OpenShift Network Plugins

From NovaOrdis Knowledge Base
Revision as of 19:15, 17 October 2017 by Ovidiu (talk | contribs) (→‎Operations)
Jump to navigation Jump to search

External

Internal

Overview

TODO: unify with the upper layer OpenShift_Concepts#SDN.2C_Overlay_Network

Pods get IP addresses from the cluster network, and the address allocation and packet routing is provided by a software-defined network (SDN), implemented using Open vSwitch (OVS). A specific behavior is provided by the SDN plug-in chosen at installation: subnet, multitenant and networkpolicy.

SDN Plug-Ins

subnet

The "ovs-subnet" plug-in provides a "flat" network: every pod in the cluster can communicate with every other pod and service, regardless of the project (namespace).

Ansible configuration file:

os_sdn_network_plugin_name='redhat/openshift-ovs-subnet'

multitenant

The "ovs-multitenant" is a plug-in that provides project-level isolation for pods and services. Each project gets a unique Virtual Network ID (VNID)

Virtual Network ID (VNID)

The Virtual Network ID (VNID) identifies traffic as being initiated by pods associated with a specific project. Pods from different projects cannot send or receive packets to/from pods and services of a different project, except for those that have VNID 0. VNID 0 allows the pods of the project to communicate with all other pods, and all other pods can communicate with them.

The "default" project has VNID 0.

Configuration

Ansible configuration file:

os_sdn_network_plugin_name='redhat/openshift-ovs-multitenant'

networkpolicy

Operations

Network Operations