-
Notifications
You must be signed in to change notification settings - Fork 16
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update egress cluster policy docs (#549)
- Loading branch information
Showing
2 changed files
with
37 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,30 @@ | ||
| The EgressClusterPolicy CRD is used to define cluster-level Egress policy rules, similar to the [EgressPolicy](EgressPolicy.en.md) CRD, but with the added `spec.appliedTo.namespaceSelector` attribute. | ||
|
|
||
| ```yaml | ||
| apiVersion: egressgateway.spidernet.io/v1beta1 | ||
| kind: EgressClusterPolicy | ||
| metadata: | ||
| name: "policy-test" | ||
| spec: | ||
| priority: 100 | ||
| egressGatewayName: "eg1" | ||
| egressIP: | ||
| ipv4: "" | ||
| ipv6: "" | ||
| useNodeIP: false | ||
| appliedTo: | ||
| podSelector: | ||
| matchLabels: | ||
| app: "shopping" | ||
| podSubnet: | ||
| - "172.29.16.0/24" | ||
| - 'fd00:1/126' | ||
| namespaceSelector: # 1 | ||
| matchLabels: | ||
| app: "shopping" | ||
| destSubnet: | ||
| - "10.6.1.92/32" | ||
| - "fd00::92/128" | ||
| ``` | ||
| 1. The `namespaceSelector` uses a selector to select the list of matching namespaces. Within the selected namespace scope, use the `podSelector` to select the matching Pods, and then apply the Egress policy to these selected Pods. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,35 +1,30 @@ | ||
| # EgressClusterPolicy | ||
| EgressClusterPolicy CRD 用于定义集群级 Egress 策略规则,与 [EgressPolicy](EgressPolicy.zh.md) CRD 类似,但增加了 `spec.appliedTo.namespaceSelector` 属性。 | ||
|
|
||
| ## 简介 | ||
|
|
||
| EgressClusterGatewayPolicy CRD 用于定义集群级 Egress 策略规则。其用法与 EgressGatewayPolicy CRD 相比多了 `spec.appliedTo.namespaceSelector` 属性。 | ||
|
|
||
| ## CRD | ||
| ```yaml | ||
| apiVersion: egressgateway.spidernet.io/v1beta1 | ||
| kind: EgressClusterPolicy | ||
| metadata: | ||
| name: "policy-test" | ||
| spec: | ||
| priority: 100 | ||
| priority: 100 | ||
| egressGatewayName: "eg1" | ||
| egressIP: | ||
| ipv4: "" | ||
| ipv4: "" | ||
| ipv6: "" | ||
| useNodeIP: false | ||
| appliedTo: | ||
| podSelector: | ||
| matchLabels: | ||
| app: "shopping" | ||
| podSubnet: | ||
| - "172.29.16.0/24" | ||
| - 'fd00:1/126' | ||
| namespaceSelector: # 1 | ||
| - "172.29.16.0/24" | ||
| - 'fd00:1/126' | ||
| namespaceSelector: # 1 | ||
| matchLabels: | ||
| app: "shopping" | ||
| destSubnet: | ||
| - "10.6.1.92/32" | ||
| - "fd00::92/128" | ||
| ``` | ||
| 1. namespaceSelector:该属性使用 selector 选择匹配租户列表,再使用 `podSelector` 选择租户范围下匹配中的 Pod,然后对选择中的 Pod 应用 Egress 策略。 | ||
| 1. `namespaceSelector` 使用 selector 选择匹配的命名空间列表。在选定的命名空间范围内,使用 `podSelector` 选择匹配的 Pod,然后对这些选中的 Pod 应用 Egress 策略。 |