Bug 1398375 - [RFE] Support for network isolation
Summary: [RFE] Support for network isolation
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: RFE
Version: 3.4.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: Ben Bennett
QA Contact: Xiaoli Tian
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-11-24 15:29 UTC by Flavio Percoco
Modified: 2019-06-12 15:28 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-12 15:28:43 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Flavio Percoco 2016-11-24 15:29:50 UTC 
OpenShift does not allow complex networking. It expects a flat network for containers to be able to float between nodes.

In Red Hat OpenStack Platform (OSP), we currently create separate networks to enable separation of the traffic for some services and to enable more control on the HA side of things. This is a critical feature for many of OSP's customers.

In OpenShift, the need would be to create separate networks that would then be consumed by a specific set of PODs.
Comment 1 Ben Bennett 2017-10-31 19:45:11 UTC 
There is no requirement if using the openshift SDN solution that the nodes be on a flat network.  (But if using flannel, then that is a requirement).

I assume that the RFE is about requiring that all nodes be able to talk to one another... and that the _pod_ network created is flat.

At the moment, the best you can do is to use the NetworkPolicy object to segregate your pod traffic.  Adding multiple networks is being discussed, but it is going to take a while to progress.
Note You need to log in before you can comment on or make changes to this bug.