{"id":36225,"date":"2023-06-29T02:42:45","date_gmt":"2023-05-14T01:35:05","guid":{"rendered":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%8f%af%e4%bb%a5%e4%bd%bf%e7%94%a8kubernetes%e7%9a%84nodeport%e5%92%8cnetworkpolicy%e6%9d%a5%e5%ae%9e%e7%8e%b0%e3%80%82\/"},"modified":"2024-04-30T11:12:53","modified_gmt":"2024-04-30T03:12:53","slug":"%e5%8f%af%e4%bb%a5%e4%bd%bf%e7%94%a8kubernetes%e7%9a%84nodeport%e5%92%8cnetworkpolicy%e6%9d%a5%e5%ae%9e%e7%8e%b0%e3%80%82","status":"publish","type":"post","link":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%8f%af%e4%bb%a5%e4%bd%bf%e7%94%a8kubernetes%e7%9a%84nodeport%e5%92%8cnetworkpolicy%e6%9d%a5%e5%ae%9e%e7%8e%b0%e3%80%82\/","title":{"rendered":"\u53ef\u4ee5\u4f7f\u7528Kubernetes\u7684NodePort\u548cNetworkPolicy\u6765\u5b9e\u73b0"},"content":{"rendered":"

\u5982\u679c\u5728Kubernetes\u4e0a\u8fd0\u884cWeb\u670d\u52a1\uff0c\u901a\u5e38\u4f1a\u901a\u8fc7Ingress\u63a7\u5236\u5668\u8fdb\u884c\u8bbf\u95ee\u914d\u7f6e\uff0c\u6211\u8ba4\u4e3a\u4e0d\u9700\u8981\u4f7f\u7528NodePort\uff0c\u4f46\u662f\u6211\u6709\u4e00\u4e2a\u673a\u4f1a\u6765\u7814\u7a76\u4f7f\u7528NodePort\u516c\u5f00\u670d\u52a1\uff0c\u5e76\u4e14\u4f7f\u7528NetworkPolicy\u8fdb\u884c\u901a\u4fe1\u9650\u5236\u662f\u5426\u53ef\u884c\uff1f\u4ee5\u4e0b\u662f\u6211\u7684\u9a8c\u8bc1\u8bb0\u5f55\u3002<\/p>\n

\u4ece\u7ed3\u8bba\u6765\u770b\uff0c\u53ef\u4ee5\u901a\u8fc7NetworkPolicy\u5bf9NodePort\u516c\u5f00\u670d\u52a1\u8fdb\u884c\u901a\u4fe1\u9650\u5236\u3002\u7136\u800c\uff0c\u4e0e\u666e\u901a\u7684NodePort\u4e0d\u540c\uff0c\u5b83\u53ef\u4ee5\u901a\u8fc7Kubernetes\u96c6\u7fa4\u4e0a\u7684\u4efb\u4f55\u8282\u70b9\u8bbf\u95ee\uff0c\u800c\u901a\u8fc7Pod\u6240\u8fd0\u884c\u7684\u8282\u70b9\u7684NodePort\u53ea\u80fd\u5b9e\u8d28\u4e0a\u8fdb\u884c\u901a\u4fe1\u9650\u5236\u3002<\/p>\n

\u73af\u5883 –<\/h1>\n

\u4e4b\u524d\u521b\u5efa\u7684Kubernetes v1.27\u96c6\u7fa4\u3002CNI\u662fCalico\u3002
\n\u94fe\u63a5\uff1ahttps:\/\/qiita.com\/rk05231977\/items\/032feaed7b46fc2bbabd<\/p>\n

\u4f7f\u7528\u4e00\u53f0CP\u8282\u70b9\u548c\u4e00\u53f0Worker\u8282\u70b9\u3002IP\u5730\u5740\u4e3ac1:192.168.0.204\uff0cw1:192.168.0.205\u3002
\n\u5728\u6b64\u57fa\u7840\u4e0a\uff0c\u90e8\u7f72\u4e00\u4e2a\u540d\u4e3aPod1\u7684nginx\u5bb9\u5668\uff0c\u90e8\u7f72\u4e00\u4e2a\u540d\u4e3aPod2\u7684httpd\u5bb9\u5668\uff0c\u5e76\u4e14\u90fd\u901a\u8fc7NodePort\u65b9\u5f0f\u8fdb\u884c\u670d\u52a1\u516c\u5f00\u3002Pod1\u7684\u516c\u5f00\u7aef\u53e3\u53f7\u662f30080\uff0cPod2\u7684\u516c\u5f00\u7aef\u53e3\u53f7\u662f30081\u3002<\/p>\n

\u51c6\u5907\u4e24\u53f0\u8bbe\u5907\u6765\u8bbf\u95eePod\uff0c\u5404\u81ea\u7684IP\u5730\u5740\u4e3ap1: 192.168.0.202\u3001p2: 192.168.0.100\u3002<\/p>\n

Pod\u7684\u90e8\u7f72<\/h1>\n

