16.4. 检查策略

流程

1. 登录到初始化 Skupper 站点的命名空间。

2. 检查是否允许传入的链接：

   $ kubectl exec deploy/skupper-service-controller -- get policies incominglink
   
   ALLOWED POLICY ENABLED ERROR                                                   ALLOWED BY
   false   true           Policy validation error: incoming links are not allowed

   Copy to Clipboard Toggle word wrap

   在本例中，策略不允许传入的链接。

3. 检查其他策略：

   $ kubectl exec deploy/skupper-service-controller -- get policies
   Validates existing policies
   
   Usage:
     get policies [command]
   
   Available Commands:
     expose       Validates if the given resource can be exposed
     incominglink Validates if incoming links can be created
     outgoinglink Validates if an outgoing link to the given hostname is allowed
     service      Validates if service can be created or imported

   Copy to Clipboard Toggle word wrap

   如上所示，通过指定您要执行的操作来检查每种策略类型的命令，例如，检查是否可以公开 nginx 部署：

   $ kubectl  exec deploy/skupper-service-controller -- get policies expose deployment nginx
   ALLOWED POLICY ENABLED ERROR                                                       ALLOWED BY
   false   true           Policy validation error: deployment/nginx cannot be exposed

   Copy to Clipboard Toggle word wrap

   如果允许 nginx 部署，同一命令会显示允许该资源，并显示启用它的策略 CR 的名称：

   $ kubectl  exec deploy/skupper-service-controller -- get policies expose deployment nginx
   ALLOWED POLICY ENABLED ERROR                                                       ALLOWED BY
   true    true                                                                       allowedexposedresources

   Copy to Clipboard Toggle word wrap