diff --git a/docs/setup/network-plugin/cilium.md b/docs/setup/network-plugin/cilium.md index 257a442..ef2fb91 100644 --- a/docs/setup/network-plugin/cilium.md +++ b/docs/setup/network-plugin/cilium.md @@ -30,9 +30,9 @@ - pod/tiefighter:作为“帝国”方的常规战斗飞船,它会调用上述 HTTP 接口,请求登陆“死星”; - pod/xwing:作为“盟军”方的飞行舰,它也尝试调用 HTTP 接口,请求登陆“死星”; -![cilium_http_gsg](../pics/cilium_http_gsg.jpg) +![cilium_http_gsg](../../../pics/cilium_http_gsg.jpg) -根据文件[http-sw-app.yaml](../roles/cilium/files/star_war_example/http-sw-app.yaml) 创建 `$ kubectl create -f http-sw-app.yaml` 后,验证如下: +根据文件[http-sw-app.yaml](../../../roles/cilium/files/star_war_example/http-sw-app.yaml) 创建 `$ kubectl create -f http-sw-app.yaml` 后,验证如下: ``` bash $ kubectl get pods,svc @@ -86,9 +86,9 @@ Ship landed # 成功着陆 现在我们应用策略,仅让带有标签 `org=empire`的飞船登陆“死星”;那么带有标签 `org=alliance`的“联盟”飞船将禁止登陆;这个就是我们熟悉的传统L3/L4 防火墙策略,并跟踪连接(会话)状态; -![cilium_http_l3_l4_gsg](../pics/cilium_http_l3_l4_gsg.jpg) +![cilium_http_l3_l4_gsg](../../../pics/cilium_http_l3_l4_gsg.jpg) -根据文件[sw_l3_l4_policy.yaml](../roles/cilium/files/star_war_example/sw_l3_l4_policy.yaml) 创建 `$ kubectl apply -f sw_l3_l4_policy.yaml` 后,验证如下: +根据文件[sw_l3_l4_policy.yaml](../../../roles/cilium/files/star_war_example/sw_l3_l4_policy.yaml) 创建 `$ kubectl apply -f sw_l3_l4_policy.yaml` 后,验证如下: ``` bash $ kubectl exec tiefighter -- curl -s -XPOST deathstar.default.svc.cluster.local/v1/request-landing @@ -146,9 +146,9 @@ main.main() temp/main.go:5 +0x85 ``` -![cilium_http_l3_l4_l7_gsg](../pics/cilium_http_l3_l4_l7_gsg.jpg) +![cilium_http_l3_l4_l7_gsg](../../../pics/cilium_http_l3_l4_l7_gsg.jpg) -限制L7 的安全策略,根据文件[sw_l3_l4_l7_policy.yaml](../roles/cilium/files/star_war_example/sw_l3_l4_l7_policy.yaml) 创建 `$ kubectl apply -f sw_l3_l4_l7_policy.yaml` 后,验证如下: +限制L7 的安全策略,根据文件[sw_l3_l4_l7_policy.yaml](../../../roles/cilium/files/star_war_example/sw_l3_l4_l7_policy.yaml) 创建 `$ kubectl apply -f sw_l3_l4_l7_policy.yaml` 后,验证如下: ``` bash $ kubectl exec tiefighter -- curl -s -XPOST deathstar.default.svc.cluster.local/v1/request-landing