Kubernetes。 命名空间隔离
[英]Kubernetes. namespaces isolation
问题描述
Previously, to restrict access between namespaces i used: 
以前,为了限制我使用的名称空间之间的访问:
net.alpha.kubernetes.io/network-isolation: "on"
In version 1.6.1 does not work. 在1.6.1版中不起作用。 The currently proposed version: 当前建议的版本:
net.beta.kubernetes.io/network-policy: |
{
"ingress": {
"isolation": "DefaultDeny"
}
}
The currently proposed version is not satisfied, because you need to create separate policies for the pods. 当前建议的版本不满意,因为您需要为Pod创建单独的策略。
Is there something like this now? 现在有这样的东西吗?
2 个解决方案
解决方案1
0 2017-05-05 05:21:11
I also followed the doc( Declaring Network Policy ) which specifies how you can apply the network policies, I tried all that in a minikube cluster, only to realize that the network provider should also support the NetworkPolicy . 我还遵循了doc( 声明网络策略 ),该文档指定了如何应用网络策略,在minikube集群中尝试了所有这些操作,只是意识到网络提供商还应该支持NetworkPolicy 。
This introductory doc says that NetworkPolicy is supported in Calico, Weave, Romana. 该介绍性文档说,Calico,Weave和Romana支持NetworkPolicy 。
This doc has detailed information of what all providers support NetworkPolicy . 该文档详细介绍了所有提供商都支持NetworkPolicy 。
解决方案2
0 2017-05-11 07:27:35
Which network provider do you use in your cluster? 您在集群中使用哪个网络提供商? Network provider you use should support the NetworkPolicy . 您使用的网络提供商应支持NetworkPolicy 。 NetworkPolicy controller must be setup in your cluster. 必须在群集中设置NetworkPolicy控制器。 If there is no NetworkPolicy controller running in your cluster, NetworkPolicy will not work. 如果群集中没有正在运行的NetworkPolicy控制器,则NetworkPolicy将不起作用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.