Kubernetes：阻止pod与节点IP通信

vbkedwbf 于 2022-12-11 发布在 Kubernetes

关注(0)|答案(2)|浏览(227)

I have a Kubernetes cluster running behind a NAT. Now I want to forbid the pods to communicate with the network in which my Kubernetes nodes / servers are. The network has the CIRD: 10.12.12.0/27 .
I've already tried the Kubernetes NetworkPolicy, but I haven't figured out how to prohibit communication with certain IPs. Instead, I have limited the Konnunikation to these IP's. Here is my previous NetworkPolicy:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: block-net-kubernetes
  namespace: default
spec:
  podSelector:
    matchLabels:
      namespace: default
  policyTypes:
    - Egress
  egress:
    - to:
        - ipBlock:
            cidr: 10.12.12.0/27

Many thanks in advance! Kind regards Niclas

kubernetes

来源：https://stackoverflow.com/questions/74706037/kubernetes-prevent-pods-from-communicating-with-the-node-ips

2条答案

按热度按时间

uqxowvwt1#

您可以使用expect块来过滤掉一些IP。

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: block-net-kubernetes
  namespace: default
spec:
  podSelector:
    matchLabels:
      namespace: default
  policyTypes:
    - Egress
  egress:
    - to:
        - ipBlock:
            cidr: 0.0.0.0/0
            except:
              - 10.12.12.0/27

赞(0）回复(0）举报 2022-12-11

7y4bm7vi2#

感谢P...！它工作了！但是有一个小小的格式错误：except:语句需要再缩进一次，如下所示：

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: block-net-kubernetes
  namespace: default
spec:
  podSelector:
    matchLabels:
      namespace: default
  policyTypes:
    - Egress
  egress:
    - to:
        - ipBlock:
            cidr: 0.0.0.0/0
            except:
              - 10.12.12.0/27

赞(0）回复(0）举报 2022-12-11

我来回答

Kubernetes：阻止pod与节点IP通信

2条答案

相关问题

热门标签

最新问答