kubernetes 中跨 pods 的跨命名空间通信
Cross namespace communication across pods in kubernetes
如何在 kubernetes 中跨 pods 跨命名空间通信?假设网络服务器和应用程序 pod 在命名空间 A 中,数据库在命名空间 B 中。我也创建了外部名称,但仍然不起作用。
我们可以在 deployments.yaml
中有多个选择器吗
frontend-service
apiVersion: v1
kind: Service
metadata:
name: mongo-express-service
namespace: db
spec:
type: NodePort
selector:
app: mongo-express
ports:
- protocol: TCP
port: 8081
targetPort: 8081
DB-service.yaml
apiVersion: v1
kind: Service
metadata:
name: mongodb-service
namespace: db
spec:
type: ExternalName
externalName: mongo-express-service.frontend.svc.cluster.local
selector:
app: mongodb
ports:
- protocol: TCP
port: 27017
targetPort: 27017
$ kubectl get svc -n db
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
mongo-express-service NodePort 10.103.8.140 <none> 8081:32468/TCP 5h20m
mongodb-service ExternalName <none> mongo-express-service.frontend.svc.cluster.local 27017/TCP 5h19m
$ kubectl get svc -n frontend
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
mongo-express-service NodePort 10.102.174.70 <none> 8081:30928/TCP 5h20m
您应该创建一个网络策略:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: simple-policy
namespace: db
spec:
podSelector:
matchLabels:
app: mongo-db
policyTypes:
- Ingress
- Egress
ingress:
- from:
- namespaceSelector:
matchLabels:
name: frontend
- podSelector:
matchLabels:
app: mongo-express
ports:
- protocol: TCP
port: 27017
egress:
- to:
- namespaceSelector:
matchLabels:
name: frontend
- podSelector:
matchLabels:
app: mongodb-express
ports:
- protocol: TCP
port: 27017
你可以通过你喜欢的限制来缩小它,无论是整个命名空间,只有两个 pods 和一个特定的端口还是全部。
在 docs
中查看更多内容
一个命名空间中的 Pods 无需任何外部名称或网络策略即可与其他命名空间通信。默认情况下,通信发生在 pods 之间,除非通过网络策略配置了任何拒绝流量。
我像往常一样通过将它与选择器部分中的 mongodb 应用相关联来使用 clusterIP 创建了数据库服务
$ kubectl.exe describe svc mongodb-service -n db
Name: **mongodb-service**
Namespace: **db**
Labels: <none>
Annotations: <none>
**Selector: app=mongodb**
Type: **ClusterIP**
IP Families: <none>
IP: 10.109.25.141
IPs: 10.109.25.141
Port: <unset> 27017/TCP
TargetPort: 27017/TCP
Endpoints: 10.0.0.48:27017
Session Affinity: None
Events: <none>
$ kubectl.exe get svc -n db
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
mongodb-service ClusterIP 10.109.25.141 <none> 27017/TCP 47m
然后在前端命名空间中,我用 nameofservice.anothernamespace.svc.cluster.local (mongodb-service.db.svc.cluster.local).
更新了 configmap
apiVersion: v1
kind: ConfigMap
metadata:
name: mongodb-configmap
namespace: frontend
data:
database_url: mongodb-service.db.svc.cluster.local
pods 在前端命名空间中工作正常。
$ kubectl.exe get pods,svc -n frontend
NAME READY STATUS RESTARTS AGE
pod/mongo-express-78fcf796b8-m4xhj 1/1 Running 8 19m
pod/mongo-express-78fcf796b8-mf4bf 1/1 Running 8 19m
pod/mongo-express-78fcf796b8-zgjkh 1/1 Running 8 19m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/mongo-express-service NodePort 10.105.0.117 <none> 8081:31097/TCP 19m
如何在 kubernetes 中跨 pods 跨命名空间通信?假设网络服务器和应用程序 pod 在命名空间 A 中,数据库在命名空间 B 中。我也创建了外部名称,但仍然不起作用。
我们可以在 deployments.yaml
中有多个选择器吗frontend-service
apiVersion: v1
kind: Service
metadata:
name: mongo-express-service
namespace: db
spec:
type: NodePort
selector:
app: mongo-express
ports:
- protocol: TCP
port: 8081
targetPort: 8081
DB-service.yaml
apiVersion: v1
kind: Service
metadata:
name: mongodb-service
namespace: db
spec:
type: ExternalName
externalName: mongo-express-service.frontend.svc.cluster.local
selector:
app: mongodb
ports:
- protocol: TCP
port: 27017
targetPort: 27017
$ kubectl get svc -n db
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
mongo-express-service NodePort 10.103.8.140 <none> 8081:32468/TCP 5h20m
mongodb-service ExternalName <none> mongo-express-service.frontend.svc.cluster.local 27017/TCP 5h19m
$ kubectl get svc -n frontend
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
mongo-express-service NodePort 10.102.174.70 <none> 8081:30928/TCP 5h20m
您应该创建一个网络策略:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: simple-policy
namespace: db
spec:
podSelector:
matchLabels:
app: mongo-db
policyTypes:
- Ingress
- Egress
ingress:
- from:
- namespaceSelector:
matchLabels:
name: frontend
- podSelector:
matchLabels:
app: mongo-express
ports:
- protocol: TCP
port: 27017
egress:
- to:
- namespaceSelector:
matchLabels:
name: frontend
- podSelector:
matchLabels:
app: mongodb-express
ports:
- protocol: TCP
port: 27017
你可以通过你喜欢的限制来缩小它,无论是整个命名空间,只有两个 pods 和一个特定的端口还是全部。
在 docs
中查看更多内容Pods 无需任何外部名称或网络策略即可与其他命名空间通信。默认情况下,通信发生在 pods 之间,除非通过网络策略配置了任何拒绝流量。
我像往常一样通过将它与选择器部分中的 mongodb 应用相关联来使用 clusterIP 创建了数据库服务
$ kubectl.exe describe svc mongodb-service -n db
Name: **mongodb-service**
Namespace: **db**
Labels: <none>
Annotations: <none>
**Selector: app=mongodb**
Type: **ClusterIP**
IP Families: <none>
IP: 10.109.25.141
IPs: 10.109.25.141
Port: <unset> 27017/TCP
TargetPort: 27017/TCP
Endpoints: 10.0.0.48:27017
Session Affinity: None
Events: <none>
$ kubectl.exe get svc -n db
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
mongodb-service ClusterIP 10.109.25.141 <none> 27017/TCP 47m
然后在前端命名空间中,我用 nameofservice.anothernamespace.svc.cluster.local (mongodb-service.db.svc.cluster.local).
更新了 configmapapiVersion: v1
kind: ConfigMap
metadata:
name: mongodb-configmap
namespace: frontend
data:
database_url: mongodb-service.db.svc.cluster.local
pods 在前端命名空间中工作正常。
$ kubectl.exe get pods,svc -n frontend
NAME READY STATUS RESTARTS AGE
pod/mongo-express-78fcf796b8-m4xhj 1/1 Running 8 19m
pod/mongo-express-78fcf796b8-mf4bf 1/1 Running 8 19m
pod/mongo-express-78fcf796b8-zgjkh 1/1 Running 8 19m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/mongo-express-service NodePort 10.105.0.117 <none> 8081:31097/TCP 19m