[英]How can I write a minimal egress NetworkPolicy for a workload that talks to the Kubernetes API server on GKE?
I want to write a minimal egress NetworkPolicy for a workload running on GKE that needs to talk to the apiserver. 我想为需要在apiserver上运行的GKE上运行的工作负载编写一个最小的出口NetworkPolicy。
Is there any other way of doing this other than creating the cluster, getting the address of the LB fronting the apiserver(s) and then templating this into a NetworkPolicy? 除了创建集群,获取api服务器前面的LB地址然后将其模板化为NetworkPolicy之外,还有其他方法可以做到这一点吗? Is there any way of picking an external apiserver IP beforehand that can remain static over cluster recreates?
有没有办法预先选择一个外部apiserver IP,该IP在群集重新创建时可以保持静态? Or, as a last resort, getting some list of CIDRs that GKE will always choose the apiserver LB IP from?
或者,作为最后的手段,获取一些GKE始终会从中选择apiserver LB IP的CIDR列表?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.