我正在尝试使用以下yaml创建服务.正如您所看到的,我试图限制从10.0.0.0/8范围访问该服务.
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
ports:
# the port that this service should serve on
- port: 443
targetPort: 443
# label keys and values that must match in order to receive traffic for this service
selector:
name: nginx
type: LoadBalancer
loadBalancerSourceRanges:
- 10.0.0.0/8
有一些Kubernetes文档(如下所列)讨论了如何使用loadBalancerSourceRanges注释来控制服务访问.
http://kubernetes.io/docs/user-guide/services-firewalls/
但是,当我尝试创建此服务时,我收到如下错误
验证"sdp-cluster.yaml"时出错:验证数据错误:找到v1.ServiceSpec的无效字段loadBalancerSourceRanges; 如果您选择忽略这些错误,请使用--validate = false关闭验证
我查看了v1.ServiceSpec,但也找不到它.
我错过了什么吗?如何限制Kubernetes服务的流量?
小智 6
GCE,GKE和AWS现在支持此功能.如果提供者不支持它,它将被忽略.Kubernetes Doc
apiVersion: v1
kind: Service
metadata:
name: myapp
spec:
ports:
- port: 8765
targetPort: 9376
selector:
app: example
type: LoadBalancer
loadBalancerSourceRanges:
- 10.0.0.0/8
发现问题并修复它。1.2 版不支持“loadBalancerSourceRanges”字段,但它支持将其作为注释。因此,按如下方式修复了我的 yaml,效果很好。
apiVersion: v1
kind: Service
metadata:
name: nginx-service
annotations:
service.beta.kubernetes.io/load-balancer-source-ranges: "a.b.c.d/8, x.y.0.0/24"
spec:
ports:
# the port that this service should serve on
- port: 443
targetPort: 443
# label keys and values that must match in order to receive traffic for this service
selector:
name: nginx
type: LoadBalancer