Bug 1398375

Summary: [RFE] Support for network isolation
Product: OpenShift Container Platform Reporter: Flavio Percoco <fpercoco>
Component: RFEAssignee: Ben Bennett <bbennett>
Status: CLOSED CURRENTRELEASE QA Contact: Xiaoli Tian <xtian>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 3.4.0CC: aos-bugs, erich, jokerman, mcurry, mmccomas
Target Milestone: ---Keywords: RFE
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-12 15:28:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Flavio Percoco 2016-11-24 15:29:50 UTC 
OpenShift does not allow complex networking. It expects a flat network for containers to be able to float between nodes.

In Red Hat OpenStack Platform (OSP), we currently create separate networks to enable separation of the traffic for some services and to enable more control on the HA side of things. This is a critical feature for many of OSP's customers.

In OpenShift, the need would be to create separate networks that would then be consumed by a specific set of PODs.
Comment 1 Ben Bennett 2017-10-31 19:45:11 UTC 
There is no requirement if using the openshift SDN solution that the nodes be on a flat network.  (But if using flannel, then that is a requirement).

I assume that the RFE is about requiring that all nodes be able to talk to one another... and that the _pod_ network created is flat.

At the moment, the best you can do is to use the NetworkPolicy object to segregate your pod traffic.  Adding multiple networks is being discussed, but it is going to take a while to progress.