如何在运行 Istio 1.8.4 的裸机集群上明确允许 Pod 间通信? 我尝试的是:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny-all
namespace: default
spec:
policyTypes: [Ingress, Egress]
podSelector: {}
ingress: []
egress: []
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: myapp
spec:
policyTypes: [Ingress, Egress]
podSelector:
matchLabels:
app: myapp
ingress:
- ports:
- port: 8000
- port: 6666
from:
- podSelector:
matchLabels:
istio: ingress
egress:
- to:
ports:
- port: 8000
protocol: TCP
- port: 53
protocol: TCP
- port: 15012
protocol: TCP
- port: 15020
protocol: TCP
Sidecar 无法连接到控制平面。
另一个问题:如果在大多数情况下 pod 通过 istio-ingressgateway 进行通信,如何限制 pod 间的通信?