     Running   0          4m27s   10.244.2.137   k8s-node02   <none>           <none>

只看Service和Pod

1 [root@k8s-master cross_ns]# kubectl get pod -A -o wide | grep -E '(my)|(NAME)'
2 NAMESPACE              NAME                                         READY   STATUS    RESTARTS   AGE   IP             NODE         NOMINATED NODE   READINESS GATES
3 myns                   myapp-deploy1-5b9d78576c-wfw4n               1/1     Running   0          41m   10.244.2.136   k8s-node02   <none>           <none>
4 myns                   myapp-deploy1-5b9d78576c-zsfjl               1/1     Running   0          41m   10.244.3.193   k8s-node01   <none>           <none>
5 mytest                 myapp-deploy2-dc8f96497-nnkqn                1/1     Running   0          41m   10.244.3.194   k8s-node01   <none>           <none>
6 mytest                 myapp-deploy2-dc8f96497-w47dt                1/1     Running   0          41m   10.244.2.137   k8s-node02   <none>           <none>
7 [root@k8s-master cross_ns]#
8 [root@k8s-master cross_ns]#
9 [root@k8s-master cross_ns]# kubectl get svc -A -o wide | grep -E '(my)|(NAME)'
10 NAMESPACE              NAME                        TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                  AGE   SELECTOR
11 myns                   myapp-clusterip1            ClusterIP   10.100.61.11     <none>        80/TCP                   41m   app=myapp,release=v1
12 mytest                 myapp-clusterip2            ClusterIP   10.100.201.103   <none>        80/TCP                   41m   app=myapp,release=v2

pod跨名称空间namespace与Service通信

说明:是通过Service的NAME进行通信,而不是Service的IP【因为每次重启Service,NAME不会改变,而IP是会改变的】。

1 # 进入ns名称空间下的一个Pod容器
2 [root@k8s-master cross_ns]# kubectl exec -it -n myns myapp-deploy1-5b9d78576c-wfw4n sh
3 / # cd /root/
4 ### 如下说明在同一名称空间下,通信无问题
5 ~ # ping myapp-clusterip1
6 PING myapp-clusterip1 (10.100.61.11): 56 data bytes
7 64 bytes from 10.100.61.11: seq=0 ttl=64 time=0.046 ms
8 64 bytes from 10.100.61.11: seq=1 ttl=64 time=0.081 ms
9 ~ #
10 ~ # wget myapp-clusterip1 -O myns.html
11 Connecting to myapp-clusterip1 (10.100.61.11:80)
12 myns.html            100%
13 ~ #
14 ~ # cat myns.html
15 Hello MyApp | Version: v1 | <a href="https://www.tuicool.com/articles/eQzEZrI/hostname.html">Pod Name</a>
16
17 ### 如下说明在不同的名称空间下,通过Service的NAME进行通信存在问题
18 ~ # ping myapp-clusterip2
19 ping: bad address 'myapp-clusterip2'
20 ~ #
21 ~ # wget myapp-clusterip2 -O mytest.html
22 wget: bad address 'myapp-clusterip2'

实现跨namespace与Service通信

通过Service的ExternalName类型即可实现跨namespace名称空间与Service通信。

Service域名格式: $(service name).$(namespace).svc.cluster.local ,其中 cluster.local 为指定的集群的域名

相关yaml文件

1 [root@k8s-master cross_ns]# pwd
2 /root/k8s_practice/cross_ns
3 [root@k8s-master cross_ns]#
4 [root@k8s-master cross_ns]# cat svc_ExternalName_visit.yaml
5 # 实现 myns 名称空间的pod,访问 mytest 名称空间的Service:myapp-clusterip2
6 apiVersion: v1
7 kind: Service
8 metadata:
9   name: myapp-clusterip1-externalname
10   namespace: myns
11 spec:
12   type: ExternalName
13   externalName: myapp-clusterip2.mytest.svc.cluster.local
14   ports:
15   - name: http
16     port: 80
17     targetPort: 80
18 ---
19 # 实现 mytest 名称空间的Pod,访问 myns 名称空间的Service:myapp-clusterip1
20 apiVersion: v1
21 kind: Service
22 metadata:
23   name: myapp-clusterip2-externalname
24   namespace: mytest
25 spec:
26   type: ExternalName
27   externalName: myapp-clusterip1.myns.svc.cluster.local
28   ports:
29   - name: http
30     port: 80
31     targetPort: 80

运行yaml文件

1 [root@k8s-master cross_ns]# kubectl apply -f svc_ExternalName_visit.yaml
2 [root@k8s-master cross_ns]#
3 [root@k8s-master cross_ns]# kubectl get svc -A -o wide | grep -E '(ExternalName)|(NAME)'
4 NAMESPACE              NAME                            TYPE           CLUSTER-IP       EXTERNAL-IP                                 PORT(S)                  AGE   SELECTOR
5 myns                   myapp-clusterip1-externalname   ExternalName   <none>           myapp-clusterip2.mytest.svc.cluster.local   80/TCP                   28s   <none>
6 mytest                 myapp-clusterip2-externalname   ExternalName   <none>           myapp-clusterip1.myns.svc.cluster.local     80/TCP                   28s   <none>

