Now I am using treafik to expose my pods service to external,but I read the treafik deploy document and find out treafik forward request only in one namespace.For example, A namespaces request could not forward to B namespace ,should I deploy multi-treafik in kubernetes cluster?Now I have 6 namespace,should I deploy 6 treafik? It is wired, what is the best practice about this situation? I found from internet but find nothing talking about this.
If I understand you correctly this is unfortunately not possible and it was a conscious decision to do it that way:
Cross namespace references would be a prime source of privilege escalation attacks.
But in case you don't care about security rules there is a workaround (bear in mind that it will not work on every platform). You need to use Kubernetes services of type externalName
, which would reference the services from your other namespaces. See the example below:
a. you have serviceA
in namespaceA
b. create serviceB
in namespaceB
spec:
...
type: ExertalName
externalName: serviceA.namespaceA.svc.cluster.local
c. add ingress rule into ingressB
in namespaceB
- path: /****
backend:
serviceName: serviceB
servicePort: ***
However it would be safer if you just deploy multiple ingress treafiks for each namespace.
I hope it helps.