Connecting a service in one namespace to a pod in another?

Cluster information:

Kubernetes version: 1.17.3
Cloud being used: AKS
Installation method: Azure CLI
Host OS: n/a
CNI and version: azure-cni, latest
CRI and version: Moby, latest (according to the docs)

We have multiple AKS clusters using Calico as the networking policy. Each cluster hosts a different application environment; rather than using namespaces to separate environment, we use them as segmentation for different pod functionality, e.g. public, data, internal, etc.

One thing we’d like to be able to do is have two services in different namespaces that correspond to a single pod. For example, a web service (:80, ns: public, type: LoadBalancer) and an admin service (:8080, ns: internal, type: NodePort) that point to a single deployment (:80, :8080, ns: internal), with the public “web” service in this example to be accessed over the LoadBalancer’s public IP.

After a lot of reading and experimenting, I’m feeling like this is not possible, but I wanted to see if anyone could confirm this or offer some suggestions on things to try. I can achieve something similar internally using an ExternalName service, but it doesn’t seem like that works when accessing the service externally.

Any help is appreciated. Please let me know if you need any more information. Thank you!

You can write your own endpoint controller that crosses namespaces and
populates Endpoints objects

Thanks Tim. I’m aware of Endpoints, but as far as I can tell they require the pod IP. Is there a way to use endpoints with DNS names?

No, but you can reference a Pod IP in another namespace manually. For example, if your custom EP generator knows to look at namespaces A, B, C it can treat pods in them as one big set. That’s not the default controller, but not hard to whip together.