pod跨名称空间namespace与Service通信

到目前所有service和pod信息查看

1 [root@k8s-master cross_ns]# kubectl get svc -A -o wide | grep -E '(my)|(NAME)'
2 NAMESPACE              NAME                            TYPE           CLUSTER-IP       EXTERNAL-IP                                 PORT(S)                  AGE   SELECTOR
3 myns                   myapp-clusterip1                ClusterIP      10.100.61.11     <none>                                      80/TCP                   62m   app=myapp,release=v1
4 myns                   myapp-clusterip1-externalname   ExternalName   <none>           myapp-clusterip2.mytest.svc.cluster.local   80/TCP                   84s   <none>
5 mytest                 myapp-clusterip2                ClusterIP      10.100.201.103   <none>                                      80/TCP                   62m   app=myapp,release=v2
6 mytest                 myapp-clusterip2-externalname   ExternalName   <none>           myapp-clusterip1.myns.svc.cluster.local     80/TCP                   84s   <none>
7 [root@k8s-master cross_ns]#
8 [root@k8s-master cross_ns]# kubectl get pod -A -o wide | grep -E '(my)|(NAME)'
9 NAMESPACE              NAME                                         READY   STATUS    RESTARTS   AGE   IP             NODE         NOMINATED NODE   READINESS GATES
10 myns                   myapp-deploy1-5b9d78576c-wfw4n               1/1     Running   0          62m   10.244.2.136   k8s-node02   <none>           <none>
11 myns                   myapp-deploy1-5b9d78576c-zsfjl               1/1     Running   0          62m   10.244.3.193   k8s-node01   <none>           <none>
12 mytest                 myapp-deploy2-dc8f96497-nnkqn                1/1     Running   0          62m   10.244.3.194   k8s-node01   <none>           <none>
13 mytest                 myapp-deploy2-dc8f96497-w47dt                1/1     Running   0          62m   10.244.2.137   k8s-node02   <none>           <none>

myns 名称空间的pod,访问 mytest 名称空间的Service:myapp-clusterip2

1 [root@k8s-master cross_ns]# kubectl exec -it -n myns myapp-deploy1-5b9d78576c-wfw4n sh
2 / # cd /root/
3 ### 如下说明在同一名称空间下,通信无问题
4 ~ # ping myapp-clusterip1
5 PING myapp-clusterip1 (10.100.61.11): 56 data bytes
6 64 bytes from 10.100.61.11: seq=0 ttl=64 time=0.057 ms
7 64 bytes from 10.100.61.11: seq=1 ttl=64 time=0.071 ms
8 ………………
9 ~ #
10 ~ # wget myapp-clusterip1 -O myns.html
11 Connecting to myapp-clusterip1 (10.100.61.11:80)
12 myns.html            100%
13 ~ #
14 ~ # cat myns.html
15 Hello MyApp | Version: v1 | <a href="https://www.tuicool.com/articles/eQzEZrI/hostname.html">Pod Name</a>
16
17 ### 如下说明通过Service externalname类型,实现了Pod跨namespace名称空间与Service访问
18 ~ # ping myapp-clusterip1-externalname
19 PING myapp-clusterip1-externalname (10.100.201.103): 56 data bytes
20 64 bytes from 10.100.201.103: seq=0 ttl=64 time=0.050 ms
21 64 bytes from 10.100.201.103: seq=1 ttl=64 time=0.311 ms
22 ………………
23 ~ #
24 ~ # wget myapp-clusterip1-externalname -O mytest.html
25 Connecting to myapp-clusterip1-externalname (10.100.201.103:80)
26 mytest.html          100%
27 ~ #
28 ~ # cat mytest.html
29 Hello MyApp | Version: v2 | <a href="https://www.tuicool.com/articles/eQzEZrI/hostname.html">Pod Name</a>

mytest 名称空间的Pod,访问 myns 名称空间的Service:myapp-clusterip1

1 [root@k8s-master cross_ns]# kubectl exec -it -n mytest myapp-deploy2-dc8f96497-w47dt sh
2 / # cd /root/
3 ### 如下说明在同一名称空间下,通信无问题
4 ~ # ping myapp-clusterip2
5 PING myapp-clusterip2 (10.100.201.103): 56 data bytes
6 64 bytes from 10.100.201.103: seq=0 ttl=64 time=0.087 ms
7 64 bytes from 10.100.201.103: seq=1 ttl=64 time=0.073 ms
8 ………………
9 ~ #
10 ~ # wget myapp-clusterip2 -O mytest.html
11 Connecting to myapp-clusterip2 (10.100.201.103:80)
12 mytest.html          100%
13 ~ #
14 ~ # cat mytest.html
15 Hello MyApp | Version: v2 | <a href="https://www.tuicool.com/articles/eQzEZrI/hostname.html">Pod Name</a>
16
17 ### 如下说明通过Service externalname类型,实现了Pod跨namespace名称空间与Service访问
18 ~ # ping myapp-clusterip2-externalname
19 PING myapp-clusterip2-externalname (10.100.61.11): 56 data bytes
20 64 bytes from 10.100.61.11: seq=0 ttl=64 time=0.089 ms
21 64 bytes from 10.100.61.11: seq=1 ttl=64 time=0.071 ms
22 ………………
23 ~ #
24 ~ # wget myapp-clusterip2-externalname -O myns.html
25 Connecting to myapp-clusterip2-externalname (10.100.61.11:80)
26 myns.html            100%
27 ~ #
28 ~ # cat myns.html
29 Hello MyApp | Version: v1 | <a href="https://www.tuicool.com/articles/eQzEZrI/hostname.html">Pod Name</a>

由上可见,实现了Pod跨namespace名称空间与Service访问。

完毕!

———END———

如果觉得不错就关注下呗 (-^O^-) !

微信扫一扫,分享到朋友圈

Kubernetes K8S之Pod跨namespace名称空间访问Service服务

RocketMQ的发送模式和消费模式

上一篇

numpy函数笔记(持续更新)

下一篇

你也可能喜欢

Kubernetes K8S之Pod跨namespace名称空间访问Service服务

长按储存图像,分享给朋友