\u5728\u6d4b\u8bd5\u7528\u7684\u547d\u540d\u7a7a\u95f4\u4e2d\u90e8\u7f72\u4e24\u4e2a\u7528\u4e8e\u8bbf\u95ee\u7684Pod\uff0c\u5e76\u4f7f\u7528NodePort\u65b9\u5f0f\u8fdb\u884c\u516c\u5f00\u3002\u7136\u540e\uff0c\u4f7f\u7528root\u4ee5ssh\u8fde\u63a5\u5230c1\u8282\u70b9\uff0c\u5e76\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\u3002<\/p>\n

# kubectl create ns test\r\n\r\n# cat << EOF > pod1.yaml\r\napiVersion: v1\r\nkind: Pod\r\nmetadata:\r\n  name: pod1\r\n  namespace: test\r\n  labels:\r\n    app: pod1\r\nspec:\r\n  containers:\r\n  - name: nginx\r\n    image: nginx:latest\r\n    ports:\r\n    - containerPort: 80\r\nEOF\r\n# kubectl create -f pod1.yaml\r\n\r\n# cat << EOF > svc1.yaml\r\napiVersion: v1\r\nkind: Service\r\nmetadata:\r\n  name: svc1\r\n  namespace: test\r\nspec:\r\n  type: NodePort\r\n  selector:\r\n    app: pod1\r\n  ports:\r\n    - name: http\r\n      protocol: TCP\r\n      port: 80\r\n      targetPort: 80\r\n      nodePort: 30080\r\nEOF\r\n# kubectl create -f svc1.yaml\r\n\r\n# cat << EOF > pod2.yaml\r\napiVersion: v1\r\nkind: Pod\r\nmetadata:\r\n  name: pod2\r\n  namespace: test\r\n  labels:\r\n    app: pod2\r\nspec:\r\n  containers:\r\n  - name: httpd\r\n    image: httpd:latest\r\n    ports:\r\n    - containerPort: 80\r\nEOF\r\n# kubectl create -f pod2.yaml\r\n# cat << EOF > svc2.yaml\r\napiVersion: v1\r\nkind: Service\r\nmetadata:\r\n  name: svc2\r\n  namespace: test\r\nspec:\r\n  type: NodePort\r\n  selector:\r\n    app: pod2\r\n  ports:\r\n    - name: http\r\n      protocol: TCP\r\n      port: 80\r\n      targetPort: 80\r\n      nodePort: 30081\r\nEOF\r\n# kubectl create -f svc2.yaml\r\n<\/code><\/pre>\n
\u68c0\u67e5Pod\u540e\uff0c\u53d1\u73b0\u4e24\u4e2a\u90fd\u5728w1\u8282\u70b9\u4e0a\u8fd0\u884c\u3002<\/p>\n
[root@c1 ~]# kubectl get pod -n test -o wide\r\nNAME   READY   STATUS    RESTARTS   AGE     IP              NODE   NOMINATED NODE   READINESS GATES\r\npod1   1\/1     Running   0          3m19s   172.16.190.67   w1     <none>           <none>\r\npod2   1\/1     Running   0          2m16s   172.16.190.68   w1     <none>           <none>\r\n<\/code><\/pre>\n
\u7531\u4e8e\u6ca1\u6709\u7279\u522b\u7684\u901a\u4fe1\u9650\u5236\uff0c\u56e0\u6b64\u53ef\u4ee5\u901a\u8fc7\u8282\u70b9\u7aef\u53e3(NodePort)\u8bbf\u95ee\u4efb\u4f55\u4e00\u4e2aPod\u3002<\/p>\n
\uff08p1\u304b\u3089\u30a2\u30af\u30bb\u30b9\uff09\r\n# curl http:\/\/192.168.0.205:30080\r\n...\r\n<title>Welcome to nginx!<\/title>\r\n...\r\n# curl http:\/\/192.168.0.205:30081\r\n<html><body><h1>It works!<\/h1><\/body><\/html>\r\n\r\n\uff08p2\u304b\u3089\u30a2\u30af\u30bb\u30b9\uff09\r\n# curl http:\/\/192.168.0.205:30080\r\n...\r\n<title>Welcome to nginx!<\/title>\r\n...\r\n# curl http:\/\/192.168.0.205:30081\r\n<html><body><h1>It works!<\/h1><\/body><\/html>\r\n<\/code><\/pre>\n
