OpenShift Network Plugins: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 26: Line 26:
==multitenant==
==multitenant==


The "ova-multitenant" is a plug-in that provides project-level isolation for pods and services. Each project gets a unique [[#Virtual_Network_ID_.28VNID.29|Virtual Network ID (VNID)]]
The "ovs-multitenant" is a plug-in that provides project-level isolation for pods and services. Each project gets a unique [[#Virtual_Network_ID_.28VNID.29|Virtual Network ID (VNID)]]


===Virtual Network ID (VNID)===
===Virtual Network ID (VNID)===

Revision as of 19:04, 17 October 2017

External

Internal

Overview

TODO: unify with the upper layer OpenShift_Concepts#SDN.2C_Overlay_Network

Pods get IP addresses from the cluster network, and the address allocation and packet routing is provided by a software-defined network (SDN), implemented using Open vSwitch (OVS). A specific behavior is provided by the SDN plug-in chosen at installation: subnet, multitenant and networkpolicy.

SDN Plug-Ins

subnet

The "ovs-subnet" plug-in provides a "flat" network: every pod in the cluster can communicate with every other pod and service, regardless of the project (namespace).

Ansible configuration file:

os_sdn_network_plugin_name='redhat/openshift-ovs-subnet'

multitenant

The "ovs-multitenant" is a plug-in that provides project-level isolation for pods and services. Each project gets a unique Virtual Network ID (VNID)

Virtual Network ID (VNID)

Configuration

Ansible configuration file:

os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant'

networkpolicy

Operations

Information about the network plugin and network status:

oc get clusternetwork

Information about virtual networks assigned to each project:

oc get namespaces