Kubernetes：如何创建入口类型的网络策略以只允许访问带标签的POD_Kubernetes_Kubernetes Networkpolicy

Kubernetes：如何创建入口类型的网络策略以只允许访问带标签的POD

kubernetes

Kubernetes：如何创建入口类型的网络策略以只允许访问带标签的POD,kubernetes,kubernetes-networkpolicy,Kubernetes,Kubernetes Networkpolicy,我有以下部署 apiVersion: apps/v1 kind: Deployment metadata: creationTimestamp: null labels: app: redis name: redis spec: replicas: 1 selector: matchLabels: app: redis strategy: {} template: metadata: creationTimestamp:

我有以下

部署

apiVersion: apps/v1
kind: Deployment
metadata:
  creationTimestamp: null
  labels:
    app: redis
  name: redis
spec:
  replicas: 1
  selector:
    matchLabels:
      app: redis
  strategy: {}
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: redis
    spec:
      containers:
      - image: redis:alpine
        name: redis
        resources: {}
status: {}

问题1:如何通过8080端口上的

ClusterIP

服务公开此部署

问题2:我如何创建新的入口类型

网络策略

以仅允许标签为

access=redis

的POD访问部署。

服务

apiVersion: v1
kind: Service
metadata:
  name: my-service
spec:
  selector:
    app: redis
  ports:
    - protocol: TCP
      port: 8080
      targetPort: 6379

网络策略

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: test-network-policy
spec:
  podSelector:
    matchLabels:
      app: redis
  policyTypes:
  - Ingress
  ingress:
  - from:
    - podSelector:
        matchLabels:
          access: redis
    ports:
    - protocol: TCP
      port: 6379