gpt4 book ai didi

kubernetes - 为什么网络策略入口不适用于我的情况

转载 作者:行者123 更新时间:2023-12-02 11:41:52 25 4
gpt4 key购买 nike

我使用2个Pod进行了部署:

apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: nginx
name: nginx
spec:
replicas: 2
selector:
matchLabels:
app: nginx1
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: nginx1
spec:
containers:
- image: nginx
name: nginx
resources: {}
ports:
- containerPort: 80
status: {}
然后使用clusterip公开它,然后创建如下所示的网络策略:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: test-network-policy
namespace: default
spec:
podSelector:
matchLabels:
app: nginx1
policyTypes:
- Ingress
ingress:
- from:
- podSelector:
matchLabels:
role: frontend
但是当我使用不包含标签(role = frontend)的busybox pod通过wget请求它时,我仍然得到nginx的html页面。
我想知道为什么 ?
任何帮助将是真正的应用。谢谢 :)

最佳答案

如果您的k8s集群是使用不支持网络策略的Container Network Interface (CNI)插件部署的,则不会对其产生影响。从k8s docs:

Network policies are implemented by the network plugin. To use network policies, you must be using a networking solution which supports NetworkPolicy. Creating a NetworkPolicy resource without a controller that implements it will have no effect.

关于kubernetes - 为什么网络策略入口不适用于我的情况,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/64305148/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com