| Summary: | RFE : Services restriction / isolation | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Miheer Salunke <misalunk> |
| Component: | RFE | Assignee: | Ben Bennett <bbennett> |
| Status: | CLOSED DEFERRED | QA Contact: | Johnny Liu <jialiu> |
| Severity: | low | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 3.1.0 | CC: | aos-bugs, bbennett, danw, eparis, erich, gregory.nuyttens, hgomes, jokerman, ktadimar, mbarrett, misalunk, mmccomas |
| Target Milestone: | --- | Flags: | hgomes:
needinfo?
(bbennett) |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-03-12 13:54:36 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
This bug has been identified as a dated (created more than 3 months ago) bug. This bug has been triaged (has a trello card linked to it), or reviewed by Engineering/PM and has been put into the product backlog, however this bug has not been slated for a currently planned release (3.9, 3.10 or 3.11), which cover our releases for the rest of the calendar year. As a result of this bugs age, state on the current roadmap and PM Score (being below 70), this bug is being Closed - Differed, as it is currently not part of the products immediate priorities. Please see: https://docs.google.com/document/d/1zdqF4rB3ea8GmVIZ7qWCVYUaQ7-EexUrQEF0MTwdDkw/edit for more details. |
1. Proposed title of this feature request Services restriction / isolation 3. What is the nature and description of the request? At this time we have approximatively 80 VMs which represent multiple environments of multiple tenants (clients). We associate by labels each project to a particular set of VMs of each environment/tenant. For example: Tenant A - environment test : 4 VMs Tenant A - environment integration : 4 VMs Tenant A - environment acceptation : 4 VMs Tenant A - environment production : 4 VMs Tenant B - environment test : 4 VMs Tenant B - environment integration : 4 VMs Tenant B - environment acceptation : 4 VMs Tenant B - environment production : 4 VMs Tenant C - environment test : 4 VMs Tenant C - environment integration : 4 VMs Tenant C - environment acceptation : 4 VMs Tenant C - environment production : 4 VMs The project a-test-1 is exclusively attached to the tenant A/environment test. The project b-prod-1 is exclusively attached to the tenant B/environment production. Ok it looks great but what we can see is that when we create a service inside the project a-test-1, we got a service ip like 172.XXX.XXX.XXX and on EACH VM multiple iptables rules are created & also a random listened port is created(associated to openshift process). In theory it means that services have a hard scale limit today of 60k backends, shared across the entire cluster (the amount of IPs allocated). 60k services seems a bigger value... but we don't have any guarantee that before this 60k we will not have problems. We will restrict the services only like this example: services of our project a-test-1 should be ONLY existing on VMs of the Tenant A - environment test. services of our project b-prod-1should be ONLY existing on VMs of the Tenant B - environment production 7. Is there already an existing RFE upstream or in Red Hat Bugzilla? No 8. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)? OpenshiftEnterprise 3.x 10. List any affected packages or components. OpenshiftEnterprise 3.x, Kubernetes Services