Create an Alias in Kubernetes for an External Web Service
When an application in Kubernetes needs to access a web service that runs outside of the cluster, the application can call the web service directly with the service’s DNS name or IP address.
However, sometimes a developer wants to abstract the location of the web service. This allows cluster administrators to dynamically configure the location of the web service. Administrators can change the address of the web service without affecting the client applications in the cluster.
Option 1: Service without Selector
Create a Kubernetes Service object without specifying a Pod selector.
apiVersion: v1
kind: Service
metadata:
name: external-service
spec:
ports:
- port: 80
targetPort: 9000Map the Service to a Kubernetes Endpoint object. You must manually create the Endpoint object.
apiVersion: v1
kind: Endpoints
metadata:
name: external-service
subsets:
- addresses:
- ip: 1.1.1.1
ports:
- port: 9000Option 2: ExternalName Service
Some web services should be referenced by a DNS name rather than IP address. For this scenario, create a Kubernetes Service of type ExternalName.
Populate the spec.externalName field with the DNS name of the external web service.
apiVersion: v1
kind: Service
metadata:
name: database
namespace: my-namespace
spec:
type: ExternalName
externalName: prod.database.k8salliance.comKubernetes creates a CNAME record in the cluster DNS service that points database.my-namespace.svc.cluster.local to prod.database.k8salliance.com.
Pods in the Kubernetes cluster can now access the external web service with the address http://database.my-namespace.svc.cluster.local. Or if the pod runs in the same namespace as the ExternalName Service, it can access the external web service with the address http://database.
The spec.externalName field is meant to be used for canonical DNS names, not IP addresses. Kubernetes will accept an IP address in the externalName field, but the Service will not behave correctly. If you want an IP address in the externalName, consider using a Service without a selector or a headless Service.
Important Notes on Service Behavior
It is important to note that HTTP requests using the ExternalName Service may behave unexpectedly.
The Host HTTP header of the HTTP requests will be the ExternalName Service name, not the real external web service's DNS name. In the example above, HTTP requests would have Host of database.my-namespace.svc.cluster.local, not prod.database.k8salliance.com. The external web service might reject the request if it doesn't recognize the hostname.
Links and other URL references in the HTTP response from the external web service may reference the real DNS name rather than the externalName. In our example, this would mean getting back <a href="http://prod.database.k8salliance.com"> instead of <a href="http://database.my-namespace.svc.cluster.local">.
External web services that use HTTPS can encounter errors due to mismatched TLS certificates. The name in the TLS certificate returned by the external web service will not match the hostname to which the client application made the request. The client application will raise an error if it is doing strict TLS/SSL hostname verification.
