Bug 1366227
| Summary: | Deterministic IP provisioning for pods within projects | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Jaspreet Kaur <jkaur> |
| Component: | RFE | Assignee: | Ben Bennett <bbennett> |
| Status: | CLOSED ERRATA | QA Contact: | Johnny Liu <jialiu> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 3.2.0 | CC: | aos-bugs, danw, jokerman, mmccomas, tdawson |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-09-27 09:43:45 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Giving the pods deterministic IPs within the cluster doesn't help because all pod-to-external traffic gets NATted, so external servers will see the IP of the node, not the pod. We added an "egress router" feature in 3.3 that allows you to cause certain traffic to get NATted to a special reserved IP address. It looks like it never got added to the official docs, so I'll file a bug about that, but there's a README in the source tree describing how it works: https://github.com/openshift/origin/tree/master/images/router/egress Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:1933 |
1. Proposed title of this feature request Deterministic IP provisioning for pods within projects. 3. What is the nature and description of the request? Pods provisioned, with in a project should have a deterministic set of IP's (range) to which they are allocated. 4. Why does the customer need this? (List the business requirements here) External applications to OpenShift implement "white list" restrictions for access. Applications implemented on OpenShift, cant access these applications because IP's for the pods, are non-deterministic, and dynamic white-list updates are not acceptable change for these "downstream" application to make, simply to accommodate OpenShift applications. 5. How would the customer like to achieve this? (List the functional requirements here) Within the pod .yaml configuration file (or elsewhere) we could have an entry to specify it's IP or an IP range , so that the pod is allocated to this IP or one from the range of IPs. The IP or range can be used by the external applications to add it to their whitelist. 6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented. Using the API we can see that the IP of provisioned pods are within the range of IPs given. 7. Is there already an existing RFE upstream or in Red Hat Bugzilla? No 8. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)? OSE v.3.x targeted, need already exists for this semester. 9. Is the sales team involved in this request and do they have any additional input? No NOTE: It is suggested that this is discussed with them. 10. List any affected packages or components. atomic-openshift-node 11. Would the customer be able to assist in testing this functionality if implemented? yes