1.题目

Only pods that in the internal namespace can access to the pods in mysql namespace via port 8080/TCP.

2.解析

本题目考测network policy,题意为只有在命空间为internal的pod,才可以通过TCP协议8080端口访问到在命名空间为mysql的pod,因此使用NP的ingress来解答。

3.答案

https://kubernetes.io/docs/concepts/services-networking/network-policies/

  1. 拷贝官方案例,然后根据题意修改

    1. apiVersion: networking.k8s.io/v1
    2. kind: NetworkPolicy
    3. metadata:
    4. name: test-network-policy
    5. namespace: mysql
    6. spec:
    7. podSelector: {}
    8. policyTypes:
    9. - Ingress
    10. ingress:
    11. - from:
    12.  - namespaceSelector:
    13.      matchLabels:
    14.        ns: internal
    15.  ports:
    16.  - protocol: TCP
    17.    port: 8080

  2. 查看internal命名空间是否有标签 ns=internal,如果没有,需要设置标签

    1. # 查看标签
    2. kubectl get ns internal --shwo-labels
    3. # 设置标签
    4. kubectl label ns internal ns=internal