如何在 Kubernetes 中使用网络策略拒绝所有 Ingress UDP
How to DENY all Ingress UDP using Network Policies in Kubernetes
我不熟悉在 k8s 中配置网络策略。我必须对我无法测试的生产进行更改。基本上,我们需要阻止所有进入特定命名空间中的 pods 的 UDP 流量。下面的方法行得通吗?
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: deny-all-udp
namespace: foxden-loadtest
spec:
podSelector: {}
policyTypes:
- Ingress
ingress:
ports:
- protocol: UDP
试试这个例子
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: ingress-allow-tcp only
spec:
podSelector: {}
policyTypes:
- Ingress
ingress:
- ports:
- port: 80
protocol: TCP
其他所有流量都将被阻止。只有 TCP 可以工作
policyTypes: ["ingress"] indicates that this policy enforces policies for the ingress traffic.
inress: [] empty rule set does not whitelist any traffic, therefore all ingress traffic is blocked.
我不熟悉在 k8s 中配置网络策略。我必须对我无法测试的生产进行更改。基本上,我们需要阻止所有进入特定命名空间中的 pods 的 UDP 流量。下面的方法行得通吗?
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: deny-all-udp
namespace: foxden-loadtest
spec:
podSelector: {}
policyTypes:
- Ingress
ingress:
ports:
- protocol: UDP
试试这个例子
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: ingress-allow-tcp only
spec:
podSelector: {}
policyTypes:
- Ingress
ingress:
- ports:
- port: 80
protocol: TCP
其他所有流量都将被阻止。只有 TCP 可以工作
policyTypes: ["ingress"] indicates that this policy enforces policies for the ingress traffic.
inress: [] empty rule set does not whitelist any traffic, therefore all ingress traffic is blocked.