多个网络策略规则在逻辑上是作为 "and" 规则还是 "or" 处理的?

Are multiple network policies rules processed logically as "and" rules or "or"?

在用于声明网络策略的文档的基本示例中: https://kubernetes.io/docs/concepts/services-networking/network-policies/#the-networkpolicy-resource

因此,根据文档,这设置了几个规则:

So, the example NetworkPolicy:

- isolates “role=db” pods in the “default” namespace for both ingress
and egress traffic (if they weren’t already isolated)
- allows connections to TCP port 6379 of “role=db” pods in the “default”
namespace from any pod in the “default” namespace with the
label “role=frontend”
- allows connections to TCP port 6379 of “role=db” pods
in the “default” namespace from any pod in a namespace with
the label “project=myproject”
...

这是否意味着 "role=db" 标签的 pods 可以接收来自以下的连接:

谢谢!

kubernetes network recipe "ALLOW traffic from apps using multiple selectors"明确:

  • Rules specified in spec.ingress.from are OR'ed.
  • This means the pods selected by the selectors are combined are whitelisted altogether.