Kubernetes：如何使用 NetworkPolicy 将流量限制为仅标记为“A”和“B”的两种类型的 Pod

我有两种类型的豆荚 A 和 B

Pod 类型 A

#include <stdio.h>
#include <stdlib.h>
#include <cstdio>
#include <iostream>
#include <chrono>
#include <random>
#include <cuda.h>
#include <cusolverDn.h>
#include <cuda_runtime.h>
#include <cuComplex.h>      // deal with complex numbers
#include <cuda_profiler_api.h>
    
using namespace std::chrono;

#define N 6
#define numOfMat 500000
#define gpuErrchk(ans) { gpuAssert((ans),__FILE__,__LINE__); }
inline void gpuAssert(cudaError_t code,const char *file,int line,bool abort=true)
{
   if (code != cudaSuccess)
   {
      fprintf(stderr,"GPUassert: %s %s %d\n",cudaGetErrorString(code),file,line);
      if (abort) exit(code);
   }
}

int main() {
    std::random_device device;
    std::mt19937 generator(device());
    std::uniform_real_distribution<double> distribution(1.,5.);
    high_resolution_clock::time_point t1;
    high_resolution_clock::time_point t2;
    double duration = 0;
    double duration_1 = 0;

    // step 1: cuda solver initialization
    cublasHandle_t cublas_handle;
    cublasCreate_v2(&cublas_handle);
    cublasstatus_t stat;

    int* PivotArray;
    int* infoArray;
    cudaError_t cudaStatUnified1 = cudaSuccess;
    cudaError_t cudaStatUnified2 = cudaSuccess;
    const cuDoubleComplex alpha = make_cuDoubleComplex(1.0f,0.0f);
    cudaStatUnified1 = cudamallocManaged(&PivotArray,N * numOfMat * sizeof(int));
    cudaStatUnified2 = cudamallocManaged(&infoArray,numOfMat * sizeof(int));
    if ((cudaSuccess != cudaStatUnified1) || (cudaSuccess != cudaStatUnified2))
        std::cout <<"unified memory allocated unsuccessful!"<<std::endl;

    //ALLOCATE MEMORY - using unified memory
    cuDoubleComplex** h_A;
    cudamallocManaged(&h_A,sizeof(cuDoubleComplex*) * numOfMat);
    cudamallocManaged(&(h_A[0]),sizeof(cuDoubleComplex)*numOfMat*N*N);
    for (int nm = 1; nm < numOfMat; nm++)
        h_A[nm] = h_A[nm-1]+ N * N;

    cuDoubleComplex** h_b;
    cudamallocManaged(&h_b,sizeof(cuDoubleComplex*) * numOfMat);
    cudamallocManaged(&(h_b[0]),sizeof(cuDoubleComplex) * numOfMat * N);
    for (int nm = 1; nm < numOfMat; nm++)
        h_b[nm] = h_b[nm-1] + N;

    // FILL MATRICES
    for (int nm = 0; nm < numOfMat; nm++)
      for (int i = 0; i < N; i++)
        for (int j = 0; j < N; j++)
          h_A[nm][j * N + i] = make_cuDoubleComplex(distribution(generator),distribution(generator));

    // FILL COEFFICIENTS
    for (int nm = 0; nm < numOfMat; nm++)
      for (int i = 0; i < N; i++)
        h_b[nm][i] = make_cuDoubleComplex(distribution(generator),distribution(generator));

    t1 = high_resolution_clock::Now();

    // step 2: Perform CUBLAS LU solver
    stat = cublasZgetrfBatched(cublas_handle,N,h_A,PivotArray,infoArray,numOfMat);
    if (stat != CUBLAS_STATUS_SUCCESS) printf ("-data download Failed");
    gpuErrchk( cudaDeviceSynchronize() );
    // check if the input matrix is singular
    /*for (int i = 0; i < numOfMat; i++)
      if (infoArray[i] != 0) {
        fprintf(stderr,"Factorization of matrix %d Failed: Matrix may be singular\n",i);
      }*/

    // step 3: INVERT UPPER AND LOWER TRIANGULAR MATRICES
    // --- Function solves the triangular linear system with multiple RHSs
    // --- Function overrides b as a result
    stat = cublasZtrsmBatched(cublas_handle,CUBLAS_SIDE_LEFT,CUBLAS_FILL_MODE_LOWER,CUBLAS_OP_N,CUBLAS_DIAG_UNIT,1,&alpha,h_b,numOfMat);
    if (stat != CUBLAS_STATUS_SUCCESS) printf ("--data download Failed");
    gpuErrchk( cudaDeviceSynchronize() );

    stat = cublasZtrsmBatched(cublas_handle,CUBLAS_FILL_MODE_UPPER,CUBLAS_DIAG_NON_UNIT,numOfMat);
    if (stat != CUBLAS_STATUS_SUCCESS) printf ("---data download Failed");
    gpuErrchk( cudaDeviceSynchronize() );

    t2 = high_resolution_clock::Now();
    duration = duration_cast<microseconds>(t2 - t1).count();
    std::cout<<duration<<std::endl;
}

Pod 类型 B

apiVersion: v1
kind: Pod
Metadata:
  name: A
  labels:
    environment: production
spec:
...

还有一个 NetworkPolicy（仍然不知道使用 podselection 的正确方法）

apiVersion: v1
kind: Pod
Metadata:
  name: B
  labels:
    environment: production
spec:
...

问题：如何在 Kubernetes 中使用“apiVersion: networking.k8s.io/v1 kind: NetworkPolicy Metadata: name: default-deny-all spec: podSelector: {"A","B"} policyTypes: - Ingress - Egress ”定义单个 NetworkPolicy 以将流量限制为仅 A 和 B pod（入口和出口）

使用的参考文献：https://kubernetes.io/docs/concepts/services-networking/network-policies/

解决方法