Kubernetes:无论使用服务名的协议如何，如何允许在相同/不同名称空间中运行的两个Pod通信? [英] Kubernetes: How to allow two pods running in same/different namespace communicate irrespective of the protocol using a servicename?

问题描述

允许在相同/不同名称空间中运行的两个Pod(例如Pod A和B)进行通信，而与协议(例如http，https，akka.tcp)无关，并且应用了有效的网络策略.

Allow two pods (say pod A and B) running in same/different namespace communicate irrespective of the protocol(say http,https,akka.tcp) along with a valid Network policy applied.

尝试过的解决方案:

Solutions tried:

1. 尝试将网络策略同时应用于两个Pod，并且还使用服务名称"my-svc.my-namespace.svc.cluster.local"来创建Pod B与运行服务"my-svc"的pod A通信，但两者无法沟通.

1. Tried applying network policy to both the pods and also used the service name: "my-svc.my-namespace.svc.cluster.local" to make pod B communicate to pod A which is running the service "my-svc" but both failed to communicate.

还尝试在部署时将Pod A的IP地址和主机映射添加到Pod B中，然后Pod B能够与Pod A进行通信但是反向通信失败.

Also tried adding the IP address and host mapping of pod A in pod B while it’s deployment, then pod B was able to communicate to pod A but inverse communication is failing.

请给我建议一种解决方法.

Kindly suggest me a way to fix this.

推荐答案

默认情况下，pod可以通过其IP地址相互通信，而与它们所在的命名空间无关.

By default, pods can communicate with each other by their IP address, regardless of the namespace they're in.

您可以通过以下方式查看每个吊舱的IP地址:

You can see the IP address of each pod with:

kubectl get pods -o wide --all-namespaces

但是，在群集内进行通信的常规方法是通过服务资源.

However, the normal way to communicate within a cluster is through Service resources.

服务还具有IP地址和DNS名称.服务由一组Pod提供支持.该服务将请求转发给自己到其中一个后备吊舱.

A Service also has an IP address and additionally a DNS name. A Service is backed by a set of pods. The Service forwards requests to itself to one of the backing pods.

服务的完全限定DNS名称为:

The fully qualified DNS name of a Service is:

<service-name>.<service-namespace>.svc.cluster.local

这可以从群集中的任何位置(无论名称空间如何)解析为服务的IP地址.

This can be resolved to the IP address of the Service from anywhere in the cluster (regardless of namespace).

例如，如果您拥有:

• 命名空间 ns-a :服务 svc-a →一组Pod A
• 命名空间 ns-b :服务 svc-b →Pod集B

• Namespace ns-a: Service svc-a → set of pods A
• Namespace ns-b: Service svc-b → set of pods B

然后，通过请求以下内容，集合A的广告连播可以到达集合B的广告连播:

Then a pod of set A can reach a pod of set B by making a request to:

svc-b.ns-b.svc.cluster.local

这篇关于Kubernetes:无论使用服务名的协议如何，如何允许在相同/不同名称空间中运行的两个Pod通信?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！