Allow two pods (say pod A and B) running in same/different namespace communicate irrespective of the protocol(say http,https,akka.tcp) along with a valid Network policy applied. Solutions tried: Tried applying network policy to both the pods and also used the service name: “my-svc.my-namespace.svc.cluster.local” to make pod B communicate to pod A which is running the service “my-svc” but both failed to communicate. Also tried adding the IP address and host mapping of pod A in pod B while it’s deployment, then pod B was able to communicate to pod A but inverse communication is failing. Kindly suggest me a way to fix this.

kuberneteskubernetes-servicekubernetes-networkpolicy

Reputation: 1030

Kubernetes: How to allow two pods running in same/different namespace communicate irrespective of the protocol using a servicename?

Allow two pods (say pod A and B) running in same/different namespace communicate irrespective of the protocol(say http,https,akka.tcp) along with a valid Network policy applied.

Solutions tried:

Tried applying network policy to both the pods and also used the service name: “my-svc.my-namespace.svc.cluster.local” to make pod B communicate to pod A which is running the service “my-svc” but both failed to communicate.
Also tried adding the IP address and host mapping of pod A in pod B while it’s deployment, then pod B was able to communicate to pod A but inverse communication is failing.

Kindly suggest me a way to fix this.

Upvotes: 14

Answers (3)

Hassan Juma

Reputation: 1

When trying to reach a service using it’s short name, a pod will look it up only in it’s own namespace, not across all namespaces in the cluster. So to answer your question: each Pod A will only talk to it’s “local” Pod B.

For a Pod A in one namespace to reach a Pod B in another namespace, you will need to use the fqdn of the service in ns2 which would be something like: ..svc.cluster.local.

Upvotes: 0

weibeld

Reputation: 15322

By default, pods can communicate with each other by their IP address, regardless of the namespace they're in.

You can see the IP address of each pod with:

kubectl get pods -o wide --all-namespaces

However, the normal way to communicate within a cluster is through Service resources.

A Service also has an IP address and additionally a DNS name. A Service is backed by a set of pods. The Service forwards requests to itself to one of the backing pods.

The fully qualified DNS name of a Service is:

<service-name>.<service-namespace>.svc.cluster.local

This can be resolved to the IP address of the Service from anywhere in the cluster (regardless of namespace).

For example, if you have:

Namespace ns-a: Service svc-a → set of pods A
Namespace ns-b: Service svc-b → set of pods B

Then a pod of set A can reach a pod of set B by making a request to:

svc-b.ns-b.svc.cluster.local

Upvotes: 31

Alassane Ndiaye

Reputation: 4787

You can put the Pods behind Services and use Service DNS for communication. Calls to service-name allow Pods in the same namespace to communicate. Calls to service-name.namespace allow Pods in different namespaces to communicate.

Upvotes: 7

Kubernetes: How to allow two pods running in same/different namespace communicate irrespective of the protocol using a servicename?

Answers (3)

Related Questions