我是一个在k8s中配置网络策略的新手。我必须在生产中做出改变,但我无法测试。基本上,我们需要阻止所有到特定名称空间中的pod的UDP流量。下面的方法可行吗?
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: deny-all-udp
namespace: foxden-loadtest
spec:
podSelector: {}
policyTypes:
- Ingress
ingress:
ports:
- protocol: UDP试试这个例子
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: ingress-allow-tcp only
spec:
podSelector: {}
policyTypes:
- Ingress
ingress:
- ports:
- port: 80
protocol: TCP
其他所有流量将被阻塞。只有TCP可以工作
policyTypes: ["ingress"] indicates that this policy enforces policies for the ingress traffic.
inress: [] empty rule set does not whitelist any traffic, therefore all ingress traffic is blocked.
示例:https://github.com/ahmetb/kubernetes-network-policy-recipes/blob/master/11-deny-egress-traffic-from-an-application.md