kubernetesでserviceのselectorはnamespace内に閉じてるのか検証

まとめ

  • 同じlabel名がつけられていてもnamespace内でのみ振り分けられる

検証の構成

  • GKE上で試した
  • Deploymentでただ単にnginxかapacheが動いてるだけ
  • sandbox1ではnginx、sandbox2ではapacheが動いてる
  • Service(LoadBalancer)で接続
  • labelは同名にする
namespace: sandbox1

| Service |
     |
     | app: sandbox-webserver
     ▼
| nginx |

------------------------------
namespace: sandbox2
| Service |
     |
     | app: sandbox-webserver
     ▼
| apache |

ディレクトリ構成

├── sandbox1
│   ├── Chart.yaml
│   └── templates
│       ├── deployment.yaml
│       ├── namespace.yaml
│       └── service.yaml
├── sandbox2
│   ├── Chart.yaml
│   └── templates
│       ├── deployment.yaml
│       ├── namespace.yaml
│       └── service.yaml

検証コード(sandbox1)

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: web
  namespace: sandbox1
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: sandbox-webserver
    spec:
      containers:
      - name: web
        image: bitnami/nginx:latest
        ports:
        - containerPort: 80
apiVersion: v1
kind: Service
metadata:
  name: web
  namespace: sandbox1
spec:
  ports:
  - name: http
    port: 80
    targetPort: 80
    protocol: TCP
  type: LoadBalancer
  selector:
    app: sandbox-webserver

検証コード(sandbox2)

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: web
  namespace: sandbox2
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: sandbox-webserver
    spec:
      containers:
      - name: web
        image: bitnami/apache:latest
        ports:
        - containerPort: 80
apiVersion: v1
kind: Service
metadata:
  name: web
  namespace: sandbox2
spec:
  ports:
  - name: http
    port: 80
    targetPort: 80
    protocol: TCP
  type: LoadBalancer
  selector:
    app: sandbox-webserver