kubernetes建立兩個不通namesapce的service,實現service之間訪問
阿新 • • 發佈:2021-06-30
一、建立兩個service
[root@master69 kubernetes]# kubectl create -f hl95-notary/hl95-notary-namespace.yaml [root@master69 kubernetes]# kubectl create -f hl95-notary/hl95-notary-api-deployment.yaml [root@master69 kubernetes]# kubectl create -f hl95-notary/hl95-notary-api-service.yaml
[root@master69 kubernetes]# kubectl create -f nginx-demo/nginx-demo-deployment.yaml [root@master69 kubernetes]# kubectl create-f nginx-demo/nginx-demo-service.yaml
二、檢視service
[root@master69 hl95-notary]# kubectl get svc -n default -o wide NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 3d16h <none> nginx-demo-service NodePort 10.100.213.139 <none> 81:30001/TCP 95m app=nginx-k8s-demo
[root@master69 hl95-notary]# kubectl get svc -n hl95-notary -o wide NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR hl95-notary-api-service NodePort 10.104.120.54 <none> 8079:8079/TCP 59m app=hl95-notary-api
可以看到nginx-demo-service位於default名稱空間,IP為10.100.213.139
hl95-notary-api-service位於hl95-notary名稱空間,ip為10.104.120.54
三、進入nginx-demo-service後端的一個pod中
[root@redis-01 kubernetes]# kubectl exec -it nginx-demo-deployment-59fbc48594-8gns5 /bin/bash
通過服務名稱:埠 來訪問服務
root@nginx-demo-deployment-59fbc48594-8gns5:/# curl nginx-demo-service:81 <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p> </body> </html> root@nginx-demo-deployment-59fbc48594-8gns5:/#
訪問成功,為什麼通過服務名稱就能直接訪問介面呢?我們檢視/etc/resolv.conf,這個域名解析檔案
root@nginx-demo-deployment-59fbc48594-8gns5:/# cat /etc/resolv.conf nameserver 10.96.0.10 search default.svc.master69.kubernetes.blockchain.hl95.com svc.master69.kubernetes.blockchain.hl95.com master69.kubernetes.blockchain.hl95.com hlqxt options ndots:5
nameserver:dns伺服器地址,10.96.0.10正是kube-dns服務的地址
[root@master69 hl95-notary]# kubectl get svc -n kube-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 3d16h
也就是說,pod內的域名訪問是通過kube-dns服務來解析的
search:欄位,之所以能夠通過Service名稱和Namespace就能訪問Service,就是因為search配置的規則。在解析域名時會自動拼接成完整域名去查詢DNS。
如果不帶namespace,則預設為dedault
我們直接在nginx的pod裡訪問另外一個service看看
root@nginx-demo-deployment-59fbc48594-8gns5:/# ping hl95-notary-api-service ping: unknown host
發現未知的主機,報錯,說明這個域名是不能解析的,是因為hl95-notary-api-service這個服務在另外一個namespace裡,所以需要帶上namespace才可以訪問
root@nginx-demo-deployment-59fbc48594-8gns5:/# ping hl95-notary-api-service.hl95-notary PING hl95-notary-api-service.hl95-notary.svc.master69.kubernetes.blockchain.hl95.com (10.104.120.54): 56 data bytes 64 bytes from 10.104.120.54: icmp_seq=0 ttl=64 time=0.085 ms 64 bytes from 10.104.120.54: icmp_seq=1 ttl=64 time=0.097 ms
root@nginx-demo-deployment-59fbc48594-8gns5:/# curl hl95-notary-api-service.hl95-notary:8079 {"timestamp":1610504965410,"status":404,"error":"Not Found","message":"No message available","path":"/"}root@nginx-demo-deployment-59fbc48594-8gns5:/#
通過service.namesapce.port成功訪問
同樣在hl95-notary-api-service後端的pod裡也需要加上nginx-demo-service.default才可以訪問nginx服務
bash-5.0# ping nginx-demo-service ping: bad address 'nginx-demo-service' bash-5.0# ping nginx-demo-service.default PING nginx-demo-service.default (10.100.213.139): 56 data bytes 64 bytes from 10.100.213.139: seq=0 ttl=64 time=0.093 ms 64 bytes from 10.100.213.139: seq=1 ttl=64 time=0.174 ms
bash-5.0# curl nginx-demo-service.default:81 <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p> </body> </html> bash-5.0#
如果服務之間是不通的namesapce空間下的,那麼在服務之間相互訪問,則必須使用service.namesapce來訪問,不能直接使用service來訪問了。