0

如何编写网络策略文件以允许流量仅从少数 IP 地址(例如:127.18.12.1、127.19.12.3)访问应用程序。我已经参考了文件https://github.com/ahmetb/kubernetes-network-policy-recipes但没有找到满意的答案。如果有人帮助我编写网络策略文件,那就太好了。我还参考了 Kubernetes 官方文档的网络策略。

我的示例代码

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
    name: test-network-policy
    namespace: example
spec:
    podSelector:
      matchLabels:
        app: couchdb
  policyTypes:
  - Egress
  egress:
  - to:
    - ipBlock:
        cidr: 127.18.12.1/16
    ports:
    - protocol: TCP
      port: 8080
4

1 回答 1

0

如果您不想编辑网络策略并限制来自特定域的入口的流量,您可以使用喜欢的注释编辑入口:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: restricted-ingress
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/from-to-www-redirect: "True"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "True"
    nginx.ingress.kubernetes.io/whitelist-source-range: "00.0.0.0, 142.12.85.524"

对于网络策略

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: test-policy
  namespace: default
spec:
  podSelector:
    matchLabels:
      app: db
  policyTypes:
  - Ingress
  - Egress
  ingress:
  - from:
    - ipBlock:
        cidr: 172.17.0.0/16
        except:
        - 172.17.1.0/24
    - podSelector:
    matchLabels:
      role: frontend
ports:
- protocol: TCP
  port: 6379

出口:-到:-ipBlock:cidr:10.0.0.0/24 端口:-协议:TCP 端口:5978

于 2020-04-16T12:10:45.860 回答