Istio ICA考试之路---4-3
- 1. 题目
- 2. 解题
- 2.1 获取模板
- 2.2 修改yaml
1. 题目
Using Kubernetes context cluster-2
Create an authorization policy named "allow-get" in the namespace policy-3,
allowing all GET requests from workloads in the default namespace to the /get path
to all workloads running in the policy-3 namespace.
2. 解题
2.1 获取模板
这题同上一题一样,用的是同一个模板,可以直接将上一题复制然后再上一题的基础上修改
cp 4-2.yaml 4-3.yaml
2.2 修改yaml
这题基本和上一题是一样的,唯一可能有问题的就是AuthorizationPolicy.spce.rules.from.source.namespaces和kubectl explain AuthorizationPolicy.spec.rules.to.operation.paths
可以用命令,一点点获取到
kubectl explain AuthorizationPolicy.spec.
kubectl explain AuthorizationPolicy.spec.rules.
kubectl explain AuthorizationPolicy.spec.rules.from.
kubectl explain AuthorizationPolicy.spec.rules.from.source.
kubectl explain AuthorizationPolicy.spec.rules.from.source.namespaces
# kubectl explain AuthorizationPolicy.spec.rules.to.operation.paths同理不复述了
apiVersion: security.istio.io/v1
kind: AuthorizationPolicy
metadata:name: allow-get #namespace: policy-3 #
spec:action: ALLOWrules:- from:- source:namespaces: ["default"] #to:- operation:methods: ["GET"]paths: ["/get"] #
这题考试没给相关资源,不用做额外的测试,只要记得如何获取namespaces和paths的方法就可以了.
)
)
)