Kubernetes Access Service located in another namespace

Posted on Wednesday September 4, 2019

Referefce

Introduction

In Kubernetes the namespace is used to isolate the resource, based on the use case services in different namespace may required to access the service located in another namespace and kubernetes allow this by using ExternalName concept.

An ExternalName Service is a special case of Service that does not have selectors and uses DNS names instead.

To demonstrate the ExternalName lets assume we have a service of mysql which is running on defualt namespace

apiVersion: v1
kind: Service
metadata:
  name: mysql
  namespace: default
spec:
  clusterIP: None
  ports:
  - port: 3306
    protocol: TCP
    targetPort: 3306
  selector:
    app: mysql
  type: ClusterIP

And a test busybox pod located in the default namespace is accessing this service using DNS name mysql

[email protected]:# kubectl exec -it busybox sh
/ # ping -c1 mysql
PING mysql (192.168.242.145): 56 data bytes
64 bytes from 192.168.242.145: seq=0 ttl=63 time=0.068 ms

--- mysql ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.068/0.068/0.068 ms
/ # exit

If some other pod in another namespace is try to access the mysql service, it will not able to resolve the DNS mysql as shown below,

[email protected]:# kubectl create ns playground
[email protected]:# kubectl apply -f busybox.yml -n playground 
pod/busybox unchanged

[email protected]:# kubectl exec -it busybox sh -n playground 
/ # 
/ # ping -c2 mysql
ping: bad address 'mysql'
/ # exit

To Access the mysql service in the default namespace we need to build a service with type ExternalName as shown below. The externalName must point to the namespace which we are trying to access on that namespace.

mysql.default.svc.cluster.local

kind: Service
apiVersion: v1
metadata:
  name: mysql
  namespace: playground
spec:
  type: ExternalName
  externalName: mysql.default.svc.cluster.local
  ports:
  - port: 3306

Apply the configuration and check for the svc

[email protected]:# kubectl get svc -n playground 
NAME                   TYPE           CLUSTER-IP      EXTERNAL-IP                       PORT(S)    AGE
mysql                  ExternalName   <none>          mysql.default.svc.cluster.local   3306/TCP   8s

The ExternalName is configured properly, now different pod should be access the service mysql which is located in another namespace.

[email protected]:# kubectl exec -it busybox sh -n playground 
/ # ping -c2 mysql
PING mysql (192.168.242.145): 56 data bytes
64 bytes from 192.168.242.145: seq=0 ttl=63 time=0.069 ms
64 bytes from 192.168.242.145: seq=1 ttl=63 time=0.075 ms

--- mysql ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.069/0.072/0.075 ms
/ # exit

Video Demo

Thanku for reading !!! Give a Share for Support

Asking for donation sound bad to me, so i'm raising fund from by offering all my Nine book for just $9

Kubernetes Related Topics

kubernetes (pod/deployment/svc) YAML/JSON Generator

Docker compose to kubernetes Generator

kubernetes to Docker Compose Generator

Docker compose Generator

Docker run to compose Generator

Docker compose to docker run Generator

kubernetes install on using ansible

kube install on in centos7/ubuntu7

kubernetes Dashbaord Setup

Pod,Cluster,Deploy,ReplicaSet Light Dive

kubernetes secure nginx deployment

kubernetes Port, Targetport and NodePort

kubernetes Namespace

kubenetes Auth,Authorization,Admission

kubernetes Role-Based Access Control

Kubernetes Privilege Escalation Vulnerability

Upgrading kubernetes cluster

Prometheus Dashboard Access

Kubernetes mysql installation

Kubernetes Jenkins installation

Podman Jenkins installation

Kubernetes mariadb installation

Kubernetes wordpress installation

Kubernetes drupal installation

Kubernetes traefik installation

Kubernetes Ingress traefik

kubernetes service external ip pending ?

Service Mesh With Istio

Access SVC in Another Namespaces

kubernetes Java client example

kubernetes letsencrypt deploy wild card certificate

Right Way to Install Docker

Docker Private repo with SSL and AUTH

Creating Docker Base Image

Container Runtime (RUNC,RKT,CRI-O,Conatinerd)

Podman Install on Ubuntu/Debian

Linux Related Topics

What's New RHEL8/Centos8

Auto-mounting an NFS share using autofs

Linux Mount&Unmout revisit

Add Ipv6 Support to ECS Instances

IPtables Must Known Stuff

How to Monitor All executed Commands

Top ps command for Monitor/Troubleshoot

Detecting Linux distribution name

Overview of Linux namespace

Overview of CGroup

Exploring Alibaba cloud Free Trial

Productivity HTTPIE, WGET, CURL

LAMP Stack on Centos8/RH8

Ansible Related Topics

Manage System users (sudo/Non sudo)

Ansible Variables Explained in Roles

Pass sudo/ssh password without prompt

Ansible Windows Commands

Openstack Articles

Applied Cryptography Topics

PKI in Nutshell

OCSP in Nutshell

TLSv1.3 in Nutshell

Secure Nginx Configuration

Java Keytool/Keystore in Nutshell

Twenty Steps of SSH hardening

SSH MFA with Google Authenticator

Apache TLS Configuration

Web Crypto API Topics

Web Cryptography Algorithms

How to generate random Numbers

How to digest/hash a message

AES importKey/encrypt/decrypt

AES-GCM - generateKey/Encrypt/Decrypt

AES (CTR/CBC/GCM) ExportKey in JWK format

PBKDF2 Derive Keys

PBKDF2,HMAC Digital Signature (sign/Verify)

RSA-OAEP generateKey/Encrypt/Decrypt

RSASSA-PKCS1-v1_5 generateKey/sign/verify

RSA-PSS generateKey/sign/verify

ECDSA generateKey/Sign/Verify

ECDH generateKey/Encrypt/Decrypt

python Cryptography Topics

RSA Cryptography

PHP Cryptography Topics

openssl_get_cipher_methods

openssl_get_md_methods

openssl_cipher_iv_length

openssl_encrypt/decrypt

openssl_pkey_new/(rsa/dsa/ec)

openssl_get_curve_names

Topics

For Coffee/ Beer/ Amazon Bill and further development of the project Support by Purchasing, The Modern Cryptography CookBook for Just $9 Coupon Price

Kubernetes for DevOps

Hello Dockerfile

Cryptography for Python Developers

Cryptography for JavaScript Developers

Go lang ryptography for Developers

Here