默认 pod是非隔离的,可接收任何请求方的网络请求
通过 NetworkPolicy 的 podSelector 选中 pod ,即为 隔离,再定义 进站白名单 ingress 和 出栈白名单 egress
netpol.spec
podSelector
policyTypes
[“Ingress”], [“Egress”], or [“Ingress”, “Egress”]
ingress
from:
ipBlock:
cidr:
execpt:
namespaceSelector
podSelector
ports:
endPort
port
protocol
egress
to:
ipBlock:
cidr:
execpt:
namespaceSelector
podSelector
ports:
endPort
port
protocol
若有收获,就点个赞吧
0 人点赞
