I am new to Kubernetes and have a question related to the deployment that I am trying to practice. So here is the scenario ::
- I have two namespace :: n1 and n2
- I have a curl pod deployed at n1 I
- have a nginx service of type Nodeport running at n2. My service has
exposed a deployment that is managing the pod
My question is, though the two resources are running in two different namespace why is my curl pod running in n1 is able to curl service running at n2 with its IP?ie
[ k exec curl -n n1 -- curl http://18.108.65.98:8080]
[ k exec curl -n n1 -- curl http://my-nginx.n2:8080 ]
Is this a expected behavior if yes then why is this behavior different when two services running in two different namespaces trying to communicate and not able to.
Why do we have to then set the RBAC access for them to communicate.
Irrespective of the namespace, pod can communicate with each other via IP. Normally or In real world deployment, Pods communicate with each other via Service, which can be of type CLUSTERIP, NODEPORT or LOADBALANCER depending upon the requirement. Yon can also access a service via its DNS name which is of the format :-
<service-name>.<service-namespace>.svc.cluster.local
When two application running inside a POD, deployed in two different namespace try to communicate, they need to have set of permissions to invoke certain actions. These actions are permitted and controlled via RBAC (Role based and Cluster based) that allows the services running in two different communicate with each other.