\u53ef\u4ee5\u901a\u8fc7Worker\u8282\u70b9(192.168.0.205)\u8bbf\u95ee\u4e0a\u8ff0\u5185\u5bb9\uff0c\u540c\u65f6\u4e5f\u53ef\u901a\u8fc7CP\u8282\u70b9(192.168.0.204)\u8bbf\u95ee\u3002<\/p>\n
\uff08p1\u304b\u3089\u306e\u30a2\u30af\u30bb\u30b9\uff09\r\n# curl http:\/\/192.168.0.204:30080\r\n...\r\n<title>Welcome to nginx!<\/title>\r\n...\r\n# curl http:\/\/192.168.0.204:30081\r\n<html><body><h1>It works!<\/h1><\/body><\/html>\r\n\r\n\uff08p2\u304b\u3089\u306e\u30a2\u30af\u30bb\u30b9\uff09\r\n# curl http:\/\/192.168.0.204:30080\r\n...\r\n<title>Welcome to nginx!<\/title>\r\n...\r\n# curl http:\/\/192.168.0.204:30081\r\n<html><body><h1>It works!<\/h1><\/body><\/html>\r\n<\/code><\/pre>\n
\u8bbe\u7f6eNetworkPolicy<\/h1>\n
\u6211\u5011\u53ef\u4ee5\u5617\u8a66\u8a2d\u5b9aNetworkPolicy\uff0c\u4ee5\u5141\u8a31\u50c5\u5f9e\u5ba2\u6236\u7aefp1\uff08192.168.0.202\uff09\u8a2a\u554fpod1\uff0c\u5f9e\u4e0a\u8ff0\u72c0\u614b\u958b\u59cb\u3002
\nKubernetes\u7684Network Policy\u8aaa\u660e\u5982\u4e0b\uff1a
\nhttps:\/\/kubernetes.io\/docs\/concepts\/services-networking\/network-policies\/<\/p>\n
\u9996\u5148\u5728\u6d4b\u8bd5\u547d\u540d\u7a7a\u95f4\u4e2d\u8bbe\u7f6edeny all\u7b56\u7565\u3002
\n\u5728c1\u8282\u70b9\u4e0a\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u3002<\/p>\n
# cat << EOF > np1.yaml\r\napiVersion: networking.k8s.io\/v1\r\nkind: NetworkPolicy\r\nmetadata:\r\n  name: default-deny-ingress\r\n  namespace: test\r\nspec:\r\n  podSelector: {}\r\n  policyTypes:\r\n  - Ingress\r\nEOF\r\n# kubectl create -f np1.yaml\r\n<\/code><\/pre>\n
\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0cp1\u548cp2\u7684\u5ba2\u6237\u7aef\u90fd\u65e0\u6cd5\u8fde\u63a5\u5230\u4efb\u4f55Pod\u3002
\n\u63a5\u4e0b\u6765\uff0c\u901a\u8fc7NetworkPolicy\u4f7f\u7528ipBlock\u6307\u5b9ap1\u7684IP\u5730\u5740\uff0c\u4ee5\u4fbf\u53ef\u4ee5\u8bbf\u95eepod1\u3002<\/p>\n
# cat << EOF > np2.yaml\r\napiVersion: networking.k8s.io\/v1\r\nkind: NetworkPolicy\r\nmetadata:\r\n  name: allow-pod1\r\n  namespace: test\r\nspec:\r\n  podSelector:\r\n    matchLabels:\r\n      app: pod1\r\n  policyTypes:\r\n    - Ingress\r\n  ingress:\r\n    - from:\r\n        - ipBlock:\r\n            cidr: 192.168.0.202\/32\r\nEOF\r\n# kubectl create -f np2.yaml\r\n<\/code><\/pre>\n
\u5c1d\u8bd5\u8fde\u63a5\u540e\uff0c\u53ef\u4ee5\u9884\u671f\u5730\u770b\u5230\u8bbf\u95ee\u53d7\u9650\u7684\u60c5\u51b5\u3002<\/p>\n
