Bug 1567122
Summary: | [RFE] Multiple projects to use same static egress ip to outside | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Dmitry Zhukovski <dzhukous> |
Component: | RFE | Assignee: | Marc Curry <mcurry> |
Status: | CLOSED DEFERRED | QA Contact: | Xiaoli Tian <xtian> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 3.9.0 | CC: | ahalpeth, aos-bugs, bbennett, byron.collins, ckoep, danw, dcaldwel, dmoessne, gferrazs, jokerman, maupadhy, mcurry, mmccomas, palonsor, pamoedom, rsandu, sagopina, shsaxena, vwalek, yhe |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-01-07 09:49:33 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Dmitry Zhukovski
2018-04-13 13:02:46 UTC
(In reply to Dmitry Zhukovski from comment #0) > May be it is something like > https://github.com/openshift/origin/blob/master/pkg/network/node/egressip. > go#L330 mark packet should here be the same in all projects (now its > different because its using vnid there). It was probably like that before, > but then there was that problem where odd egress ips did not work. No, the code already checks before that point that no NetNamespaces share the same egress IP. We could change this easily enough, but the reason for the existing check is to make sure that admins didn't *accidentally* assign the same egress IP to two namespaces. > the number of ipv4 addresses are usually not enough in companies. Indeed. The real problem here is that we're trying to to use 1990s technology (access restrictions based on IP addresses) in a 2010s cloud computing environment. There needs to be a better solution for authenticating pods to the network... *** Bug 1652648 has been marked as a duplicate of this bug. *** This is a reasonable request, but we won't realistically have the ability to do work on this in the near future. With the major refactoring that happened with OpenShift 4 this is unlikely to have priority before Q1CY2020. We can consider re-addressing this at that time. The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days |