【问题标题】:Kubernetes: How to create ingress type networkpolicy to allow only access to labeled podsKubernetes:如何创建入口类型网络策略以仅允许访问标记的 pod
【发布时间】:2021-05-24 07:20:23
【问题描述】:

我有以下deployment

apiVersion: apps/v1
kind: Deployment
metadata:
  creationTimestamp: null
  labels:
    app: redis
  name: redis
spec:
  replicas: 1
  selector:
    matchLabels:
      app: redis
  strategy: {}
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: redis
    spec:
      containers:
      - image: redis:alpine
        name: redis
        resources: {}
status: {}

问题 1:如何通过端口 8080 上的 ClusterIP 服务公开此部署。

问题 2:如何创建一个新的 Ingress Type NetworkPolicy 以仅允许标签为 access=redis 的 pod 访问部署。

【问题讨论】:

    标签: kubernetes kubernetes-networkpolicy


    【解决方案1】:

    服务

    apiVersion: v1
    kind: Service
    metadata:
      name: my-service
    spec:
      selector:
        app: redis
      ports:
        - protocol: TCP
          port: 8080
          targetPort: 6379
    

    网络政策

    apiVersion: networking.k8s.io/v1
    kind: NetworkPolicy
    metadata:
      name: test-network-policy
    spec:
      podSelector:
        matchLabels:
          app: redis
      policyTypes:
      - Ingress
      ingress:
      - from:
        - podSelector:
            matchLabels:
              access: redis
        ports:
        - protocol: TCP
          port: 6379
    

    【讨论】:

      猜你喜欢
      • 2018-10-10
      • 2020-10-06
      • 2022-01-13
      • 1970-01-01
      • 2019-01-21
      • 2020-06-16
      • 2021-12-06
      • 2021-03-25
      • 2020-11-23
      相关资源
      最近更新 更多