在声明网络策略的文档的基本示例中: https://kubernetes.io/docs/concepts/services-networking/network-policies/#the-networkpolicy-resource
所以这根据文档设定了几条规则:
So, the example NetworkPolicy:
- isolates “role=db” pods in the “default” namespace for both ingress
and egress traffic (if they weren’t already isolated)
- allows connections to TCP port 6379 of “role=db” pods in the “default”
namespace from any pod in the “default” namespace with the
label “role=frontend”
- allows connections to TCP port 6379 of “role=db” pods
in the “default” namespace from any pod in a namespace with
the label “project=myproject”
...
这是否意味着" role = db" label可以从以下位置接收连接:
谢谢!
答案 0 :(得分:0)
kubernetes network recipe "ALLOW traffic from apps using multiple selectors"很清楚:
spec.ingress.from
中指定的规则为 OR &#39>。- 这意味着选择器选择的pod被合并为白名单。