networkpolicy
2021/12/18 23:27:58
本文主要是介绍networkpolicy,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!
网络策略需要依赖cni 网络插件,calico 通过自定义k8s 资源支持网络策略
配置文件
apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: namespace: labels: annotations: spec:
下面详细描述NetworkPolicy.spec
podSelector 指定了该网络策略作用的Pod范围
- 作用于
NetworkPolicy.metadata.namespace
名称空间的所有pod
spec: podSelector: {}
- 作用于指定标签的pod
spec: podSelector: matchLabels: app: db
spec: podSelector: matchExpressions: - key: app operator: In values: - db
policyTypes 指定流入流出的网络策略
- 如果不指定则使用默认的策略,默认Ingress和Egress 都是通过
spec: policyTypes: []
- 禁止所有的流出策略,不定义
spec.egress
spec: policyTypes: - Egress
- 禁止所有的流入策略,不定义
spec.ingress
spec: policyTypes: - Ingress
- 允许所有的流出策略
spec: policyTypes: - Egress egress: {}
- 允许所有的流入策略
spec: policyTypes: - Ingress ingress: {}
ingress 控制流入
的具体策略
spec: ingress: - from: - ipBlock: cidr: "10.4.7.1/24" expect: - "10.4.7.50/32" - "192.168.123.1/24" - namespaceSelector: matchLabels: {} matchExpressions: {} - podSelector: matchLabels: {} matchExpressions: {} - ports: - protocol: TCP port: 8000
egress 控制流出
的具体策略
spec: ingress: - to: - ipBlock: cidr: "10.4.7.1/24" expect: - "10.4.7.50/32" - "192.168.123.1/24" - namespaceSelector: matchLabels: {} matchExpressions: {} - podSelector: matchLabels: {} matchExpressions: {} - ports: - protocol: TCP port: 8000
测试文件
--- apiVersion: apps/v1 kind: Deployment metadata: name: test spec: selector: matchLabels: app: web template: metadata: labels: app: web spec: containers: - name: web image: python command: ["python","-m","http.server"] --- apiVersion: v1 metadata: v1 kind: Service metadata: name: myapp spec: selector: app: web ports: - port: 8000 targetPort: 8000
这篇关于networkpolicy的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!
- 2024-06-26小白家庭 nas 搭建方案-icode9专业技术文章分享
- 2024-06-23AI大模型企业应用实战(14)-langchain的Embedding
- 2024-06-23AI大模型企业应用实战(15)-langchain核心组件
- 2024-06-23AI大模型企业应用实战(16)-langchain核心组件
- 2024-06-23AI 大模型企业应用实战(06)-初识LangChain
- 2024-06-19EntBot.ai: AI Website Chatbot for Product Guides and Development Doc
- 2024-06-17zero-shot-learning-definition-examples-comparison
- 2024-06-06Package Easy(基于 NSIS 的打包exe安装包工具)使用方法-icode9专业技术文章分享
- 2024-06-06基于 casdoor 的 ELK 开源登录认证解决方案: elk-auth-casdoor-icode9专业技术文章分享
- 2024-05-29Elasticsearch慢查询日志配置