\uff08p1\u304b\u3089\u306e\u30a2\u30af\u30bb\u30b9\uff09\r\n# curl http:\/\/192.168.0.205:30080\r\n...\r\n<title>Welcome to nginx!<\/title>\r\n...\r\n# curl http:\/\/192.168.0.205:30081\r\ncurl: (28) Failed to connect to 192.168.0.205 port 30081 after 21032 ms: Couldn't connect to server\r\n\r\n\uff08p2\u304b\u3089\u306e\u30a2\u30af\u30bb\u30b9\uff09\r\n# curl http:\/\/192.168.0.205:30080\r\ncurl: (28) Failed to connect to 192.168.0.205 port 30080 after 21002 ms: Timed out\r\n\r\n# curl http:\/\/192.168.0.205:30081\r\ncurl: (28) Failed to connect to 192.168.0.205 port 30081 after 21000 ms: Timed out\r\n\r\n<\/code><\/pre>\n
\u7531\u4e8e\u662fNodePort\uff0c\u5e0c\u671b\u4e5f\u80fd\u4ecec1\u8282\u70b9\u8bbf\u95ee\u3002<\/h1>\n
\u6b63\u5982\u524d\u9762\u6240\u63d0\u5230\u7684\uff0c\u5c3d\u7ba1\u6b64\u65f6\u53ef\u4ee5\u901a\u8fc7w1\u8282\u70b9(192.168.0.205)\u8fdb\u884c\u8bbf\u95ee\uff0c\u4f46\u65e0\u6cd5\u901a\u8fc7c1\u8282\u70b9(192.168.0.204)\u4ece\u5ba2\u6237\u7aefp1\u8fdb\u884c\u8bbf\u95ee\u3002<\/p>\n
\uff08p1\u304b\u3089\u306e\u30a2\u30af\u30bb\u30b9\uff09\r\n# curl http:\/\/192.168.0.204:30080\r\ncurl: (28) Failed to connect to 192.168.0.204 port 30080 after 21049 ms: Couldn't connect to server\r\n<\/code><\/pre>\n
\u6211\u8ba4\u4e3a\u8fd9\u662f\u56e0\u4e3a\u5728\u901a\u8fc7c1\u7684NodePort\u65f6\uff0cp1\u7684IP\u5730\u5740\u7ecf\u8fc7\u4e86NAT\u5730\u5740\u8f6c\u6362\u3002\u4f8b\u5982\uff0c\u5982\u679c\u5c06c1\u8282\u70b9\u7684IP\u5730\u5740\u6dfb\u52a0\u5230NetworkPolicy\u4e2d\uff0c\u5c31\u53ef\u4ee5\u901a\u8fc7c1\u8282\u70b9\u8fdb\u884c\u8bbf\u95ee\u3002<\/p>\n
# cat << EOF > np2.yaml\r\napiVersion: networking.k8s.io\/v1\r\nkind: NetworkPolicy\r\nmetadata:\r\n  name: allow-pod1\r\n  namespace: test\r\nspec:\r\n  podSelector:\r\n    matchLabels:\r\n      app: pod1\r\n  policyTypes:\r\n    - Ingress\r\n  ingress:\r\n    - from:\r\n        - ipBlock:\r\n            cidr: 192.168.0.202\/32\r\n        - ipBlock:\r\n            cidr: 192.168.0.204\/32\r\nEOF\r\n# kubectl apply -f np2.yaml\r\n<\/code><\/pre>\n
\uff08p1\u304b\u3089\u306e\u30a2\u30af\u30bb\u30b9\uff09\r\n# curl http:\/\/192.168.0.204:30080\r\n...\r\n<title>Welcome to nginx!<\/title>\r\n...\r\n<\/code><\/pre>\n
\u4f46\u662f\uff0c\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u5ba2\u6237\u7aef p2 \u4e5f\u53ef\u4ee5\u901a\u8fc7 c1 \u8282\u70b9\u7684 NodePort \u8bbf\u95ee\u5230 pod1\uff0c\u8fd9\u5c06\u4f7f\u6700\u521d\u7684\u76ee\u6807\u53ea\u5141\u8bb8 p1 \u8bbf\u95ee pod1 \u7684\u8981\u6c42\u65e0\u6cd5\u6ee1\u8db3\u3002<\/p>\n
\uff08p2\u304b\u3089\u306e\u30a2\u30af\u30bb\u30b9\uff09\r\n# curl http:\/\/192.168.0.204:30080\r\n...\r\n<title>Welcome to nginx!<\/title>\r\n...\r\n<\/code><\/pre>\n
\u6240\u4ee5\uff0c\u63d0\u4f9b\u50cfIngress\u63a7\u5236\u5668\u914d\u7f6e\u8282\u70b9\u4e00\u6837\u96c6\u4e2d\u5916\u90e8\u8bbf\u95ee\u7684\u8282\u70b9\uff0c\u5e76\u4f7f\u7528NetworkPolicy\u9650\u5236\u901a\u8fc7NodePort\u516c\u5f00\u7684\u670d\u52a1\u7684\u914d\u7f6e\uff0c\u5e76\u4e0d\u594f\u6548\uff0c\u5ba2\u6237\u7aef\u9700\u8981\u76f4\u63a5\u8bbf\u95eePod\u8fd0\u884c\u7684Worker\u8282\u70b9\u7684NodePort\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
