为什么 networkpolicy ingress 不适用于我的情况
why networkpolicy ingress not working for my case
我部署了 2 pods:
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: nginx
name: nginx
spec:
replicas: 2
selector:
matchLabels:
app: nginx1
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: nginx1
spec:
containers:
- image: nginx
name: nginx
resources: {}
ports:
- containerPort: 80
status: {}
然后用 clusterip 公开它,然后创建如下网络策略:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: test-network-policy
namespace: default
spec:
podSelector:
matchLabels:
app: nginx1
policyTypes:
- Ingress
ingress:
- from:
- podSelector:
matchLabels:
role: frontend
但是当我使用不包含标签 (role=frontend) 的 busybox pod 通过 wget 请求它时,我仍然得到 nginx 的 html 页面。
我想知道为什么?
非常感谢任何帮助。谢谢:)
如果你的k8s集群部署了Container Network Interface (CNI)
不支持网络策略的插件,不会对其产生影响。来自 k8s docs:
Network policies are implemented by the network plugin. To use network policies, you must be using a networking solution which supports NetworkPolicy. Creating a NetworkPolicy resource without a controller that implements it will have no effect.
我部署了 2 pods:
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: nginx
name: nginx
spec:
replicas: 2
selector:
matchLabels:
app: nginx1
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: nginx1
spec:
containers:
- image: nginx
name: nginx
resources: {}
ports:
- containerPort: 80
status: {}
然后用 clusterip 公开它,然后创建如下网络策略:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: test-network-policy
namespace: default
spec:
podSelector:
matchLabels:
app: nginx1
policyTypes:
- Ingress
ingress:
- from:
- podSelector:
matchLabels:
role: frontend
但是当我使用不包含标签 (role=frontend) 的 busybox pod 通过 wget 请求它时,我仍然得到 nginx 的 html 页面。
我想知道为什么?
非常感谢任何帮助。谢谢:)
如果你的k8s集群部署了Container Network Interface (CNI)
不支持网络策略的插件,不会对其产生影响。来自 k8s docs:
Network policies are implemented by the network plugin. To use network policies, you must be using a networking solution which supports NetworkPolicy. Creating a NetworkPolicy resource without a controller that implements it will have no effect.