我的系统包含网络策略,我对其中一个有疑问。我不能测试它。我只需要打印出配置并"想象"它是做什么的。
kubectl get networkpolicies
=>
...
spec:
ingress:
- from:
- podSelector: {}
podSelector: {}
policyTypes:
- Ingress
我不确定上面那个是拒绝所有来自其他名称空间的流量,还是相反地允许所有流量。
来自https://kubernetes.io/docs/concepts/services-networking/network-policies/章节"默认策略"我想说它允许所有流量,但我不太确定…
"describe"并没有真正帮助我:
kubectl describe networkpolicies
=>
...
Spec:
PodSelector: <none> (Allowing the specific traffic to all pods in this namespace)
Allowing ingress traffic:
To Port: <any> (traffic allowed to all ports)
From:
PodSelector: <none>
Not affecting egress traffic
Policy Types: Ingress
你觉得怎么样?谢谢!
下面的netpol将允许所有的入站流量:
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-all-ingress
spec:
podSelector: {}
ingress:
- {}
policyTypes:
- Ingress
这将拒绝所有出口&入口流量:
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny-all
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress