Kubernetes:如何创建入口类型的网络策略以只允许访问带标签的POD
我有以下Kubernetes:如何创建入口类型的网络策略以只允许访问带标签的POD,kubernetes,kubernetes-networkpolicy,Kubernetes,Kubernetes Networkpolicy,我有以下部署 apiVersion: apps/v1 kind: Deployment metadata: creationTimestamp: null labels: app: redis name: redis spec: replicas: 1 selector: matchLabels: app: redis strategy: {} template: metadata: creationTimestamp:
部署
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: redis
name: redis
spec:
replicas: 1
selector:
matchLabels:
app: redis
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: redis
spec:
containers:
- image: redis:alpine
name: redis
resources: {}
status: {}
问题1:如何通过8080端口上的ClusterIP
服务公开此部署
问题2:我如何创建新的入口类型网络策略
以仅允许标签为access=redis
的POD访问部署。服务
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
selector:
app: redis
ports:
- protocol: TCP
port: 8080
targetPort: 6379
网络策略
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: test-network-policy
spec:
podSelector:
matchLabels:
app: redis
policyTypes:
- Ingress
ingress:
- from:
- podSelector:
matchLabels:
access: redis
ports:
- protocol: TCP
port: 6379