在用于声明网络策略的文档的基本示例中:
https://kubernetes.io/docs/concepts/services-networking/network-policies/#the-networkpolicy-resource
因此,根据文档,这设置了几条规则:
So, the example NetworkPolicy:
- isolates “role=db” pods in the “default” namespace for both ingress
and egress traffic (if they weren’t already isolated)
- allows connections to TCP port 6379 of “role=db” pods in the “default”
namespace from any pod in the “default” namespace with the
label “role=frontend”
- allows connections to TCP port 6379 of “role=db” pods
in the “default” namespace from any pod in a namespace with
the label “project=myproject”
...
这是否意味着“role=db”标签的 pod 可以从以下位置接收连接:
谢谢!
最佳答案
kubernetes network recipe "ALLOW traffic from apps using multiple selectors"清楚了:
- Rules specified in
spec.ingress.from
are OR'ed.- This means the pods selected by the selectors are combined are whitelisted altogether.
关于kubernetes - 多个网络策略规则是否按逻辑处理为 "and"规则或 "or"?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49123203/