Kubernetes K8S之Pod跨namespace名称空间访问Service服务
2024-06-07 21:42:19
Kubernetes的两个Service(ServiceA、ServiceB)和对应的Pod(PodA、PodB)分别属于不同的namespace名称空间,现需要PodA和PodB跨namespace名称空间并通过Service实现互访。应该如何实现?
场景需求
Kubernetes的两个Service(ServiceA、ServiceB)和对应的Pod(PodA、PodB)分别属于不同的namespace名称空间,现需要PodA和PodB跨namespace名称空间并通过Service实现互访。如何实现?
说明:这里是指通过Service的Name进行通信访问,而不是通过Service的IP【因因为每次重启Service,NAME不会改变,而IP是会改变的】。
主机配置规划
| 服务器名称(hostname) | 系统版本 | 配置 | 内网IP | 外网IP(模拟) |
|---|---|---|---|---|
| k8s-master | CentOS7.7 | 2C/4G/20G | 172.16.1.110 | 10.0.0.110 |
| k8s-node01 | CentOS7.7 | 2C/4G/20G | 172.16.1.111 | 10.0.0.111 |
| k8s-node02 | CentOS7.7 | 2C/4G/20G | 172.16.1.112 | 10.0.0.112 |
创建Service和Pod
相关yaml文件
[root@k8s-master cross_ns]# pwd
/root/k8s_practice/cross_ns
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# cat deply_service_myns.yaml
apiVersion: v1
kind: Namespace
metadata:name: myns
---
apiVersion: apps/v1
kind: Deployment
metadata:name: myapp-deploy1namespace: myns
spec:replicas: 2selector:matchLabels:app: myapprelease: v1template:metadata:labels:app: myapprelease: v1spec:containers:- name: myappimage: registry.cn-beijing.aliyuncs.com/google_registry/myapp:v1imagePullPolicy: IfNotPresentports:- name: httpcontainerPort: 80
---
apiVersion: v1
kind: Service
metadata:name: myapp-clusterip1namespace: myns
spec:type: ClusterIP # 默认类型selector:app: myapprelease: v1ports:- name: httpport: 80targetPort: 80[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# cat deply_service_mytest.yaml
apiVersion: v1
kind: Namespace
metadata:name: mytest
---
apiVersion: apps/v1
kind: Deployment
metadata:name: myapp-deploy2namespace: mytest
spec:replicas: 2selector:matchLabels:app: myapprelease: v2template:metadata:labels:app: myapprelease: v2spec:containers:- name: myappimage: registry.cn-beijing.aliyuncs.com/google_registry/myapp:v2imagePullPolicy: IfNotPresentports:- name: httpcontainerPort: 80
---
apiVersion: v1
kind: Service
metadata:name: myapp-clusterip2namespace: mytest
spec:type: ClusterIP # 默认类型selector:app: myapprelease: v2ports:- name: httpport: 80targetPort: 80
运行yaml文件
kubectl apply -f deply_service_myns.yaml
kubectl apply -f deply_service_mytest.yaml
查看myns名称空间信息
[root@k8s-master cross_ns]# kubectl get svc -n myns -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
myapp-clusterip1 ClusterIP 10.100.61.11 <none> 80/TCP 3m app=myapp,release=v1
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get deploy -n myns -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
myapp-deploy1 2/2 2 2 3m7s myapp registry.cn-beijing.aliyuncs.com/google_registry/myapp:v1 app=myapp,release=v1
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get rs -n myns -o wide
NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR
myapp-deploy1-5b9d78576c 2 2 2 3m15s myapp registry.cn-beijing.aliyuncs.com/google_registry/myapp:v1 app=myapp,pod-template-hash=5b9d78576c,release=v1
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get pod -n myns -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myapp-deploy1-5b9d78576c-wfw4n 1/1 Running 0 3m20s 10.244.2.136 k8s-node02 <none> <none>
myapp-deploy1-5b9d78576c-zsfjl 1/1 Running 0 3m20s 10.244.3.193 k8s-node01 <none> <none>
查看mytest名称空间信息
[root@k8s-master cross_ns]# kubectl get svc -n mytest -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
myapp-clusterip2 ClusterIP 10.100.201.103 <none> 80/TCP 4m9s app=myapp,release=v2
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get deploy -n mytest -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
myapp-deploy2 2/2 2 2 4m15s myapp registry.cn-beijing.aliyuncs.com/google_registry/myapp:v2 app=myapp,release=v2
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get rs -n mytest -o wide
NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR
myapp-deploy2-dc8f96497 2 2 2 4m22s myapp registry.cn-beijing.aliyuncs.com/google_registry/myapp:v2 app=myapp,pod-template-hash=dc8f96497,release=v2
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get pod -n mytest -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myapp-deploy2-dc8f96497-nnkqn 1/1 Running 0 4m27s 10.244.3.194 k8s-node01 <none> <none>
myapp-deploy2-dc8f96497-w47dt 1/1 Running 0 4m27s 10.244.2.137 k8s-node02 <none> <none>
只看Service和Pod
[root@k8s-master cross_ns]# kubectl get pod -A -o wide | grep -E '(my)|(NAME)'
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myns myapp-deploy1-5b9d78576c-wfw4n 1/1 Running 0 41m 10.244.2.136 k8s-node02 <none> <none>
myns myapp-deploy1-5b9d78576c-zsfjl 1/1 Running 0 41m 10.244.3.193 k8s-node01 <none> <none>
mytest myapp-deploy2-dc8f96497-nnkqn 1/1 Running 0 41m 10.244.3.194 k8s-node01 <none> <none>
mytest myapp-deploy2-dc8f96497-w47dt 1/1 Running 0 41m 10.244.2.137 k8s-node02 <none> <none>
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get svc -A -o wide | grep -E '(my)|(NAME)'
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
myns myapp-clusterip1 ClusterIP 10.100.61.11 <none> 80/TCP 41m app=myapp,release=v1
mytest myapp-clusterip2 ClusterIP 10.100.201.103 <none> 80/TCP 41m app=myapp,release=v2
pod跨名称空间namespace与Service通信
说明:是通过Service的NAME进行通信,而不是Service的IP【因为每次重启Service,NAME不会改变,而IP是会改变的】。
# 进入ns名称空间下的一个Pod容器
[root@k8s-master cross_ns]# kubectl exec -it -n myns myapp-deploy1-5b9d78576c-wfw4n sh
/ # cd /root/
### 如下说明在同一名称空间下,通信无问题
~ # ping myapp-clusterip1
PING myapp-clusterip1 (10.100.61.11): 56 data bytes
64 bytes from 10.100.61.11: seq=0 ttl=64 time=0.046 ms
64 bytes from 10.100.61.11: seq=1 ttl=64 time=0.081 ms
~ #
~ # wget myapp-clusterip1 -O myns.html
Connecting to myapp-clusterip1 (10.100.61.11:80)
myns.html 100%
~ #
~ # cat myns.html
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>### 如下说明在不同的名称空间下,通过Service的NAME进行通信存在问题
~ # ping myapp-clusterip2
ping: bad address 'myapp-clusterip2'
~ #
~ # wget myapp-clusterip2 -O mytest.html
wget: bad address 'myapp-clusterip2'
实现跨namespace与Service通信
通过Service的ExternalName类型即可实现跨namespace名称空间与Service通信。
Service域名格式:$(service name).$(namespace).svc.cluster.local,其中 cluster.local 为指定的集群的域名
相关yaml文件
[root@k8s-master cross_ns]# pwd
/root/k8s_practice/cross_ns
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# cat svc_ExternalName_visit.yaml
# 实现 myns 名称空间的pod,访问 mytest 名称空间的Service:myapp-clusterip2
apiVersion: v1
kind: Service
metadata:name: myapp-clusterip1-externalnamenamespace: myns
spec:type: ExternalNameexternalName: myapp-clusterip2.mytest.svc.cluster.localports:- name: httpport: 80targetPort: 80
---
# 实现 mytest 名称空间的Pod,访问 myns 名称空间的Service:myapp-clusterip1
apiVersion: v1
kind: Service
metadata:name: myapp-clusterip2-externalnamenamespace: mytest
spec:type: ExternalNameexternalName: myapp-clusterip1.myns.svc.cluster.localports:- name: httpport: 80targetPort: 80
运行yaml文件
[root@k8s-master cross_ns]# kubectl apply -f svc_ExternalName_visit.yaml
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get svc -A -o wide | grep -E '(ExternalName)|(NAME)'
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
myns myapp-clusterip1-externalname ExternalName <none> myapp-clusterip2.mytest.svc.cluster.local 80/TCP 28s <none>
mytest myapp-clusterip2-externalname ExternalName <none> myapp-clusterip1.myns.svc.cluster.local 80/TCP 28s <none>
pod跨名称空间namespace与Service通信
到目前所有service和pod信息查看
[root@k8s-master cross_ns]# kubectl get svc -A -o wide | grep -E '(my)|(NAME)'
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
myns myapp-clusterip1 ClusterIP 10.100.61.11 <none> 80/TCP 62m app=myapp,release=v1
myns myapp-clusterip1-externalname ExternalName <none> myapp-clusterip2.mytest.svc.cluster.local 80/TCP 84s <none>
mytest myapp-clusterip2 ClusterIP 10.100.201.103 <none> 80/TCP 62m app=myapp,release=v2
mytest myapp-clusterip2-externalname ExternalName <none> myapp-clusterip1.myns.svc.cluster.local 80/TCP 84s <none>
[root@k8s-master cross_ns]#
[root@k8s-master cross_ns]# kubectl get pod -A -o wide | grep -E '(my)|(NAME)'
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myns myapp-deploy1-5b9d78576c-wfw4n 1/1 Running 0 62m 10.244.2.136 k8s-node02 <none> <none>
myns myapp-deploy1-5b9d78576c-zsfjl 1/1 Running 0 62m 10.244.3.193 k8s-node01 <none> <none>
mytest myapp-deploy2-dc8f96497-nnkqn 1/1 Running 0 62m 10.244.3.194 k8s-node01 <none> <none>
mytest myapp-deploy2-dc8f96497-w47dt 1/1 Running 0 62m 10.244.2.137 k8s-node02 <none> <none>
myns 名称空间的pod,访问 mytest 名称空间的Service:myapp-clusterip2
[root@k8s-master cross_ns]# kubectl exec -it -n myns myapp-deploy1-5b9d78576c-wfw4n sh
/ # cd /root/
### 如下说明在同一名称空间下,通信无问题
~ # ping myapp-clusterip1
PING myapp-clusterip1 (10.100.61.11): 56 data bytes
64 bytes from 10.100.61.11: seq=0 ttl=64 time=0.057 ms
64 bytes from 10.100.61.11: seq=1 ttl=64 time=0.071 ms
………………
~ #
~ # wget myapp-clusterip1 -O myns.html
Connecting to myapp-clusterip1 (10.100.61.11:80)
myns.html 100%
~ #
~ # cat myns.html
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>### 如下说明通过Service externalname类型,实现了Pod跨namespace名称空间与Service访问
~ # ping myapp-clusterip1-externalname
PING myapp-clusterip1-externalname (10.100.201.103): 56 data bytes
64 bytes from 10.100.201.103: seq=0 ttl=64 time=0.050 ms
64 bytes from 10.100.201.103: seq=1 ttl=64 time=0.311 ms
………………
~ #
~ # wget myapp-clusterip1-externalname -O mytest.html
Connecting to myapp-clusterip1-externalname (10.100.201.103:80)
mytest.html 100%
~ #
~ # cat mytest.html
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
mytest 名称空间的Pod,访问 myns 名称空间的Service:myapp-clusterip1
[root@k8s-master cross_ns]# kubectl exec -it -n mytest myapp-deploy2-dc8f96497-w47dt sh
/ # cd /root/
### 如下说明在同一名称空间下,通信无问题
~ # ping myapp-clusterip2
PING myapp-clusterip2 (10.100.201.103): 56 data bytes
64 bytes from 10.100.201.103: seq=0 ttl=64 time=0.087 ms
64 bytes from 10.100.201.103: seq=1 ttl=64 time=0.073 ms
………………
~ #
~ # wget myapp-clusterip2 -O mytest.html
Connecting to myapp-clusterip2 (10.100.201.103:80)
mytest.html 100%
~ #
~ # cat mytest.html
Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>### 如下说明通过Service externalname类型,实现了Pod跨namespace名称空间与Service访问
~ # ping myapp-clusterip2-externalname
PING myapp-clusterip2-externalname (10.100.61.11): 56 data bytes
64 bytes from 10.100.61.11: seq=0 ttl=64 time=0.089 ms
64 bytes from 10.100.61.11: seq=1 ttl=64 time=0.071 ms
………………
~ #
~ # wget myapp-clusterip2-externalname -O myns.html
Connecting to myapp-clusterip2-externalname (10.100.61.11:80)
myns.html 100%
~ #
~ # cat myns.html
Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
由上可见,实现了Pod跨namespace名称空间与Service访问。
完毕!
———END——— 如果觉得不错就关注下呗 (-^O^-) !
Kubernetes K8S之Pod跨namespace名称空间访问Service服务相关推荐
- K8S中如何跨namespace 访问服务?为什么ping不通ClusterIP?
1.K8S中如何跨namespace 访问服务? 2.在Pod中为什么ping不通ClusterIP? 简述: Rancher2.0中的一个用户,在K8S环境中,创建两个namespace,对应用进行 ...
- 01 namespace名称空间
Namespace 名称空间 在C语言里,通常只分成全局或局部的变量/函数.在大项目里,当不同开发人员写代码时,会有函数名相同和变量名相同引发的冲突.所以在C源码里,如果变量或函数只是在当前源文件里使 ...
- pod:Kubernetes(k8s)创建pod的两种方式
目录 一.系统环境 服务器版本 docker软件版本 CPU架构 CentOS Linux release 7.4.1708 (Core) Docker version 20.10.12 x86_64 ...
- kubernetes强制删除pod、namespace
1.强制删除pod # 删除PODkubectl delete pod PODNAME --force --grace-period=0# 删除NAMESPACE不一定有用kubectl delete ...
- k8s 服务发现:通过CoreDNS域名访问service服务
直接用kubectl的方式暴露端口: 在k8s集群外面可以通过红框的内容来访问到svc: 在k8s集群内部访问svc也可以使用域名的简写(使用上述的当然也可以):
- k8s集群Deployment与Service+名称空间
加油!!! Deployment与Service资源 Namespace名称空间 Deployment与Service资源 Deployment 练习:创建一个Deployment资源对象,名称为bd ...
- Kubernetes基本入门-名称空间资源(三)
名称空间级资源 名称空间在kubernetes中主要的作用是做资源隔离,因此名称空间级别的资源只在当前名称空间下有效. 工作负载型资源 工作负载(workload)是在Kubernetes上运行的应用 ...
- kubernetes(k8s)全面介绍
kubernetes简介 Kubernetes(简称k8s)是Google在2014年6月开源的一个容器集群管理系统,使用Go语言开发,用于管理云平台中多个主机上的容器化的应用,Kubernetes的 ...
- 10-Python入门学习-函数的对象与嵌套、名称空间与作用域、闭包函数
一.函数的对象 函数是第一类对象,指的是函数名指向的值(函数)可以被当作数据去使用 def func():# func=函数的内地址print('from func')print(func)age=1 ...
最新文章
- Thrift抛直接内存OOM一点解决思路
- VMWARE HOST-ONLY方式共享上网
- Vue监听器与监听滥用
- ifix如何设画面大小_如何让你的视频又小又清晰?视频编码输出软件来了
- 【C语言简单说】二十:指针基础
- 平面分割 题解(1.16 递推模拟)
- html 正则表达式验证金额,js金额校验,js正则表达式,包含正负,小数点后两位...
- 诗与远方:无题(十五)
- 六.激光SLAM框架学习之A-LOAM框架---项目工程代码介绍---4.laserMapping.cpp--后端建图和帧位姿精估计(优化)
- jquery easy ui 1.3.4 窗口,对话框,提示框(5)
- TIOBE 5 月编程语言排行榜:Python、C++ 竞争白热化,Objective-C 已沦为小众语言
- 零成本学arduino教程——光敏电阻传感器
- uniapp下微信小程序超过2MB大小限制的解决方法
- 诺贝尔奖得主纳什夫妇因车祸去世
- L1, L2以及smooth L1 loss
- Python中MNE库的事件相关特定频段分析(MEG数据)
- Ubuntu20.04+Nvidia RTX 3060 显卡驱动安装
- performance 优化
- 电脑下载的M4A格式文件怎么转换为MP3格式 1
- NFT Insider #49:YGG学员总量突破20000名,《南华早报》在The Sandbox中构建香港天星码头