Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
3.3k views
in Technique[技术] by (71.8m points)

networking - Kubernetes network policy issue- pod selector does not work

after 1 hours eye-soring investigation, I gave up and come here for help.

I am using GKE free account for my own poc:

here is the network policy yaml:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: access-nginx
spec:
  policyTypes:
    - Ingress
  podSelector:
    matchLabels:
      season: winter
  ingress:
  - from:
    - podSelector:
        matchLabels:
          abc: granted

and here is the pod yaml:

apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    run: my-nginx
    season: winter
  name: my-nginx
spec:
  containers:
  - image: nginx
    name: pod
    ports:
    - containerPort: 80
    resources: {}
  dnsPolicy: ClusterFirst
  restartPolicy: Always
status: {}          

after creating both items, I create a curl pod without any label and run: kubectl exec pod/curl -it -- curl 10.0.7.205 the IP address 10.0.7.205 is the IP address for the my-nginx pod.

If this works as I hoped for, I should NOT be able to see the reply from the my-NGINX pod. but unfortunately, the network policy does not seem to control the traffic at all for this pod.

anyone?


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)
等待大神解答

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

1.4m articles

1.4m replys

5 comments

57.0k users

...