16.4. 检查策略
作为开发人员,您可能不知道应用于您的站点的 Skupper 策略。按照以下步骤探索应用到站点的策略。
流程
- 登录到初始化 Skupper 站点的命名空间。
检查是否允许传入的链接:
$ kubectl exec deploy/skupper-service-controller -- get policies incominglink ALLOWED POLICY ENABLED ERROR ALLOWED BY false true Policy validation error: incoming links are not allowed
在本例中,策略不允许传入的链接。
检查其他策略:
$ kubectl exec deploy/skupper-service-controller -- get policies Validates existing policies Usage: get policies [command] Available Commands: expose Validates if the given resource can be exposed incominglink Validates if incoming links can be created outgoinglink Validates if an outgoing link to the given hostname is allowed service Validates if service can be created or imported
如上所示,通过指定您要执行的操作来检查每种策略类型的命令,例如,检查是否可以公开 nginx 部署:
$ kubectl exec deploy/skupper-service-controller -- get policies expose deployment nginx ALLOWED POLICY ENABLED ERROR ALLOWED BY false true Policy validation error: deployment/nginx cannot be exposed
如果允许 nginx 部署,同一命令会显示允许该资源,并显示启用它的策略 CR 的名称:
$ kubectl exec deploy/skupper-service-controller -- get policies expose deployment nginx ALLOWED POLICY ENABLED ERROR ALLOWED BY true true allowedexposedresources
