Connect pods via service name in GCP K8's

10/5/2019

I have a number of Services running against Pods hosted within a cluster on Google Cloud K8's.

Service 1 is an Ingress - basic-ingress

Service 2 is a NodeJS API Gateway w/ 2 Pods - security-gateway-svc

Service 3 is a NodeJS API w/ 2 Pods - some-random-api-svc

and so on service 4 / 5 / 6 etc....

My Ingress allows me to access exposed services via a sub domain however I would like to move my external API's behind my Gateway so I can handle auth etc in the gateway.

What I'd like to do is allow security-gateway-svc to connect to some-random-api-svc without having to go via dns or outside of my cluster.

I figured I could update my ingress so all sub domains use the same service entry and allow the Gateway to figure out where the traffic should go.

I can configure this just fine locally as everything runs on localhost and I specify a port so it's fairly straight forward.

Is it possible however to expose pods to other pods within a cluster via the service name instead of an actual domain / dns look up?

-- Tim J
google-cloud-platform
kubernetes
kubernetes-ingress
kubernetes-pod

3 Answers

10/5/2019

The easier way to make pods reachable within your kubernetes clulster is to use services link to services documentation. For this you need to create a yaml block that will create an internal hostname binded by an endpoint to your pod. In addition, a selector will allow you to bind one or multiple pods to that internal hostname. Here is an example:

---
apiVersion: v1
kind: Service
metadata:
  name: $YOUR_SERVICE_NAME
  namespace: $YOUR_NAMESPACE
  labels:
    app: $YOUR_SERVICE_NAME
spec:
  ports:
  - name: "8000"
    port: 8000
    targetPort: 8000
  selector:
    app: $YOUR_SERVICE_NAME

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: $YOUR_SERVICE_NAME
  namespace: $YOUR_NAMESPACE
  labels:
    app: $YOUR_SERVICE_NAME
spec:
  replicas: 1
  selector:
    matchLabels:
      app: $YOUR_SERVICE_NAME
  template:
    metadata:
      labels:
        app: k2m
    spec:
      containers:
        - name: $YOUR_SERVICE_NAME
          image: alpine:latest
      restartPolicy: Always

Finally, use the service name in your ingress controller route to redirect traffic to your api-gateway.

-- Rodrigo Loza
Source: StackOverflow

10/6/2019

Kubernetes uses CoreDNS to perform in-cluster DNS resolution. By default, all Services are assigned DNS names in the (FQDN) form of <service-name>.<namespace>.svc.cluster.local. So your security-gateway-svc will be able to forward requests to some-random-api-svc via some-random-api-svc.<namespace>, without routing the traffic outside of Kubernetes. Keep in mind that you shouldn't be interacting with pods directly, because pods are ephemeral; always go through Services.

-- ivan.sim
Source: StackOverflow

10/5/2019

You service should be accessible within your cluster via the service name.

Point your gateway entry for each api to the service name.

Something like http://some-random-api-svc should work.

-- nodediggity
Source: StackOverflow