• K8S网络组件
  flannel 二层网络，不支持网络策略
  calico 支持网络策略

• 网络策略
  ingress # 入站流量
  Engress #出站流量

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: network-policy-1
  namespace: ingress
spec:
  policyTypes:
  - Ingress
  podSelector:
    matchLabels:
      run: pod2
  ingress:
  - from:
    - podSelector:
        matchLabels:
          run: client
    - ipBlock:
        cidr: 0.0.0.0/0
    ports:
    - protocol: TCP
      port: 80

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: network-policy-2
  namespace: default
spec:
  policyTypes:
  - Ingress
  podSelector: {}
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          app: default
    ports:
    - protocol: TCP
      port: 80

Kubernetes-网络模型与策略