kubernetes 中跨 pods 的跨命名空间通信

Cross namespace communication across pods in kubernetes

如何在 kubernetes 中跨 pods 跨命名空间通信?假设网络服务器和应用程序 pod 在命名空间 A 中,数据库在命名空间 B 中。我也创建了外部名称,但仍然不起作用。

我们可以在 deployments.yaml

中有多个选择器吗
frontend-service

apiVersion: v1
kind: Service
metadata:
  name: mongo-express-service
  namespace: db
spec:
  type: NodePort
  selector:
    app: mongo-express
  ports:
    - protocol: TCP
      port: 8081
      targetPort: 8081
DB-service.yaml

apiVersion: v1
kind: Service
metadata:
  name: mongodb-service
  namespace: db
spec:
  type: ExternalName
  externalName: mongo-express-service.frontend.svc.cluster.local
  selector:
    app: mongodb
  ports:
    - protocol: TCP
      port: 27017
      targetPort: 27017
$ kubectl get svc -n db
NAME                    TYPE           CLUSTER-IP     EXTERNAL-IP                                        PORT(S)          AGE
mongo-express-service   NodePort       10.103.8.140   <none>                                             8081:32468/TCP   5h20m
mongodb-service         ExternalName   <none>         mongo-express-service.frontend.svc.cluster.local   27017/TCP        5h19m
$ kubectl get svc -n frontend
NAME                    TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
mongo-express-service   NodePort   10.102.174.70   <none>        8081:30928/TCP   5h20m

您应该创建一个网络策略:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: simple-policy
  namespace: db
spec:
  podSelector:
    matchLabels:
      app: mongo-db
  policyTypes:
  - Ingress
  - Egress
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          name: frontend
    - podSelector:
        matchLabels:
          app: mongo-express
    ports:
    - protocol: TCP
      port: 27017
  egress:
  - to:
    - namespaceSelector:
        matchLabels:
          name: frontend
    - podSelector:
        matchLabels:
          app: mongodb-express
    ports:
    - protocol: TCP
      port: 27017

你可以通过你喜欢的限制来缩小它,无论是整个命名空间,只有两个 pods 和一个特定的端口还是全部。

docs

中查看更多内容
一个命名空间中的

Pods 无需任何外部名称或网络策略即可与其他命名空间通信。默认情况下,通信发生在 pods 之间,除非通过网络策略配置了任何拒绝流量。

我像往常一样通过将它与选择器部分中的 mongodb 应用相关联来使用 clusterIP 创建了数据库服务

$ kubectl.exe describe svc mongodb-service -n db

Name:              **mongodb-service**

Namespace:         **db**

Labels:            <none>

Annotations:       <none>

**Selector:          app=mongodb**

Type:              **ClusterIP**

IP Families:       <none>

IP:                10.109.25.141

IPs:               10.109.25.141

Port:              <unset>  27017/TCP

TargetPort:        27017/TCP

Endpoints:         10.0.0.48:27017

Session Affinity:  None

Events:            <none>

$ kubectl.exe get svc -n  db
NAME              TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)     AGE
mongodb-service   ClusterIP   10.109.25.141   <none>        27017/TCP   47m

然后在前端命名空间中,我用 nameofservice.anothernamespace.svc.cluster.local (mongodb-service.db.svc.cluster.local).

更新了 configmap
apiVersion: v1

kind: ConfigMap

metadata:

  name: mongodb-configmap

  namespace: frontend

data:

  database_url: mongodb-service.db.svc.cluster.local 

pods 在前端命名空间中工作正常。

$ kubectl.exe get pods,svc -n  frontend

NAME                                 READY   STATUS    RESTARTS   AGE

pod/mongo-express-78fcf796b8-m4xhj   1/1     Running   8          19m

pod/mongo-express-78fcf796b8-mf4bf   1/1     Running   8          19m

pod/mongo-express-78fcf796b8-zgjkh   1/1     Running   8          19m

NAME                            TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)          AGE

service/mongo-express-service   NodePort   10.105.0.117   <none>        8081:31097/TCP   19m