Rancher Server 设置
- Rancher 版本:V2.4.8
- 在线或离线部署:doucker一键部署
问题描述:
在容器查看/编辑YAML 里面新增了一项允许的ip段,保存后再去查看YAML添加的那一行不见了。
请问要怎么设置当前容器只允许部分IP访问?
[/details]
[/details]
你是在哪个 workload 里添加的? 你把完整的 yaml 发给我下
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: “31”
field.cattle.io/creatorId: user-2mntb
field.cattle.io/publicEndpoints: ‘[{“nodeName”:“c-7vvml:m-77ca3b18e675”,“addresses”:[“192.168.31.202”],“port”:8080,“protocol”:“TCP”,“podName”:“web:web-booking-69b84f4cf-ndjkc”,“allNodes”:false}]’
creationTimestamp: “2023-08-09T00:53:18Z”
generation: 2185
labels:
cattle.io/creator: norman
workload.user.cattle.io/workloadselector: deployment-web-web-booking
name: web-booking
namespace: web
resourceVersion: “146954648”
selfLink: /apis/apps/v1/namespaces/web/deployments/web-booking
uid: 2ed14b26-da2f-4a3b-a575-306561f10a6a
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
workload.user.cattle.io/workloadselector: deployment-web-web-booking
strategy:
type: Recreate
template:
metadata:
annotations:
cattle.io/timestamp: “2025-06-10T07:04:24Z”
field.cattle.io/ports: ‘[[{“containerPort”:80,“dnsName”:“web-booking-hostport”,“hostPort”:8080,“kind”:“HostPort”,“name”:“80to80”,“protocol”:“TCP”,“sourcePort”:8080}]]’
workload.cattle.io/state: ‘{“bWFzdGVyLW5vZGU=”:“c-7vvml:m-77ca3b18e675”,“d29ya2VyLW5vZGUx”:“c-7vvml:m-beb8252e17ab”}’
creationTimestamp: null
labels:
workload.user.cattle.io/workloadselector: deployment-web-web-booking
spec:
containers:
- image: openresty:latest
imagePullPolicy: Never
name: web-booking
ports:
- containerPort: 80
hostPort: 8080
name: 80to80
protocol: TCP
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities: {}
privileged: false
readOnlyRootFilesystem: false
runAsNonRoot: false
stdin: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
tty: true
volumeMounts:
- mountPath: /etc/nginx/conf.d
name: vol2
- mountPath: /usr/share/nginx/html
name: vol1
dnsPolicy: ClusterFirst
nodeName: master-node
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- configMap:
defaultMode: 256
items:
- key: booking
path: default.conf
name: web-nginx
optional: false
name: vol2
- name: vol1
persistentVolumeClaim:
claimName: web-booking
status:
availableReplicas: 1
conditions:
- lastTransitionTime: “2023-08-09T01:23:41Z”
lastUpdateTime: “2025-06-10T07:04:33Z”
message: ReplicaSet “web-booking-69b84f4cf” has successfully progressed.
reason: NewReplicaSetAvailable
status: “True”
type: Progressing - lastTransitionTime: “2025-07-09T05:30:04Z”
lastUpdateTime: “2025-07-09T05:30:04Z”
message: Deployment has minimum availability.
reason: MinimumReplicasAvailable
status: “True”
type: Available
observedGeneration: 2185
readyReplicas: 1
replicas: 1
updatedReplicas: 1
ipBlock 是 NetworkPolicy 的资源,你在 deployment 里加,肯定不会成功啊
那我想给单个工作负载设置ip限制,需要在哪里设置?
就用 NetworkPolicy 啊,你可以去查查 NetworkPolicy 的文档