Help Center/
Ubiquitous Cloud Native Service/
User Guide/
Policy Center/
Policy Definition Library/
k8scontainerratios
Updated on 2024-02-01 GMT+08:00
k8scontainerratios
Basic Information
Function
The external IP of the Service must be an allowed IP address.
Policy Example
The external IP of the Service can only be the IP address defined in allowedIPs.
apiVersion: constraints.gatekeeper.sh/v1beta1
kind: K8sExternalIPs
metadata:
name: external-ips
spec:
match:
kinds:
- apiGroups: [""]
kinds: ["Service"]
parameters:
allowedIPs:
- "203.0.113.0"
Resource Definition That Complies with the Policy
The IP addresses in externalIPs are those in the allowed IP address list, which complies with the policy instance.
apiVersion: v1
kind: Service
metadata:
name: allowed-external-ip
spec:
selector:
app: MyApp
ports:
- name: http
protocol: TCP
port: 80
targetPort: 8080
externalIPs:
- 203.0.113.0
Resource Definition That Does Not Comply with the Policy
The IP addresses in externalIPs are not in the allowed IP address list, which does not comply with the policy instance.
apiVersion: v1
kind: Service
metadata:
name: disallowed-external-ip
spec:
selector:
app: MyApp
ports:
- name: http
protocol: TCP
port: 80
targetPort: 8080
externalIPs:
- 1.1.1.1
Parent topic: Policy Definition Library
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot
