kubernetes networkpolicy
2016-12-26 11:42
183 查看
1.首先创建namespace隔离策略为DefaultDeny
或者通过命令行对已有namesapce操作
kubectl annotate ns testingnp "net.beta.kubernetes.io/network-policy={\"ingress\": {\"isolation\": \"DefaultDeny\"}}"
通过spec.podSelector.matchLabels 制定操作的pod对象
spec.ingress from/ports来制定允许访问的pod和端口
2.在开启isolation的namespace运行、暴漏服务
3.测试连接状态
kubectl run busybox --rm -ti --image=busybox /bin/sh --namespace=testingnp
wget nginx 发现是无法访问的
4.添加networkpolicy
5.再次验证
制定容器label
kubectl run busybox --rm -ti --labels="access=true" --image=busybox /bin/sh --namespace=testingnp
wget nginx 可以正常获取资源
kind: Namespace
apiVersion: v1
metadata:
name: testingnp
annotations:
net.beta.kubernetes.io/network-policy: |
{
"ingress": {
"isolation": "DefaultDeny"
}
}或者通过命令行对已有namesapce操作
kubectl annotate ns testingnp "net.beta.kubernetes.io/network-policy={\"ingress\": {\"isolation\": \"DefaultDeny\"}}"
通过spec.podSelector.matchLabels 制定操作的pod对象
spec.ingress from/ports来制定允许访问的pod和端口
2.在开启isolation的namespace运行、暴漏服务
kubectl run nginx --image=nginx --replicas=2 --namespace=testingnp kubectl expose deployment nginx --port=80 --namespace=testingnp
3.测试连接状态
kubectl run busybox --rm -ti --image=busybox /bin/sh --namespace=testingnp
wget nginx 发现是无法访问的
4.添加networkpolicy
echo ' kind: NetworkPolicy apiVersion: extensions/v1beta1 metadata: name: access-nginx namespace: testingnp spec: podSelector: matchLabels: run: nginx ingress: - from: - podSelector: matchLabels: access: "true" ' | kubectl create -f - kubectl get networkpolicies --namespace=testingnp
5.再次验证
制定容器label
kubectl run busybox --rm -ti --labels="access=true" --image=busybox /bin/sh --namespace=testingnp
wget nginx 可以正常获取资源
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Kubernetes NetworkPolicy 工作原理浅析
- 利用听云Server和听云Network实测Kubernetes和Mesos在高并发下的网络性能
- kubernetes hostNetwork: true 网络
- at android.os.StrictMode$AndroidBlockGuardPolicy.onNetwork(错误
- <GPS> Learning Neural Network Policies with Guided Policy Search under Unknown Dynamics
- StrictMode.StrictMode$AndroidBlockGuardPolicy.onNetwork
- Android版本28使用http请求报错not permitted by network security policy
- kubernetes之kube-policy-controller
- [VMware KA] VMware Network Security Policy
- Android用HTTP下载报错“android.os.StrictMode$AndroidBlockGuardPolicy.onNetwork”
- Kubernetes PodSecurityPolicy
- android错误:at android.os.StrictMode$AndroidBlockGuardPolicy.onNetwork
- at android.os.StrictMode$AndroidBlockGuardPolicy.onNetwork(错误
- 通读AFN③--HTTPS访问控制(AFSecurityPolicy),Reachability(AFNetworkReachabilityManager)
- Android:StrictMode VmPolicy violation with POLICY_DEATH; android.os.NetworkOnMainThreadException
- Policy-Driven Mobile Ad hoc Network Management
- Android中关于:at android.os.StrictMode$AndroidBlockGuardPolicy.onNetwork(StrictMode.java:1099) 的问题
- 论文笔记——N2N Learning: Network to Network Compression via Policy Gradient Reinforcement Learning