网络策略不适用于 daemonset pods
Network policy not working with daemonset pods
网络策略是否适用于 pods 守护进程?我对所有 pods 的所有入口和出口都有一个默认的拒绝网络策略。但是好像没有申请属于daemonset的pods。
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
netpol 适用于 daemonset 下生成的 pods。对于 netpol,它们只是 pods 就像部署部署的那个或 rs。
如果你对你提供的 netpol 进行描述,它说它适用于 namespace=default。
Name: default-deny
Namespace: default
Created on: 2021-07-21 17:59:56 -0500 CDT
Labels: <none>
Annotations: <none>
Spec:
PodSelector: <none> (Allowing the specific traffic to all pods in this namespace)
Allowing ingress traffic:
<none> (Selected pods are isolated for ingress connectivity)
Allowing egress traffic:
<none> (Selected pods are isolated for egress connectivity)
Policy Types: Ingress, Egress
并且netpol是命名空间资源:
NAME SHORTNAMES APIVERSION NAMESPACED KIND
networkpolicies netpol networking.k8s.io/v1 true NetworkPolicy
这意味着,您的 daemonset 是在某个不同的命名空间下创建的。
网络策略是否适用于 pods 守护进程?我对所有 pods 的所有入口和出口都有一个默认的拒绝网络策略。但是好像没有申请属于daemonset的pods。
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
netpol 适用于 daemonset 下生成的 pods。对于 netpol,它们只是 pods 就像部署部署的那个或 rs。
如果你对你提供的 netpol 进行描述,它说它适用于 namespace=default。
Name: default-deny
Namespace: default
Created on: 2021-07-21 17:59:56 -0500 CDT
Labels: <none>
Annotations: <none>
Spec:
PodSelector: <none> (Allowing the specific traffic to all pods in this namespace)
Allowing ingress traffic:
<none> (Selected pods are isolated for ingress connectivity)
Allowing egress traffic:
<none> (Selected pods are isolated for egress connectivity)
Policy Types: Ingress, Egress
并且netpol是命名空间资源:
NAME SHORTNAMES APIVERSION NAMESPACED KIND
networkpolicies netpol networking.k8s.io/v1 true NetworkPolicy
这意味着,您的 daemonset 是在某个不同的命名空间下创建的。