问题描述
@H_502_1@apiVersion: apps/v1 kind: Deployment Metadata: creationTimestamp: null labels: app: redis name: redis spec: replicas: 1 selector: matchLabels: app: redis strategy: {} template: Metadata: creationTimestamp: null labels: app: redis spec: containers: - image: redis:alpine name: redis resources: {} status: {}
问题 1:您如何通过端口 8080 上的 @H_502_1@ClusterIP 服务公开此部署。
问题 2 :我将如何创建新的入口类型 @H_502_1@NetworkPolicy 以仅允许带有标签 @H_502_1@access=redis 的 Pod 访问部署。
解决方法
服务
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
selector:
app: redis
ports:
- protocol: TCP
port: 8080
targetPort: 6379
网络政策
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: test-network-policy
spec:
podSelector:
matchLabels:
app: redis
policyTypes:
- Ingress
ingress:
- from:
- podSelector:
matchLabels:
access: redis
ports:
- protocol: TCP
port: 6379