Can we span cluster nodes across 2 physical subnets?
Reason am asking was we have few data centers and each data center host internal and external apps. Node which hosting internal apps reside in a different subnet than external nodes. External nodes resides in a separate protected network,
As usual, internal nodes/subnet is more relaxed compare to protected network while talking to internal resources. External network need explicit ACL’s to open to connect same resources.
We were decided to install dedicated cluster installation per data center. The question remain is, can we use this single install to host both internal and external apps by using regions/zones and node selector feature. This way we can designated few nodes as internal and few as external similar to OSE 2.X node profile by separating nodes??
Will it create any issues due to SDN? SDN will be single network might be sharing by both internal and external apps but this SDN is private and am thinking don’t pose any security issues? If required we can still use VNDI option to further isolation project traffic by creating separate projects for internal and external apps??
We can install separate cluster installations for internal and external to get full clean isolation but it further complex and double multiple API end points along with per data center API end points.
Is my understanding correct or am missing anything in this whole picture?