\u5982\u679c\u5728Kubernetes\u4e0a\u8fd0\u884cWeb\u670d\u52a1\uff0c\u901a\u5e38\u4f1a\u901a\u8fc7Ingress\u63a7\u5236\u5668\u8fdb\u884c\u8bbf\u95ee\u914d\u7f6e\uff0c\u6211\u8ba4\u4e3a\u4e0d\u9700\u8981\u4f7f\u7528Nod […]<\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-36225","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"\n\u53ef\u4ee5\u4f7f\u7528Kubernetes\u7684NodePort\u548cNetworkPolicy\u6765\u5b9e\u73b0 - Blog - Silicon Cloud<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.silicloud.com\/zh\/blog\/\u53ef\u4ee5\u4f7f\u7528kubernetes\u7684nodeport\u548cnetworkpolicy\u6765\u5b9e\u73b0\u3002\/\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u53ef\u4ee5\u4f7f\u7528Kubernetes\u7684NodePort\u548cNetworkPolicy\u6765\u5b9e\u73b0\" \/>\n<meta property=\"og:description\" content=\"\u5982\u679c\u5728Kubernetes\u4e0a\u8fd0\u884cWeb\u670d\u52a1\uff0c\u901a\u5e38\u4f1a\u901a\u8fc7Ingress\u63a7\u5236\u5668\u8fdb\u884c\u8bbf\u95ee\u914d\u7f6e\uff0c\u6211\u8ba4\u4e3a\u4e0d\u9700\u8981\u4f7f\u7528Nod […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.silicloud.com\/zh\/blog\/\u53ef\u4ee5\u4f7f\u7528kubernetes\u7684nodeport\u548cnetworkpolicy\u6765\u5b9e\u73b0\u3002\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Silicon Cloud\" \/>\n<meta property=\"article:published_time\" content=\"2023-05-14T01:35:05+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-30T03:12:53+00:00\" \/>\n<meta name=\"author\" content=\"\u6587, \u7fd4\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u6587, \u7fd4\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%8f%af%e4%bb%a5%e4%bd%bf%e7%94%a8kubernetes%e7%9a%84nodeport%e5%92%8cnetworkpolicy%e6%9d%a5%e5%ae%9e%e7%8e%b0%e3%80%82\/\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%8f%af%e4%bb%a5%e4%bd%bf%e7%94%a8kubernetes%e7%9a%84nodeport%e5%92%8cnetworkpolicy%e6%9d%a5%e5%ae%9e%e7%8e%b0%e3%80%82\/\",\"name\":\"\u53ef\u4ee5\u4f7f\u7528Kubernetes\u7684NodePort\u548cNetworkPolicy\u6765\u5b9e\u73b0 - Blog - Silicon Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\"},\"datePublished\":\"2023-05-14T01:35:05+00:00\",\"dateModified\":\"2024-04-30T03:12:53+00:00\",\"author\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/64d5cc7727fffbff2f9a2a8da1de3e5c\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%8f%af%e4%bb%a5%e4%bd%bf%e7%94%a8kubernetes%e7%9a%84nodeport%e5%92%8cnetworkpolicy%e6%9d%a5%e5%ae%9e%e7%8e%b0%e3%80%82\/#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%8f%af%e4%bb%a5%e4%bd%bf%e7%94%a8kubernetes%e7%9a%84nodeport%e5%92%8cnetworkpolicy%e6%9d%a5%e