kubernetes 中的多播隔离
Multicast isolation in kubernetes
如何在 kubernetes 的一个命名空间中隔离多播流量。入口策略没有解决这个问题,我可以从不同的命名空间捕获多播流量。
通常,您可以使用Network Policy来管理它。
看起来现在唯一支持网络策略的网络提供商支持多播 - Weave。
但是,基于其documentation,无法管理多播规则:
As of version 1.9 of Weave Net, the Network Policy Controller allows all multicast traffic. Since a single multicast address may be used by multiple pods, we cannot implement rules to isolate them individually. You can turn this behaviour off (block all multicast traffic) by adding --allow-mcast=false as an argument to weave-npc in the YAML configuration.
如何在 kubernetes 的一个命名空间中隔离多播流量。入口策略没有解决这个问题,我可以从不同的命名空间捕获多播流量。
通常,您可以使用Network Policy来管理它。
看起来现在唯一支持网络策略的网络提供商支持多播 - Weave。
但是,基于其documentation,无法管理多播规则:
As of version 1.9 of Weave Net, the Network Policy Controller allows all multicast traffic. Since a single multicast address may be used by multiple pods, we cannot implement rules to isolate them individually. You can turn this behaviour off (block all multicast traffic) by adding --allow-mcast=false as an argument to weave-npc in the YAML configuration.