Kubernetes Cronjob标签 [英] Kubernetes Cronjob labeling
问题描述
由于我看到的相关文章很少,但没有一个回答我的问题,我想我也会根据其他用户的建议提出一个新问题
As I have seen few related posts but none answered my question, I thought I would ask a new question based on suggestions from other users as well here.
我需要为正在运行的cronjob的网络策略创建选择器标签,该网络策略负责连接到集群中的其他服务,据我所知,没有简单的直接方法可以创建选择器标签对于作业窗格,因为如果存在重复的作业标签,这将是一个问题.不确定为什么cronjob本身没有选择器,然后可以将其应用于作业和广告连播.
I have the need to make a selector label for a network policy for a running cronjob that is responsible to connect to some other services within the cluster, as far as I know there is no easy straight forward way to make a selector label for the jobs pod as that would be problematic with duplicate job labels if they ever existed. Not sure why the cronjob can't have a selector itself, and then can be applied to the job and the pod.
还有可能只是将cronjob设置在其自己的名称空间中,然后允许将该名称空间中的所有内容设置为网络策略所需的任何内容,但感觉并非解决该问题的正确方法.
also there might be a possibility to just set this cronjob in its own namespace and then allow all from that one namespace to whatever needed in the network policy but does not feel like the right way to overcome that problem.
使用k8s v1.20
Using k8s v1.20
推荐答案
首先,选择 NetworkPolicy 允许的pod(由您的 CronJob 生成)>作为入口源或出口目的地,您可以为这些吊舱设置特定的标签.
First of all, to select pods (spawned by your CronJob) that should be allowed by the NetworkPolicy as ingress sources or egress destinations, you may set specific label for those pods.
您可以使用标签字段轻松地为 CronJob 生成的 Job 设置标签(另一个示例及其说明可以在
You can easily set a label for Jobs spawned by CronJob using labels field (another example with an explanation can be found in the OpenShift CronJobs documentation):
---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: mysql-test
spec:
...
jobTemplate:
spec:
template:
metadata:
labels:
workload: cronjob # Sets a label for jobs spawned by this CronJob.
type: mysql # Sets another label for jobs spawned by this CronJob.
...
此 CronJob 生成的Pod将具有标签 type = mysql 和 workload = cronjob ,使用此标签,您可以创建/自定义 NetworkPolicy :
Pods spawned by this CronJob will have the labels type=mysql and workload=cronjob, using this labels you can create/customize your NetworkPolicy:
$ kubectl get pods --show-labels
NAME READY STATUS RESTARTS AGE LABELS
mysql-test-1615216560-tkdvk 0/1 Completed 0 2m2s ...,type=mysql,workload=cronjob
mysql-test-1615216620-pqzbk 0/1 Completed 0 62s ...,type=mysql,workload=cronjob
mysql-test-1615216680-8775h 0/1 Completed 0 2s ...,type=mysql,workload=cronjob
$ kubectl describe pod mysql-test-1615216560-tkdvk
Name: mysql-test-1615216560-tkdvk
Namespace: default
...
Labels: controller-uid=af99e9a3-be6b-403d-ab57-38de31ac7a9d
job-name=mysql-test-1615216560
type=mysql
workload=cronjob
...
例如,此 mysql-workload NetworkPolicy 允许从带有标签 type的任何Pod连接到和 mysql 命名空间中的所有Pod.在带有标签 namespace-name = default 的命名空间中= mysql workload = cronjob (逻辑结合):
注意::请小心使用正确的YAML(请看以下命名空间选择器和podSelector示例).
For example this mysql-workload NetworkPolicy allows connections to all pods in the mysql namespace from any pod with the labels type=mysql and workload=cronjob (logical conjunction) in a namespace with the label namespace-name=default :
NOTE: Be careful to use correct YAML (take a look at this namespaceSelector and podSelector example).
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: mysql-workload
namespace: mysql
spec:
podSelector: {}
policyTypes:
- Ingress
ingress:
- from:
- namespaceSelector:
matchLabels:
namespace-name: default
podSelector:
matchLabels:
type: mysql
workload: cronjob
要使用网络策略,您必须使用支持 NetworkPolicy 的网络解决方案:
To use network policies, you must be using a networking solution which supports NetworkPolicy:
网络策略由网络插件实施.要使用网络策略,您必须使用支持NetworkPolicy的网络解决方案.在没有实现该策略的控制器的情况下创建NetworkPolicy资源将无效.
Network policies are implemented by the network plugin. To use network policies, you must be using a networking solution which supports NetworkPolicy. Creating a NetworkPolicy resource without a controller that implements it will have no effect.
您可以在 查看全文
