Kubernetes-网络模型与策略
-
K8S网络组件
flannel 二层网络,不支持网络策略
calico 支持网络策略 -
网络策略
ingress # 入站流量
Engress #出站流量
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: network-policy-1
namespace: ingress
spec:
policyTypes:
- Ingress
podSelector:
matchLabels:
run: pod2
ingress:
- from:
- podSelector:
matchLabels:
run: client
- ipBlock:
cidr: 0.0.0.0/0
ports:
- protocol: TCP
port: 80
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: network-policy-2
namespace: default
spec:
policyTypes:
- Ingress
podSelector: {}
ingress:
- from:
- namespaceSelector:
matchLabels:
app: default
ports:
- protocol: TCP
port: 80
浙公网安备 33010602011771号