Kubernetes K8S之Pod跨namespace名称空间访问Service服务
Kubernetes的两个Service(ServiceA、ServiceB)和对应的Pod(PodA、PodB)分别属于不同的namespace名称空间,现需要PodA和PodB跨namespace名称空间并通过Service实现互访。应该如何实现?
场景需求
Kubernetes的两个Service(ServiceA、ServiceB)和对应的Pod(PodA、PodB)分别属于不同的namespace名称空间,现需要PodA和PodB跨namespace名称空间并通过Service实现互访。如何实现?
说明:这里是指通过Service的Name进行通信访问,而不是通过Service的IP【因因为每次重启Service,NAME不会改变,而IP是会改变的】。
主机配置规划
| 服务器名称(hostname) | 系统版本 | 配置 | 内网IP | 外网IP(模拟) |
|---|---|---|---|---|
| k8s-master | CentOS7.7 | 2C/4G/20G | 172.16.1.110 | 10.0.0.110 |
| k8s-node01 | CentOS7.7 | 2C/4G/20G | 172.16.1.111 | 10.0.0.111 |
| k8s-node02 | CentOS7.7 | 2C/4G/20G | 172.16.1.112 | 10.0.0.112 |
创建Service和Pod
相关yaml文件
1 [root@k8s-master cross_ns]# pwd 2 /root/k8s_practice/cross_ns 3 [root@k8s-master cross_ns]# 4 [root@k8s-master cross_ns]# cat deply_service_myns.yaml 5 apiVersion: v1 6 kind: Namespace 7 metadata: 8 name: myns 9 --- 10 apiVersion: apps/v1 11 kind: Deployment 12 metadata: 13 name: myapp-deploy1 14 namespace: myns 15 spec: 16 replicas: 2 17 selector: 18 matchLabels: 19 app: myapp 20 release: v1 21 template: 22 metadata: 23 labels: 24 app: myapp 25 release: v1 26 spec: 27 containers: 28 - name: myapp 29 image: registry.cn-beijing.aliyuncs.com/google_registry/myapp:v1 30 imagePullPolicy: IfNotPresent 31 ports: 32 - name: http 33 containerPort: 80 34 --- 35 apiVersion: v1 36 kind: Service 37 metadata: 38 name: myapp-clusterip1 39 namespace: myns 40 spec: 41 type: ClusterIP # 默认类型 42 selector: 43 app: myapp 44 release: v1 45 ports: 46 - name: http 47 port: 80 48 targetPort: 80 49 50 [root@k8s-master cross_ns]# 51 [root@k8s-master cross_ns]# cat deply_service_mytest.yaml 52 apiVersion: v1 53 kind: Namespace 54 metadata: 55 name: mytest 56 --- 57 apiVersion: apps/v1 58 kind: Deployment 59 metadata: 60 name: myapp-deploy2 61 namespace: mytest 62 spec: 63 replicas: 2 64 selector: 65 matchLabels: 66 app: myapp 67 release: v2 68 template: 69 metadata: 70 labels: 71 app: myapp 72 release: v2 73 spec: 74 containers: 75 - name: myapp 76 image: registry.cn-beijing.aliyuncs.com/google_registry/myapp:v2 77 imagePullPolicy: IfNotPresent 78 ports: 79 - name: http 80 containerPort: 80 81 --- 82 apiVersion: v1 83 kind: Service 84 metadata: 85 name: myapp-clusterip2 86 namespace: mytest 87 spec: 88 type: ClusterIP # 默认类型 89 selector: 90 app: myapp 91 release: v2 92 ports: 93 - name: http 94 port: 80 95 targetPort: 80
运行yaml文件
1 kubectl apply -f deply_service_myns.yaml 2 kubectl apply -f deply_service_mytest.yaml
查看myns名称空间信息
1 [root@k8s-master cross_ns]# kubectl get svc -n myns -o wide 2 NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR 3 myapp-clusterip1 ClusterIP 10.100.61.11 <none> 80/TCP 3m app=myapp,release=v1 4 [root@k8s-master cross_ns]# 5 [root@k8s-master cross_ns]# kubectl get deploy -n myns -o wide 6 NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR 7 myapp-deploy1 2/2 2 2 3m7s myapp registry.cn-beijing.aliyuncs.com/google_registry/myapp:v1 app=myapp,release=v1 8 [root@k8s-master cross_ns]# 9 [root@k8s-master cross_ns]# kubectl get rs -n myns -o wide 10 NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR 11 myapp-deploy1-5b9d78576c 2 2 2 3m15s myapp registry.cn-beijing.aliyuncs.com/google_registry/myapp:v1 app=myapp,pod-template-hash=5b9d78576c,release=v1 12 [root@k8s-master cross_ns]# 13 [root@k8s-master cross_ns]# kubectl get pod -n myns -o wide 14 NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES 15 myapp-deploy1-5b9d78576c-wfw4n 1/1 Running 0 3m20s 10.244.2.136 k8s-node02 <none> <none> 16 myapp-deploy1-5b9d78576c-zsfjl 1/1 Running 0 3m20s 10.244.3.193 k8s-node01 <none> <none>
查看mytest名称空间信息
1 [root@k8s-master cross_ns]# kubectl get svc -n mytest -o wide 2 NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR 3 myapp-clusterip2 ClusterIP 10.100.201.103 <none> 80/TCP 4m9s app=myapp,release=v2 4 [root@k8s-master cross_ns]# 5 [root@k8s-master cross_ns]# kubectl get deploy -n mytest -o wide 6 NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR 7 myapp-deploy2 2/2 2 2 4m15s myapp registry.cn-beijing.aliyuncs.com/google_registry/myapp:v2 app=myapp,release=v2 8 [root@k8s-master cross_ns]# 9 [root@k8s-master cross_ns]# kubectl get rs -n mytest -o wide 10 NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR 11 myapp-deploy2-dc8f96497 2 2 2 4m22s myapp registry.cn-beijing.aliyuncs.com/google_registry/myapp:v2 app=myapp,pod-template-hash=dc8f96497,release=v2 12 [root@k8s-master cross_ns]# 13 [root@k8s-master cross_ns]# kubectl get pod -n mytest -o wide 14 NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES 15 myapp-deploy2-dc8f96497-nnkqn 1/1 Running 0 4m27s 10.244.3.194 k8s-node01 <none> <none> 16 myapp-deploy2-dc8f96497-w47dt 1/1 Running 0 4m27s 10.244.2.137 k8s-node02 <none> <none>
只看Service和Pod
1 [root@k8s-master cross_ns]# kubectl get pod -A -o wide | grep -E '(my)|(NAME)' 2 NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES 3 myns myapp-deploy1-5b9d78576c-wfw4n 1/1 Running 0 41m 10.244.2.136 k8s-node02 <none> <none> 4 myns myapp-deploy1-5b9d78576c-zsfjl 1/1 Running 0 41m 10.244.3.193 k8s-node01 <none> <none> 5 mytest myapp-deploy2-dc8f96497-nnkqn 1/1 Running 0 41m 10.244.3.194 k8s-node01 <none> <none> 6 mytest myapp-deploy2-dc8f96497-w47dt 1/1 Running 0 41m 10.244.2.137 k8s-node02 <none> <none> 7 [root@k8s-master cross_ns]# 8 [root@k8s-master cross_ns]# 9 [root@k8s-master cross_ns]# kubectl get svc -A -o wide | grep -E '(my)|(NAME)' 10 NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR 11 myns myapp-clusterip1 ClusterIP 10.100.61.11 <none> 80/TCP 41m app=myapp,release=v1 12 mytest myapp-clusterip2 ClusterIP 10.100.201.103 <none> 80/TCP 41m app=myapp,release=v2
pod跨名称空间namespace与Service通信
说明:是通过Service的NAME进行通信,而不是Service的IP【因为每次重启Service,NAME不会改变,而IP是会改变的】。
1 # 进入ns名称空间下的一个Pod容器 2 [root@k8s-master cross_ns]# kubectl exec -it -n myns myapp-deploy1-5b9d78576c-wfw4n sh 3 / # cd /root/ 4 ### 如下说明在同一名称空间下,通信无问题 5 ~ # ping myapp-clusterip1 6 PING myapp-clusterip1 (10.100.61.11): 56 data bytes 7 64 bytes from 10.100.61.11: seq=0 ttl=64 time=0.046 ms 8 64 bytes from 10.100.61.11: seq=1 ttl=64 time=0.081 ms 9 ~ # 10 ~ # wget myapp-clusterip1 -O myns.html 11 Connecting to myapp-clusterip1 (10.100.61.11:80) 12 myns.html 100% 13 ~ # 14 ~ # cat myns.html 15 Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a> 16 17 ### 如下说明在不同的名称空间下,通过Service的NAME进行通信存在问题 18 ~ # ping myapp-clusterip2 19 ping: bad address 'myapp-clusterip2' 20 ~ # 21 ~ # wget myapp-clusterip2 -O mytest.html 22 wget: bad address 'myapp-clusterip2'
实现跨namespace与Service通信
通过Service的ExternalName类型即可实现跨namespace名称空间与Service通信。
Service域名格式:$(service name).$(namespace).svc.cluster.local,其中 cluster.local 为指定的集群的域名
相关yaml文件
1 [root@k8s-master cross_ns]# pwd 2 /root/k8s_practice/cross_ns 3 [root@k8s-master cross_ns]# 4 [root@k8s-master cross_ns]# cat svc_ExternalName_visit.yaml 5 # 实现 myns 名称空间的pod,访问 mytest 名称空间的Service:myapp-clusterip2 6 apiVersion: v1 7 kind: Service 8 metadata: 9 name: myapp-clusterip1-externalname 10 namespace: myns 11 spec: 12 type: ExternalName 13 externalName: myapp-clusterip2.mytest.svc.cluster.local 14 ports: 15 - name: http 16 port: 80 17 targetPort: 80 18 --- 19 # 实现 mytest 名称空间的Pod,访问 myns 名称空间的Service:myapp-clusterip1 20 apiVersion: v1 21 kind: Service 22 metadata: 23 name: myapp-clusterip2-externalname 24 namespace: mytest 25 spec: 26 type: ExternalName 27 externalName: myapp-clusterip1.myns.svc.cluster.local 28 ports: 29 - name: http 30 port: 80 31 targetPort: 80
运行yaml文件
1 [root@k8s-master cross_ns]# kubectl apply -f svc_ExternalName_visit.yaml 2 [root@k8s-master cross_ns]# 3 [root@k8s-master cross_ns]# kubectl get svc -A -o wide | grep -E '(ExternalName)|(NAME)' 4 NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR 5 myns myapp-clusterip1-externalname ExternalName <none> myapp-clusterip2.mytest.svc.cluster.local 80/TCP 28s <none> 6 mytest myapp-clusterip2-externalname ExternalName <none> myapp-clusterip1.myns.svc.cluster.local 80/TCP 28s <none>
pod跨名称空间namespace与Service通信
到目前所有service和pod信息查看
1 [root@k8s-master cross_ns]# kubectl get svc -A -o wide | grep -E '(my)|(NAME)' 2 NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR 3 myns myapp-clusterip1 ClusterIP 10.100.61.11 <none> 80/TCP 62m app=myapp,release=v1 4 myns myapp-clusterip1-externalname ExternalName <none> myapp-clusterip2.mytest.svc.cluster.local 80/TCP 84s <none> 5 mytest myapp-clusterip2 ClusterIP 10.100.201.103 <none> 80/TCP 62m app=myapp,release=v2 6 mytest myapp-clusterip2-externalname ExternalName <none> myapp-clusterip1.myns.svc.cluster.local 80/TCP 84s <none> 7 [root@k8s-master cross_ns]# 8 [root@k8s-master cross_ns]# kubectl get pod -A -o wide | grep -E '(my)|(NAME)' 9 NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES 10 myns myapp-deploy1-5b9d78576c-wfw4n 1/1 Running 0 62m 10.244.2.136 k8s-node02 <none> <none> 11 myns myapp-deploy1-5b9d78576c-zsfjl 1/1 Running 0 62m 10.244.3.193 k8s-node01 <none> <none> 12 mytest myapp-deploy2-dc8f96497-nnkqn 1/1 Running 0 62m 10.244.3.194 k8s-node01 <none> <none> 13 mytest myapp-deploy2-dc8f96497-w47dt 1/1 Running 0 62m 10.244.2.137 k8s-node02 <none> <none>
myns 名称空间的pod,访问 mytest 名称空间的Service:myapp-clusterip2
1 [root@k8s-master cross_ns]# kubectl exec -it -n myns myapp-deploy1-5b9d78576c-wfw4n sh 2 / # cd /root/ 3 ### 如下说明在同一名称空间下,通信无问题 4 ~ # ping myapp-clusterip1 5 PING myapp-clusterip1 (10.100.61.11): 56 data bytes 6 64 bytes from 10.100.61.11: seq=0 ttl=64 time=0.057 ms 7 64 bytes from 10.100.61.11: seq=1 ttl=64 time=0.071 ms 8 ……………… 9 ~ # 10 ~ # wget myapp-clusterip1 -O myns.html 11 Connecting to myapp-clusterip1 (10.100.61.11:80) 12 myns.html 100% 13 ~ # 14 ~ # cat myns.html 15 Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a> 16 17 ### 如下说明通过Service externalname类型,实现了Pod跨namespace名称空间与Service访问 18 ~ # ping myapp-clusterip1-externalname 19 PING myapp-clusterip1-externalname (10.100.201.103): 56 data bytes 20 64 bytes from 10.100.201.103: seq=0 ttl=64 time=0.050 ms 21 64 bytes from 10.100.201.103: seq=1 ttl=64 time=0.311 ms 22 ……………… 23 ~ # 24 ~ # wget myapp-clusterip1-externalname -O mytest.html 25 Connecting to myapp-clusterip1-externalname (10.100.201.103:80) 26 mytest.html 100% 27 ~ # 28 ~ # cat mytest.html 29 Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
mytest 名称空间的Pod,访问 myns 名称空间的Service:myapp-clusterip1
1 [root@k8s-master cross_ns]# kubectl exec -it -n mytest myapp-deploy2-dc8f96497-w47dt sh 2 / # cd /root/ 3 ### 如下说明在同一名称空间下,通信无问题 4 ~ # ping myapp-clusterip2 5 PING myapp-clusterip2 (10.100.201.103): 56 data bytes 6 64 bytes from 10.100.201.103: seq=0 ttl=64 time=0.087 ms 7 64 bytes from 10.100.201.103: seq=1 ttl=64 time=0.073 ms 8 ……………… 9 ~ # 10 ~ # wget myapp-clusterip2 -O mytest.html 11 Connecting to myapp-clusterip2 (10.100.201.103:80) 12 mytest.html 100% 13 ~ # 14 ~ # cat mytest.html 15 Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a> 16 17 ### 如下说明通过Service externalname类型,实现了Pod跨namespace名称空间与Service访问 18 ~ # ping myapp-clusterip2-externalname 19 PING myapp-clusterip2-externalname (10.100.61.11): 56 data bytes 20 64 bytes from 10.100.61.11: seq=0 ttl=64 time=0.089 ms 21 64 bytes from 10.100.61.11: seq=1 ttl=64 time=0.071 ms 22 ……………… 23 ~ # 24 ~ # wget myapp-clusterip2-externalname -O myns.html 25 Connecting to myapp-clusterip2-externalname (10.100.61.11:80) 26 myns.html 100% 27 ~ # 28 ~ # cat myns.html 29 Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
由上可见,实现了Pod跨namespace名称空间与Service访问。
完毕!
———END———
如果觉得不错就关注下呗 (-^O^-) !
