为什么 networkpolicy ingress 不适用于我的情况

why networkpolicy ingress not working for my case

我部署了 2 pods:

apiVersion: apps/v1
kind: Deployment
metadata:
  creationTimestamp: null
  labels:
    app: nginx
  name: nginx
spec:
  replicas: 2
  selector:
    matchLabels:
      app: nginx1
  strategy: {}
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: nginx1
    spec:
      containers:
      - image: nginx
        name: nginx
        resources: {}
        ports:
        - containerPort: 80
status: {}

然后用 clusterip 公开它,然后创建如下网络策略:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: test-network-policy
  namespace: default
spec:
  podSelector:
    matchLabels:
      app: nginx1
  policyTypes:
  - Ingress
  ingress:
  - from:
    - podSelector:
        matchLabels:
          role: frontend

但是当我使用不包含标签 (role=frontend) 的 busybox pod 通过 wget 请求它时,我仍然得到 nginx 的 html 页面。

我想知道为什么?

非常感谢任何帮助。谢谢:)

如果你的k8s集群部署了Container Network Interface (CNI)不支持网络策略的插件,不会对其产生影响。来自 k8s docs:

Network policies are implemented by the network plugin. To use network policies, you must be using a networking solution which supports NetworkPolicy. Creating a NetworkPolicy resource without a controller that implements it will have no effect.