5%ae%9e%e7%8e%b0%e3%80%82\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%8f%af%e4%bb%a5%e4%bd%bf%e7%94%a8kubernetes%e7%9a%84nodeport%e5%92%8cnetworkpolicy%e6%9d%a5%e5%ae%9e%e7%8e%b0%e3%80%82\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.silicloud.com\/zh\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u53ef\u4ee5\u4f7f\u7528Kubernetes\u7684NodePort\u548cNetworkPolicy\u6765\u5b9e\u73b0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/\",\"name\":\"Blog - Silicon Cloud\",\"description\":\"\",\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/64d5cc7727fffbff2f9a2a8da1de3e5c\",\"name\":\"\u6587, \u7fd4\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/920c3d673e0bccacc98e5e6b7149bb3c22edd8d39cb753e5d7d7e471498118a1?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/920c3d673e0bccacc98e5e6b7149bb3c22edd8d39cb753e5d7d7e471498118a1?s=96&d=mm&r=g\",\"caption\":\"\u6587, \u7fd4\"},\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/author\/wenxiang\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%8f%af%e4%bb%a5%e4%bd%bf%e7%94%a8kubernetes%e7%9a%84nodeport%e5%92%8cnetworkpolicy%e6%9d%a5%e5%ae%9e%e7%8e%b0%e3%80%82\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"Blog - Silicon Cloud\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u53ef\u4ee5\u4f7f\u7528Kubernetes\u7684NodePort\u548cNetworkPolicy\u6765\u5b9e\u73b0 - Blog - Silicon Cloud","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.silicloud.com\/zh\/blog\/\u53ef\u4ee5\u4f7f\u7528kubernetes\u7684nodeport\u548cnetworkpolicy\u6765\u5b9e\u73b0\u3002\/","og_locale":"zh_CN","og_type":"article","og_title":"\u53ef\u4ee5\u4f7f\u7528Kubernetes\u7684NodePort\u548cNetworkPolicy\u6765\u5b9e\u73b0","og_description":"\u5982\u679c\u5728Kubernetes\u4e0a\u8fd0\u884cWeb\u670d\u52a1\uff0c\u901a\u5e38\u4f1a\u901a\u8fc7Ingress\u63a7\u5236\u5668\u8fdb\u884c\u8bbf\u95ee\u914d\u7f6e\uff0c\u6211\u8ba4\u4e3a\u4e0d\u9700\u8981\u4f7f\u7528Nod […]","og_url":"https:\/\/www.silicloud.com\/zh\/blog\/\u53ef\u4ee5\u4f7f\u7528kubernetes\u7684nodeport\u548cnetworkpolicy\u6765\u5b9e\u73b0\u3002\/","og_site_name":"Blog - Silicon Cloud","article_published_time":"2023-05-14T01:35:05+00:00","article_modified_time":"2024-04-30T03:12:53+00:00","author":"\u6587, \u7fd4","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"\u6587, \u7fd4","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"3 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%8f%af%e4%bb%a5%e4%bd%bf%e7%94%a8kubernetes%e7%9a%84nodeport%e5%92%8cnetworkpolicy%e6%9d%a5%e5%ae%9e%e7%8e%b0%e3%80%82\/","url":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%8f%af%e4%bb%a5%e4%bd%bf%e7%94%a8kubernetes%e7%9a%84nodeport%e5%92%8cnetworkpolicy%e6%9d%a5%e5%ae%9e%e7%8e%b0%e3%80%82\/","name":"\u53ef\u4ee5\u4f7f\u7528Kubernetes\u7684NodePort\u548cNetworkPolicy\u6765\u5b9e\u73b0 - Blog - Silicon Cloud","isPartOf":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website"},"datePublished":"2023-05-14T01:35:05+00:00","dateModified":"2024-04-30T03:12:53+00:00","author":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/64d5cc7727fffbff2f9a2a8da1de3e5c"},"breadcrumb":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%8f%af%e4%bb%a5%e4%bd%bf%e7%94%a8kubernetes%e7%9a%84nodeport%e5%92%8cnetworkpolicy%e6%9d%a5%e5%ae%9e%e7%8e%b0%e3%80%82\/#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.silicloud.com\/zh\/blog\/%e5%8f%af%e4%bb%a5%e4%bd%bf%e7%94%a8kubernetes%e7%9a%84nodeport%e5%92%8cnetworkpolicy%e6%9d%a5%e5%ae%9e%e7%8e%b0%e3%80%82\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%8f%af%e4%bb%a5%e4%bd%bf%e7%94%a8kubernetes%e7%9a%84nodeport%e5%92%8cnetworkpolicy%e6%9d%a5%e5%ae%9e%e7%8e%b0%e3%80%82\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.silicloud.com\/zh\/blog\/"},{"@type":"ListItem","position":2,"name":"\u53ef\u4ee5\u4f7f\u7528Kubernetes\u7684NodePort\u548cNetworkPolicy\u6765\u5b9e\u73b0"}]},{"@type":"WebSite","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website","url":"https:\/\/www.silicloud.com\/zh\/blog\/","name":"Blog - Silicon Cloud","description":"","inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/64d5cc7727fffbff2f9a2a8da1de3e5c","name":"\u6587, \u7fd4","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/920c3d673e0bccacc98e5e6b7149bb3c22edd8d39cb753e5d7d7e471498118a1?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/920c3d673e0bccacc98e5e6b7149bb3c22edd8d39cb753e5d7d7e471498118a1?s=96&d=mm&r=g","caption":"\u6587, \u7fd4"},"url":"https:\/\/www.silicloud.com\/zh\/blog\/author\/wenxiang\/"},{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%8f%af%e4%bb%a5%e4%bd%bf%e7%94%a8kubernetes%e7%9a%84nodeport%e5%92%8cnetworkpolicy%e6%9d%a5%e5%ae%9e%e7%8e%b0%e3%80%82\/#local-main-organization-logo","url":"","contentUrl":"","caption":"Blog - Silicon Cloud"}]}},"_links":{"self":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/36225","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/comments?post=36225"}],"version-history":[{"count":2,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/36225\/revisions"}],"predecessor-version":[{"id":91564,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/36225\/revisions\/91564"}],"wp:attachment":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/media?parent=36225"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/categories?post=36225"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/tags?post=36225"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}