kubernetes创建两个不通namesapce的service，实现service之间访问

一、创建两个service

[root@master69 kubernetes]# kubectl create -f hl95-notary/hl95-notary-namespace.yaml
[root@master69 kubernetes]# kubectl create -f hl95-notary/hl95-notary-api-deployment.yaml
[root@master69 kubernetes]# kubectl create -f hl95-notary/hl95-notary-api-service.yaml  

[root@master69 kubernetes]# kubectl create -f nginx-demo/nginx-demo-deployment.yaml 
[root@master69 kubernetes]# kubectl create -f nginx-demo/nginx-demo-service.yaml 

二、查看service

[root@master69 hl95-notary]# kubectl get svc -n default -o wide
NAME                 TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE     SELECTOR
kubernetes           ClusterIP   10.96.0.1        <none>        443/TCP        3d16h   <none>
nginx-demo-service   NodePort    10.100.213.139   <none>        81:30001/TCP   95m     app=nginx-k8s-demo

[root@master69 hl95-notary]# kubectl get svc -n hl95-notary  -o wide       
NAME                      TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE   SELECTOR
hl95-notary-api-service   NodePort   10.104.120.54   <none>        8079:8079/TCP   59m   app=hl95-notary-api

可以看到nginx-demo-service位于default命名空间，IP为10.100.213.139

hl95-notary-api-service位于hl95-notary命名空间，ip为10.104.120.54

三、进入nginx-demo-service后端的一个pod中

[root@redis-01 kubernetes]# kubectl exec -it nginx-demo-deployment-59fbc48594-8gns5 /bin/bash

通过服务名称:端口 来访问服务

root@nginx-demo-deployment-59fbc48594-8gns5:/# curl nginx-demo-service:81
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
         35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
root@nginx-demo-deployment-59fbc48594-8gns5:/# 

访问成功，为什么通过服务名称就能直接访问接口呢？我们查看/etc/resolv.conf，这个域名解析文件

root@nginx-demo-deployment-59fbc48594-8gns5:/# cat /etc/resolv.conf 
nameserver 10.96.0.10
search default.svc.master69.kubernetes.blockchain.hl95.com svc.master69.kubernetes.blockchain.hl95.com master69.kubernetes.blockchain.hl95.com hlqxt
options ndots:5

nameserver：dns服务器地址，10.96.0.10正是kube-dns服务的地址

[root@master69 hl95-notary]# kubectl get svc -n kube-system
NAME       TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)                  AGE
kube-dns   ClusterIP   10.96.0.10   <none>        53/UDP,53/TCP,9153/TCP   3d16h

也就是说，pod内的域名访问是通过kube-dns服务来解析的

search:字段，之所以能够通过Service名称和Namespace就能访问Service，就是因为search配置的规则。在解析域名时会自动拼接成完整域名去查询DNS。

如果不带namespace，则默认为dedault

我们直接在nginx的pod里访问另外一个service看看

root@nginx-demo-deployment-59fbc48594-8gns5:/# ping hl95-notary-api-service
ping: unknown host

发现未知的主机，报错，说明这个域名是不能解析的，是因为hl95-notary-api-service这个服务在另外一个namespace里，所以需要带上namespace才可以访问

root@nginx-demo-deployment-59fbc48594-8gns5:/# ping hl95-notary-api-service.hl95-notary
PING hl95-notary-api-service.hl95-notary.svc.master69.kubernetes.blockchain.hl95.com (10.104.120.54): 56 data bytes
64 bytes from 10.104.120.54: icmp_seq=0 ttl=64 time=0.085 ms
64 bytes from 10.104.120.54: icmp_seq=1 ttl=64 time=0.097 ms

root@nginx-demo-deployment-59fbc48594-8gns5:/# curl hl95-notary-api-service.hl95-notary:8079
{"timestamp":1610504965410,"status":404,"error":"Not Found","message":"No message available","path":"/"}root@nginx-demo-deployment-59fbc48594-8gns5:/# 

通过service.namesapce.port成功访问

同样在hl95-notary-api-service后端的pod里也需要加上nginx-demo-service.default才可以访问nginx服务

bash-5.0#  ping nginx-demo-service
ping: bad address 'nginx-demo-service'
bash-5.0#  ping nginx-demo-service.default
PING nginx-demo-service.default (10.100.213.139): 56 data bytes
64 bytes from 10.100.213.139: seq=0 ttl=64 time=0.093 ms
64 bytes from 10.100.213.139: seq=1 ttl=64 time=0.174 ms

bash-5.0# curl nginx-demo-service.default:81
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
         35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
bash-5.0# 

如果服务之间是不通的namesapce空间下的，那么在服务之间相互访问，则必须使用service.namesapce来访问，不能直接使用service来访问了。