[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Clarification



The scenario where I saw this happening was running a Consul with default settings. Because multiple different clusters were started using default settings the access details were the same. The way Consul finds other nodes is via Gossip which is done over UDP.
 
By changing the settings for Consul this was resolved. This is also how I detected that other instances were running from a previous deploy. Consul nodes were popping up that I had previous deleted by deleting either the Pod or RC and yet the container in the Pod for the Consul agent was still running.

-- 
Srinivas Kotaru


On 9/8/16, 12:44 PM, "Dan Winship" <danw redhat com> wrote:

    On 09/08/2016 03:32 PM, Srinivas Naga Kotaru (skotaru) wrote:
    > Containers that use UDP (Layer 4) and do not go through the Openshift
    > networking layer can find other containers running in a Pod with a
    > Service defined. *Potential impact* to mutli-tenant boundaries.
    
    Can you explain what you mean? Especially the part about "and do not go
    through the OpenShift networking layer"?
    
    If by "can find other containers" you just mean "can find that certain
    IP addresses are in use by pods in other namespaces", then yes, that's
    true, but they can't actually communicate with them.
    
    -- Dan
    
    




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]