OpenShift Network Plugins
External
- https://docs.openshift.com/container-platform/3.5/architecture/additional_concepts/sdn.html
- https://docs.openshift.com/container-platform/3.5/install_config/configuring_sdn.html
Internal
Overview
TODO: unify with the upper layer OpenShift_Concepts#SDN.2C_Overlay_Network
Pods get IP addresses from the cluster network, and the address allocation and packet routing is provided by a software-defined network (SDN), implemented using Open vSwitch (OVS). A specific behavior is provided by the SDN plug-in chosen at installation: subnet, multitenant and networkpolicy.
SDN Plug-Ins
subnet
The "ovs-subnet" plug-in provides a "flat" network: every pod in the cluster can communicate with every other pod and service, regardless of the project (namespace).
Ansible configuration file:
os_sdn_network_plugin_name='redhat/openshift-ovs-subnet'
multitenant
The "ovs-multitenant" is a plug-in that provides project-level isolation for pods and services. Each project gets a unique Virtual Network ID (VNID)
Virtual Network ID (VNID)
The Virtual Network ID (VNID) identifies traffic as being initiated by pods associated with a specific project. Pods from different projects cannot send or receive packets to/from pods and services of a different project, except for those that have VNID 0. VNID 0 allows the pods of the project to communicate with all other pods, and all other pods can communicate with them.
The "default" project has VNID 0.
Configuration
Ansible configuration file:
os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant'