Kubernetes m6S之Pod跨namespace名称空间访问Service服务
Kubernetes的两个Service(ServiceA、ServiceB)和对应的Pod(PodA、PodB)分别属于不同的namespace名称空间,现需要PodA和PodB跨namespace名称空间并通过Service实现互访。应该如何实现?
场景需求
Kubernetes的两个Service(ServiceA、ServiceB)和对应的Pod(PodA、PodB)分别属于不同的namespace名称空间,现需要PodA和PodB跨namespace名称空间并通过Service实现互访。如何实现?
说明:这里是指通过Service的Name进行通信访问,而不是通过Service的IP【因因为每次重启Service,NAME不会改变,而IP是会改变的】。
主机配置规划
| 服务器名称(hostname) | 系统版本 | 配置 | 内网IP | 外网IP(模拟) |
|---|---|---|---|---|
| k8s-master | CentOS7.7 | 2C/4G/20G | 172.16.1.110 | 10.0.0.110 |
| k8s-node01 | CentOS7.7 | 2C/4G/20G | 172.16.1.111 | 10.0.0.111 |
| k8s-node02 | CentOS7.7 | 2C/4G/20G | 172.16.1.112 | 10.0.0.112 |
创建Service和Pod
相关yaml文件
1 [root@k8s-master cross_ns]# pwd2 /root/k8s_practice/cross_ns
3 [root@k8s-master cross_ns]#
4 [root@k8s-master cross_ns]# cat deply_service_myns.yaml
5apiVersion: v1
6kind: Namespace
7metadata:
8 name: myns
9 ---
10 apiVersion: apps/v1
11kind: Deployment
12metadata:
13 name: myapp-deploy1
14 namespace: myns
15spec:
16 replicas: 2
17 selector:
18 matchLabels:
19 app: myapp
20 release: v1
21 template:
22 metadata:
23 labels:
24 app: myapp
25 release: v1
26 spec:
27 containers:
28 - name: myapp
29 image: registry.cn-beijing.aliyuncs.com/google_registry/myapp:v1
30 imagePullPolicy: IfNotPresent
31 ports:
32 - name: http
33 containerPort: 80
34 ---
35apiVersion: v1
36kind: Service
37metadata:
38 name: myapp-clusterip1
39 namespace: myns
40spec:
41 type: ClusterIP # 默认类型
42 selector:
43 app: myapp
44 release: v1
45 ports:
46 - name: http
47 port: 80
48 targetPort: 80
49
50 [root@k8s-master cross_ns]#
51 [root@k8s-master cross_ns]# cat deply_service_mytest.yaml
52apiVersion: v1
53kind: Namespace
54metadata:
55 name: mytest
56 ---
57 apiVersion: apps/v1
58kind: Deployment
59metadata:
60 name: myapp-deploy2
61 namespace: mytest
62spec:
63 replicas: 2
64 selector:
65 matchLabels:
66 app: myapp
67 release: v2
68 template:
69 metadata:
70 labels:
71 app: myapp
72 release: v2
73 spec:
74 containers:
75 - name: myapp
76 image: registry.cn-beijing.aliyuncs.com/google_registry/myapp:v2
77 imagePullPolicy: IfNotPresent
78 ports:
79 - name: http
80 containerPort: 80
81 ---
82apiVersion: v1
83kind: Service
84metadata:
85 name: myapp-clusterip2
86 namespace: mytest
87spec:
88 type: ClusterIP # 默认类型
89 selector:
90 app: myapp
91 release: v2
92 ports:
93 - name: http
94 port: 80
95 targetPort: 80
运行yaml文件
1 kubectl apply -f deply_service_myns.yaml2 kubectl apply -f deply_service_mytest.yaml
查看myns名称空间信息
1 [root@k8s-master cross_ns]# kubectl get svc -n myns -o wide 2 NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR 3 myapp-clusterip1 ClusterIP 10.100.61.11 <none> 80/TCP 3m app=myapp,release=v1 4 [root@k8s-master cross_ns]# 5 [root@k8s-master cross_ns]# kubectl get deploy -n myns -o wide 6 NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR 7 myapp-deploy1 2/222 3m7s myapp registry.cn-beijing.aliyuncs.com/google_registry/myapp:v1 app=myapp,release=v1 8 [root@k8s-master cross_ns]# 9 [root@k8s-master cross_ns]# kubectl get rs -n myns -o wide10NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR11 myapp-deploy1-5b9d78576c 222 3m15s myapp registry.cn-beijing.aliyuncs.com/google_registry/myapp:v1 app=myapp,pod-template-hash=5b9d78576c,release=v112 [root@k8s-master cross_ns]#13 [root@k8s-master cross_ns]# kubectl get pod -n myns -o wide14NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES15 myapp-deploy1-5b9d78576c-wfw4n 1/1 Running 0 3m20s 10.244.2.136 k8s-node02 <none> <none>16 myapp-deploy1-5b9d78576c-zsfjl 1/1 Running 0 3m20s 10.244.3.193 k8s-node01 <none> <none>
查看mytest名称空间信息
1 [root@k8s-master cross_ns]# kubectl get svc -n mytest -o wide 2 NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR 3 myapp-clusterip2 ClusterIP 10.100.201.103 <none> 80/TCP 4m9s app=myapp,release=v2 4 [root@k8s-master cross_ns]# 5 [root@k8s-master cross_ns]# kubectl get deploy -n mytest -o wide 6 NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR 7 myapp-deploy2 2/222 4m15s myapp registry.cn-beijing.aliyuncs.com/google_registry/myapp:v2 app=myapp,release=v2 8 [root@k8s-master cross_ns]# 9 [root@k8s-master cross_ns]# kubectl get rs -n mytest -o wide10NAME DESIRED CURRENT READY AGE CONTAINERS IMAGES SELECTOR11 myapp-deploy2-dc8f96497 222 4m22s myapp registry.cn-beijing.aliyuncs.com/google_registry/myapp:v2 app=myapp,pod-template-hash=dc8f96497,release=v212 [root@k8s-master cross_ns]#13 [root@k8s-master cross_ns]# kubectl get pod -n mytest -o wide14NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES15 myapp-deploy2-dc8f96497-nnkqn 1/1 Running 0 4m27s 10.244.3.194 k8s-node01 <none> <none>16 myapp-deploy2-dc8f96497-w47dt 1/1 Running 0 4m27s 10.244.2.137 k8s-node02 <none> <none>
只看Service和Pod
1 [root@k8s-master cross_ns]# kubectl get pod -A -o wide | grep -E '(my)|(NAME)'2NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
3 myns myapp-deploy1-5b9d78576c-wfw4n 1/1 Running 0 41m 10.244.2.136 k8s-node02 <none> <none>
4 myns myapp-deploy1-5b9d78576c-zsfjl 1/1 Running 0 41m 10.244.3.193 k8s-node01 <none> <none>
5 mytest myapp-deploy2-dc8f96497-nnkqn 1/1 Running 0 41m 10.244.3.194 k8s-node01 <none> <none>
6 mytest myapp-deploy2-dc8f96497-w47dt 1/1 Running 0 41m 10.244.2.137 k8s-node02 <none> <none>
7 [root@k8s-master cross_ns]#
8 [root@k8s-master cross_ns]#
9 [root@k8s-master cross_ns]# kubectl get svc -A -o wide | grep -E '(my)|(NAME)'
10 NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
11 myns myapp-clusterip1 ClusterIP 10.100.61.11 <none> 80/TCP 41m app=myapp,release=v1
12 mytest myapp-clusterip2 ClusterIP 10.100.201.103 <none> 80/TCP 41m app=myapp,release=v2
pod跨名称空间namespace与Service通信
说明:是通过Service的NAME进行通信,而不是Service的IP【因为每次重启Service,NAME不会改变,而IP是会改变的】。
