```## 1. 检查CNI配置是否生效bash# 检查aws-node Pod状态kubectl get pods -n kube-system | grep aws-node# 应该显示 2/2 Running，如果是 1/1 说明network policy agent没启动## 2. 检查ConfigMap配置bashkubectl get configmap amazon-vpc-cni -n kube-system -o yaml | grep enable-network-policy# 应该显示: enable-network-policy-controller: "true"## 3. 检查DaemonSet配置bashkubectl get daemonset aws-node -n kube-system -o yaml | grep enable-network-policy# 应该显示: --enable-network-policy=true## 4. 强制重启aws-node Podbashkubectl rollout restart daemonset/aws-node -n kube-systemkubectl rollout status daemonset/aws-node -n kube-system## 5. 检查是否创建了NetworkPolicybashkubectl get networkpolicy -A# 如果没有NetworkPolicy，网络策略不会生效## 6. 验证测试方法确保你创建了实际的NetworkPolicy资源，仅启用功能不会自动阻止流量：```

Timeline

Elon Musk (@elonmusk) 2025-10-22 16:35:05.139431013 +0800 CST

## 1. 检查CNI配置是否生效
bash
# 检查aws-node Pod状态
kubectl get pods -n kube-system | grep aws-node

# 应该显示 2/2 Running，如果是 1/1 说明network policy agent没启动

## 2. 检查ConfigMap配置
bash
kubectl get configmap amazon-vpc-cni -n kube-system -o yaml | grep enable-network-policy
# 应该显示: enable-network-policy-controller: "true"

## 3. 检查DaemonSet配置
bash
kubectl get daemonset aws-node -n kube-system -o yaml | grep enable-network-policy
# 应该显示: --enable-network-policy=true

## 4. 强制重启aws-node Pod
bash
kubectl rollout restart daemonset/aws-node -n kube-system
kubectl rollout status daemonset/aws-node -n kube-system

## 5. 检查是否创建了NetworkPolicy
bash
kubectl get networkpolicy -A
# 如果没有NetworkPolicy，网络策略不会生效

## 6. 验证测试方法
确保你创建了实际的NetworkPolicy资源，仅启用功能不会自动阻止流量：