|NO.Z.00416|——————————|CloudNative|——|KuberNetes&NetworkPolicy.V08|——|NetworkPolicy.v08|隔离中间件服务.v04|
一、验证网络连通性——配置网络策略——验证同namespace下端口是否通信
### --- 在nw-demo启动一个pod,测试连通性工具
~~~ 启动一个pod
[root@k8s-master01 ~]# kubectl run -ti debug-tools --image=registry.cn-beijing.aliyuncs.com/dotbalo/debug-tools:latest -n nw-demo ### --- 查看启动的pod
~~~ 启动是比较慢的,下载镜像是需要时间的
[root@k8s-master01 ~]# kubectl get po -n nw-demo -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
debug-tools 1/1 Running 0 6m59s 172.25.244.241 k8s-master01 <none> <none>### --- 验证mysql端口是否通信
~~~ mysql端口是不可以通信的
[root@k8s-master01 ~]# kubectl get po -n nw-demo -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
debug-tools 1/1 Running 0 9m59s 172.25.244.241 k8s-master01 <none> <none>
mysql-69d6f69557-ht5cp 1/1 Running 0 23m 172.25.92.115 k8s-master02 <none> <none>
[root@k8s-master01 ~]# kubectl exec -ti debug-tools -n nw-demo -- bash
(13:51 debug-tools:/) curl 172.25.92.115:3306### --- 验证redis端口是否通信
~~~ redis端口是不可以通信的
[root@k8s-master01 ~]# kubectl get po -n nw-demo -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
debug-tools 1/1 Running 0 9m59s 172.25.244.241 k8s-master01 <none> <none>
mysql-69d6f69557-ht5cp 1/1 Running 0 23m 172.25.92.115 k8s-master02 <none> <none>
redis-c9fdb57d5-4wd78 1/1 Running 0 152m 172.17.125.14 k8s-node01 <none> <none>
[root@k8s-master01 ~]# kubectl exec -ti debug-tools -n nw-demo -- bash
(130 13:52 debug-tools:/) curl 172.17.125.14:6379二、若是想要nw-demo命名空间允许访问服务,配置标签即可
### --- 为nw-demo命名空间打上标签
[root@k8s-master01 ~]# kubectl label ns nw-demo access-nw-mysql-redis=true
namespace/nw-demo labeled### --- 验证mysql端口在自己的命名空间下是否通信
~~~ 配置标签后mysql端口是可以通信的
[root@k8s-master01 ~]# kubectl get po -n nw-demo -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
debug-tools 1/1 Running 0 11m 172.25.244.241 k8s-master01 <none> <none>
mysql-69d6f69557-ht5cp 1/1 Running 0 25m 172.25.92.115 k8s-master02 <none> <none>
redis-c9fdb57d5-4wd78 1/1 Running 0 154m 172.17.125.14 k8s-node01 <none> <none>[root@k8s-master01 ~]# kubectl exec -ti debug-tools -n nw-demo -- bash
(13:53 debug-tools:/) curl 172.25.92.115:3306
5.7.23•u2P•
~~~ # OR
[root@k8s-master01 ~]# kubectl exec -ti debug-tools -n nw-demo -- curl 172.25.92.115:3306
5.7.23•[QL
ui••ÿ•ÿᅰ qK3k&tI#mysql_native_password••ot packets out of order### --- 验证redis端口在自己的命名空间下是否通信
~~~ 配置标签后redis端口是可以通信的
[root@k8s-master01 ~]# kubectl get po -n nw-demo -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
debug-tools 1/1 Running 0 11m 172.25.244.241 k8s-master01 <none> <none>
mysql-69d6f69557-ht5cp 1/1 Running 0 25m 172.25.92.115 k8s-master02 <none> <none>
redis-c9fdb57d5-4wd78 1/1 Running 0 154m 172.17.125.14 k8s-node01 <none> <none>[root@k8s-master01 ~]# kubectl exec -ti debug-tools -n nw-demo -- bash
(13:53 debug-tools:/) curl 172.17.125.14:6379
-ERR wrong number of arguments for 'get' command
~~~ # OR
[root@k8s-master01 ~]# kubectl exec -ti debug-tools -n nw-demo -- curl 172.17.125.14:6379
-ERR wrong number of arguments for 'get' commandWalter Savage Landor:strove with none,for none was worth my strife.Nature I loved and, next to Nature, Art:I warm'd both hands before the fire of life.It sinks, and I am ready to depart
——W.S.Landor
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 全程不用写代码,我用AI程序员写了一个飞机大战
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 记一次.NET内存居高不下排查解决与启示
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了
· DeepSeek 开源周回顾「GitHub 热点速览」