1# 进入ns名称空间下的一个Pod容器 2 [root@k8s-master cross_ns]# kubectl exec -it -n myns myapp-deploy1-5b9d78576c-wfw4n sh3 / # cd /root/
4### 如下说明在同一名称空间下,通信无问题
5 ~ # ping myapp-clusterip1
6 PING myapp-clusterip1 (10.100.61.11): 56 data bytes
764 bytes from 10.100.61.11: seq=0 ttl=64time=0.046 ms
864 bytes from 10.100.61.11: seq=1 ttl=64time=0.081 ms
9 ~ #
10 ~ # wget myapp-clusterip1 -O myns.html
11 Connecting to myapp-clusterip1 (10.100.61.11:80)
12 myns.html 100%
13 ~ #
14 ~ # cat myns.html
15 Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
16
17### 如下说明在不同的名称空间下,通过Service的NAME进行通信存在问题
18 ~ # ping myapp-clusterip2
19ping: bad address 'myapp-clusterip2'
20 ~ #
21 ~ # wget myapp-clusterip2 -O mytest.html
22wget: bad address 'myapp-clusterip2'
实现跨namespace与Service通信
通过Service的ExternalName类型即可实现跨namespace名称空间与Service通信。
Service域名格式:$(service name).$(namespace).svc.cluster.local,其中 cluster.local 为指定的集群的域名
相关yaml文件
1 [root@k8s-master cross_ns]# pwd2 /root/k8s_practice/cross_ns
3 [root@k8s-master cross_ns]#
4 [root@k8s-master cross_ns]# cat svc_ExternalName_visit.yaml
5 # 实现 myns 名称空间的pod,访问 mytest 名称空间的Service:myapp-clusterip2
6apiVersion: v1
7kind: Service
8metadata:
9 name: myapp-clusterip1-externalname
10 namespace: myns
11spec:
12 type: ExternalName
13 externalName: myapp-clusterip2.mytest.svc.cluster.local
14 ports:
15 - name: http
16 port: 80
17 targetPort: 80
18 ---
19 # 实现 mytest 名称空间的Pod,访问 myns 名称空间的Service:myapp-clusterip1
20apiVersion: v1
21kind: Service
22metadata:
23 name: myapp-clusterip2-externalname
24 namespace: mytest
25spec:
26 type: ExternalName
27 externalName: myapp-clusterip1.myns.svc.cluster.local
28 ports:
29 - name: http
30 port: 80
31 targetPort: 80
运行yaml文件
1 [root@k8s-master cross_ns]# kubectl apply -f svc_ExternalName_visit.yaml2 [root@k8s-master cross_ns]#3 [root@k8s-master cross_ns]# kubectl get svc -A -o wide | grep -E '(ExternalName)|(NAME)'4 NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
5 myns myapp-clusterip1-externalname ExternalName <none> myapp-clusterip2.mytest.svc.cluster.local 80/TCP 28s <none>
6 mytest myapp-clusterip2-externalname ExternalName <none> myapp-clusterip1.myns.svc.cluster.local 80/TCP 28s <none>
pod跨名称空间namespace与Service通信
到目前所有service和pod信息查看
1 [root@k8s-master cross_ns]# kubectl get svc -A -o wide | grep -E '(my)|(NAME)'2 NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
3 myns myapp-clusterip1 ClusterIP 10.100.61.11 <none> 80/TCP 62m app=myapp,release=v1
4 myns myapp-clusterip1-externalname ExternalName <none> myapp-clusterip2.mytest.svc.cluster.local 80/TCP 84s <none>
5 mytest myapp-clusterip2 ClusterIP 10.100.201.103 <none> 80/TCP 62m app=myapp,release=v2
6 mytest myapp-clusterip2-externalname ExternalName <none> myapp-clusterip1.myns.svc.cluster.local 80/TCP 84s <none>
7 [root@k8s-master cross_ns]#
8 [root@k8s-master cross_ns]# kubectl get pod -A -o wide | grep -E '(my)|(NAME)'
9NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
10 myns myapp-deploy1-5b9d78576c-wfw4n 1/1 Running 0 62m 10.244.2.136 k8s-node02 <none> <none>
11 myns myapp-deploy1-5b9d78576c-zsfjl 1/1 Running 0 62m 10.244.3.193 k8s-node01 <none> <none>
12 mytest myapp-deploy2-dc8f96497-nnkqn 1/1 Running 0 62m 10.244.3.194 k8s-node01 <none> <none>
13 mytest myapp-deploy2-dc8f96497-w47dt 1/1 Running 0 62m 10.244.2.137 k8s-node02 <none> <none>
myns 名称空间的pod,访问 mytest 名称空间的Service:myapp-clusterip2
1 [root@k8s-master cross_ns]# kubectl exec -it -n myns myapp-deploy1-5b9d78576c-wfw4n sh2 / # cd /root/
3### 如下说明在同一名称空间下,通信无问题
4 ~ # ping myapp-clusterip1
5 PING myapp-clusterip1 (10.100.61.11): 56 data bytes
664 bytes from 10.100.61.11: seq=0 ttl=64time=0.057 ms
764 bytes from 10.100.61.11: seq=1 ttl=64time=0.071 ms
8………………
9 ~ #
10 ~ # wget myapp-clusterip1 -O myns.html
11 Connecting to myapp-clusterip1 (10.100.61.11:80)
12 myns.html 100%
13 ~ #
14 ~ # cat myns.html
15 Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
16
17### 如下说明通过Service externalname类型,实现了Pod跨namespace名称空间与Service访问
18 ~ # ping myapp-clusterip1-externalname
19 PING myapp-clusterip1-externalname (10.100.201.103): 56 data bytes
2064 bytes from 10.100.201.103: seq=0 ttl=64time=0.050 ms
2164 bytes from 10.100.201.103: seq=1 ttl=64time=0.311 ms
22………………
23 ~ #
24 ~ # wget myapp-clusterip1-externalname -O mytest.html
25 Connecting to myapp-clusterip1-externalname (10.100.201.103:80)
26 mytest.html 100%
27 ~ #
28 ~ # cat mytest.html
29 Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
mytest 名称空间的Pod,访问 myns 名称空间的Service:myapp-clusterip1
1 [root@k8s-master cross_ns]# kubectl exec -it -n mytest myapp-deploy2-dc8f96497-w47dt sh2 / # cd /root/
3### 如下说明在同一名称空间下,通信无问题
4 ~ # ping myapp-clusterip2
5 PING myapp-clusterip2 (10.100.201.103): 56 data bytes
664 bytes from 10.100.201.103: seq=0 ttl=64time=0.087 ms
764 bytes from 10.100.201.103: seq=1 ttl=64time=0.073 ms
8………………
9 ~ #
10 ~ # wget myapp-clusterip2 -O mytest.html
11 Connecting to myapp-clusterip2 (10.100.201.103:80)
12 mytest.html 100%
13 ~ #
14 ~ # cat mytest.html
15 Hello MyApp | Version: v2 | <a href="hostname.html">Pod Name</a>
16
17### 如下说明通过Service externalname类型,实现了Pod跨namespace名称空间与Service访问
18 ~ # ping myapp-clusterip2-externalname
19 PING myapp-clusterip2-externalname (10.100.61.11): 56 data bytes
2064 bytes from 10.100.61.11: seq=0 ttl=64time=0.089 ms
2164 bytes from 10.100.61.11: seq=1 ttl=64time=0.071 ms
22………………
23 ~ #
24 ~ # wget myapp-clusterip2-externalname -O myns.html
25 Connecting to myapp-clusterip2-externalname (10.100.61.11:80)
26 myns.html 100%
27 ~ #
28 ~ # cat myns.html
29 Hello MyApp | Version: v1 | <a href="hostname.html">Pod Name</a>
由上可见,实现了Pod跨namespace名称空间与Service访问。
完毕!
———END———
如果觉得不错就关注下呗 (-^O^-) !
以上是 Kubernetes m6S之Pod跨namespace名称空间访问Service服务 的全部内容, 来源链接: utcz.com/a/48398.html
