kubernetes - Istio 允许外部流量在没有 ServiceEntry 的情况下通过？

问题描述

我部署了示例睡眠应用程序。

kubectl apply -f samples/sleep/sleep.yaml  

kubectl get pods
NAME                      READY   STATUS    RESTARTS   AGE
httpbin-c868cf575-5tx5g   2/2     Running   0          2m56s
sleep-754684654f-k5ldh    2/2     Running   0          107s

kubectl get ServiceEntry --all-namespaces
No resources found.

我已经可以执行和卷曲外部站点了。

kubectl exec -it sleep-754684654f-k5ldh sh

/ # curl jsonplaceholder.typicode.com/users
[
  {
    "id": 1,
    "name": "Leanne Graham",
    "username": "Bret",
    "email": "Sincere@april.biz",
    "address": {
      "street": "Kulas Light",
      "suite": "Apt. 556",
      "city": "Gwenborough",
      "zipcode": "92998-3874",
      "geo": {
        "lat": "-37.3159",
        "lng": "81.1496"
      }
    },
    "phone": "1-770-736-8031 x56442",
    "website": "hildegard.org",
    "company": {
      "name": "Romaguera-Crona",
      "catchPhrase": "Multi-layered client-server neural-net",
      "bs": "harness real-time e-markets"
    }
  },
...
]/ #

我预计默认情况下无法执行此操作，并且外部流量被阻止需要ServiceEntry允许它，但我已经可以发出外部请求。我错过了一步吗？

标签： kubernetesistio

kubernetes - Istio 允许外部流量在没有 ServiceEntry 的情况下通过？

问题描述

解决方案

推荐阅读