出入站(NetworkPolicy)yaml示例:
注:
1、该policy属于internal namespace
2、允许internal namespace的pod访问echo namespace的80
3、不允许其它namespace访问internal namespace的所有pod
4、policyTypes处写ingress但后面没有ingress内容代表拒绝所有(注意也包括自身),如果policyTypes处不写ingress代表允许所有
vi allow-port-to-namespace.yaml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-port-to-namespace
namespace: internal
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
ingress:
- from:
- namespaceSelector:
matchLabels:
project: internal
egress:
- to:
- namespaceSelector:
matchLabels:
project: echo
ports:
- protocol: TCP
port: 80
- protocol: UDP
port: 80
:wq
# kubectl apply -f allow-port-to-namespace.yaml