Bug 1346466
| Summary: | Make the SDN able to handle multiple networks | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Steven Walter <stwalter> |
| Component: | RFE | Assignee: | Ben Bennett <bbennett> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Johnny Liu <jialiu> |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 3.2.0 | CC: | aos-bugs, bbennett, cbucur, dapark, dmoessne, dominik.mierzejewski, ealcaniz, erich, fdeutsch, fshaikh, haowang, jeder, jkaur, jokerman, jolee, jrosenta, jshepherd, jstransk, knakayam, mcurry, misalunk, mmccomas, nhashimo, ofalk, rkshirsa, sardella, stwalter |
| Target Milestone: | --- | ||
| Target Release: | 4.1.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | 4.1 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-06-20 00:25:56 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1553555 | ||
*** Bug 1353193 has been marked as a duplicate of this bug. *** Primary Trello card: https://trello.com/c/3QQuXExk 1. Proposed title of this feature request Support for Multiple interfaces for Docker Container/Pod in Openshift Enterprise 3. What is the nature and description of the request? To create more than one network interface for a docker container or pod on Openshift Enterprise? We have two ethernet interfaces (eth0, eth1) on one host server which are connected to two different networks. The idea is to connect both networks to the docker containers. Does docker daemon or pod currently support connecting multiple network interfaces on a single host? The networking stack can be on flanneld or OpenvSwitch or docker libnetwork. AFAIK, docker libnetwork is not supported for kubernetes. So if there is a solution in flanneld or Openvswitch then it is fine with me. Couple of issues in Docker Libnetwork and Flanneld Github repositories. Both are still open. Added here for your reference: https://github.com/docker/libnetwork/issues/758 https://github.com/coreos/flannel/issues/392 By default every pod has one network interface which can be connected to a network. Our need is to connect more than one interface to the same pod/container. The networking driver can be flanneld or openvswitch. This is for Openshift Enterprise 3.2. Couldn't find any documentation about multiple ethernet interfaces for a pod or container. Not sure if that functionality is already supported or not. This is for Openshift Enterprise 3.2. We have a need to connect more than one network to a single pod or container. Couldn't find any documentation on how to do it for Openshift Enterprise. We are using overlay networks in our setup. For the current Openshift setup we used Openvswitch plugins. We are open to use other networking plugins (ex. flannel) on top of overlay network if it supports our requirement. As already stated, we need to connect two different ethernet interfaces on a server to the same docker container so that the container is connected two different networks. Attached two example configurations using Flannel and Docker libnetwork. Trello card https://trello.com/c/6kqkxw2X Implementing this feature is probably the best way to fix https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1069 What about NetworkPolicies - couldn't they also help to mitigate this problem? While I agree NetworkPolicies could help prevent traffic to a Openshift services, it does not help in identifying network traffic per pod that's reaching an external service, such as a network storage device, so that that traffic can be blocked. What about the namespace-wide egress IP? https://trello.com/c/hwivBoNF A fully-automatic version will be available when https://trello.com/c/hwivBoNF lands. Then you could give a range of IPs to be allocated to projects and then you can identify what project traffic comes from, or use a firewall rule to limit the subnet given to projects. Hi, can we have any update on how we are going to proceed further with this RFE/BZ? With OpenShift 4.1 we add a new capability for multiple pod network interfaces using Multus as the enabling technology. |
1. Proposed title of this feature request Multiple networks in the SDN 3. What is the nature and description of the request? The customer wants to have multiples NICs in OSE nodes, to choose which is the default NIC for each pod. This allows, for instance, Dev and Pre pods running in the same node, and chose the external network/NIC for each pod. Thus isolated environment versions on same nodes. 4. Why does the customer need this? (List the business requirements here) Allowing isolation of services, but being able to combine on the same node, which allows flexibility within the same cluster. 5. How would the customer like to achieve this? (List the functional requirements here) Ability to choose a network interface or separate network for a given pod. 6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented. Should be able to run multiple pods on one node selecting different network interfaces (to allow dev and pre pods to run isolated but on the same node) 7. Is there already an existing RFE upstream or in Red Hat Bugzilla? No, Trello card exists https://trello.com/c/naz15EgJ/ 11. Would the customer be able to assist in testing this functionality if implemented? Possibly