Mic*_*ons 5 kubernetes kubernetes-networkpolicy
我正在运行 Kubernetes 1.9.6 和 Weave Net 2.4.0。我正在尝试锁定对 Kubernetes 内部 DNS 服务器和另一台主机上的特定端口的访问。我似乎找不到出口的正确格式。
我知道以下内容不是有效的政策,但代表了我想要做的事情。如何编写网络策略来支持这一点?
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: test-network-policy
namespace: dev
spec:
podSelector:
matchLabels:
app: plem-network-policy
policyTypes:
- Egress
egress:
- to:
- ipBlock:
cidr: 10.3.0.10/32
ports:
- protocol: TCP
port: 53
- protocol: UDP
port: 53
- ipBlock:
cidr: 10.49.100.37/32
ports:
- protocol: TCP
port: 8200
我没有对 cidr 和端口的多个块给予足够的关注。这就是我一直在寻找的。
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: test-network-policy
namespace: dev
spec:
podSelector:
matchLabels:
app: plem-network-policy
policyTypes:
- Egress
egress:
- to:
- ipBlock:
cidr: 10.2.0.0/16
- ipBlock:
cidr: 10.3.0.10/32
ports:
- protocol: UDP
port: 53
- protocol: TCP
port: 53
- to:
- ipBlock:
cidr: 10.49.100.37/32
- ipBlock:
cidr: 10.49.100.137/32
- ipBlock:
cidr: 10.49.100.85/32
ports:
- protocol: TCP
port: 8200
- to:
- ipBlock:
cidr: 10.29.30.56/32
ports:
- protocol: TCP
port: 5439
| 归档时间: |
|
| 查看次数: |
9791 次 |
| 最近记录: |