How to allow access to kubernetes api using egress network policy?

后端 未结 3 1494
花落未央
花落未央 2021-02-13 14:36

Init container with kubectl get pod command is used to get ready status of other pod.

After Egress NetworkPolicy was turned on init container can\'t access

3条回答
  •  逝去的感伤
    2021-02-13 15:14

    You need to get the real ip of the master using 'kubectl get endpoints --namespace default kubernetes' and make an egress policy to allow that.

    ---
    kind: NetworkPolicy
    apiVersion: networking.k8s.io/v1 
    metadata:
      name: allow-apiserver
      namespace: test
    spec:
      policyTypes:
      - Egress
      podSelector: {}
      egress:
      - ports:
        - port: 443
          protocol: TCP
        to:
        - ipBlock:
            cidr: x.x.x.x/32
    

提交回复
热议问题