Bota5ky

Kubernetes学习笔记(二十九):Network Policy

Network Policy

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: db-policy
spec:
  podSelector:
    matchLabels:
      role: db
  policyTypes:
  - Ingress ## 设置入口规则,不会影响出口
  - Egress
  ingress:
  - from:
    - podSelector: ## 规则1
        matchLabels:
          name: api-pod
      namespaceSelector: ## 限制namespace,这里必须满足pod筛选条件
        matchLabels:
          name: prod
    - ipBlock: ## 2个规则其一通过即可
        cidr: 192.168.5.10/32
    ports:
    - protocol: TCP
      port: 3306
  egress:
  - to:
    - ipBlock:
        cidr:
    ports:
    - protocol: TCP
      port: 80

查询方式:kubectl get netpolkubectl get networkpolicy

posted @ 2022-09-10 21:16  Bota5ky  阅读(42)  评论(0)    收藏  举报