Red Hat Bugzilla – Bug 1258041
RFE: Network isolation for multi-tenant OSE 3 environment.
Last modified: 2017-03-08 13:13 EST
3. What is the nature and description of the request?
At the moment OSE has a flat network structure and any POD can access to the any service available. However, flat network structure is not always acceptable for a multi-tenant environment. For some use-cases it is a requirement to have isolation of traffic from a specific tenant.
4. Why does the customer need this? (List the business requirements here)
Isolation of traffic from different tenants.
5. How would the customer like to achieve this? (List the functional requirements here)
6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.
Pods from different tenants cannot reach Pods and services from other tenants.
7. Is there already an existing RFE upstream or in Red Hat Bugzilla?
8. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)?
Before end of 2015
9. Is the sales team involved in this request and do they have any additional input?
10. List any affected packages or components.
11. Would the customer be able to assist in testing this functionality if implemented?
Network isolation at the project layer is shipping in OSE 3.1. The platform admin will be able to turn on the isolation plugin on the nodes and any project created from that point forward will be isolated from each other. There will remain a concept of a global network namespace so that services like the router can still route services in and out of the PaaS for the project.
Multi-tenant networking plugin is supported in OSE now.
This fix is available in OpenShift Enterprise 3.1.