Kubernetes Cross Namespace Ingress Network

Question

I have a simple ingress network, I want to access services at different namespaces, from this ingress network.

How I can do this? My ingress network yaml file:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: ingress
spec:
  rules:
 - host: api.myhost.com
 http:
 paths:
  - backend:
      serviceName: bookapi-2
      servicePort: 8080
    path: /booking-service/

I've set the ExternalNames service type to the yaml file:

 apiVersion: v1
 kind: Service
 metadata:
   name: bookapi-2
   namespace: booking-namespace
 spec:
   type: ExternalName
   externalName: bookapi-2
   ports:
     - name: app
     protocol: TCP
      port: 8080
      targetPort: 8080
   selector:
      app: bookapi-2
      tier: backend-2

Answer 1

An ExternalName service is a special case of service that does not have selectors and uses DNS names instead.

You can find out more about ExternalName service from the official Kubernetes documentation:

When you want to access a service from a different namespace, your yaml could, for example, look like this:

kind: Service
apiVersion: v1
metadata:
  name: test-service-1
  namespace: namespace-a
spec:
  type: ExternalName
  externalName: test-service-2.namespace-b.svc.cluster.local
  ports:
  - port: 80

As to your Ingress yaml file, please recheck it and make sure it is compliant with the official examples, for example this one as it contains some inconsistency:

apiVersion: extensions/v1beta1  
kind: Ingress  
metadata:  
  name: my-ingress  
spec:  
  rules:  
  - host: www.mysite.com  
    http:  
      paths:  
      - backend:  
          serviceName: website  
          servicePort: 80  
  - host: forums.mysite.com  
    http:  
      paths:  
      - path:  
        backend:  
          serviceName: forums  
          servicePort: 80

Please also recheck ExternalName yaml as it has TargetPorts and selectors which are not used in this type of Service and make sure that:

ExternalName Services are available only with kube-dns version 1.7 and later.

In case you will not succeed, please share the kind of problem you have meet.

Answer 2

1. create namespace service-ns
2. create a service of type ClusterIP ( which is default ) named nginx-service listening on port 80 in namespace service-ns
3. create nginx deployment in service-ns
4. create namespace ingress-ns
5. create a service in ingress-ns of type ExternalName and pointing to FQDN of nginx-service pointing it as nginx-internal.service-ns.svc.cluster.local
6. create ingress rules

NOTE: Demo code not to be running in production. Just wanted to give an idea of how it would work cross-namespaces

---
#1
apiVersion: v1
kind: Namespace
metadata:
  name: service-ns
---
#2
apiVersion: v1
kind: Service
metadata:
  labels:
    app: nginx
  name: nginx-internal
  namespace: service-ns
spec:
  ports:
  - name: "80"
    port: 80
    targetPort: 80  
  selector:
    app: nginx
---
#3
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx
  name: nginx
  namespace: service-ns
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
        image: nginx
        name: nginx
        ports:
        - containerPort: 80
      restartPolicy: Always
---
#4
apiVersion: v1
kind: Namespace
metadata:
  name: ingress-ns
---
#5
kind: Service
apiVersion: v1
metadata:
  name: nginx
  namespace: ingress-ns
spec:
  type: ExternalName
  externalName: nginx-internal.service-ns.svc.cluster.local
  ports:
  - port: 80
---
#6
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: main-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
  namespace: ingress-ns    
spec:
  rules:
    - host: whatever.domain.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: nginx
                port:
                  number: 80

Answer 3

Outside traffic comes through ingress controller service that is responsible for routing the traffic based on the defined routing rules or what we call ingress rules in k8s world.

In other words, ingress resources are just routing rules (think of it in away that's similar to DNS records) so when you define an ingress resource you just defined a rule for ingress controller to work on and route traffic based on such defined rules.

Solution:

1. Since Ingress are nothing but routing rules, you could define such rules anywhere in the cluster (in any namespace) and controller should pick them up as it monitors creation of such resources and react accordingly.

   Here's how to create ingress easily using kubectl

   Create an ingress

   kubectl create ingress <name> -n namespaceName --rule="host/prefix=serviceName:portNumber"

   Note: Add --dry-run=client -oyaml to generate yaml manifest file

2. Or you may create a service of type ExternalName in the same namespace where you have defined your ingress. such external service can point to any URL (a service that lives outside namespace or even k8s cluster)

   Here's an example:

   Create an ExternalName service

   kubectl create service externalname ingress-ns -n namespaceName --external-name=serviceName.namespace.svc.cluster.local --tcp=80:80

Note: Add --dry-run=client -oyaml to generate yaml manifest file

kind: Service
apiVersion: v1
metadata:
  name: nginx
  namespace: ingress-ns
spec:
  type: ExternalName
  externalName: serviceName.namespace.svc.cluster.local #or any external svc
  ports:
  - port: 80 #specify the port of service you want to expose 
    targetPort: 80 #port of external service 

As described above, create an ingress as below: kubectl create ingress <name> -n namespaceName --rule="host/prefix=serviceName:portNumber"

Note: Add --dry-run=client -oyaml to generate yaml manifest file

Answer 4

ExternaNames service should be created without any selector options. So create the ExternaNames service in the namespace where your ingress resource is created and point the external name service to resolve the name of your application hosted in different namespace.