[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OpensShift SDN



On Fri, Jan 8, 2016 at 12:53 PM, Srinivas Naga Kotaru (skotaru)
<skotaru cisco com> wrote:
> Can we span cluster nodes across 2 physical subnets?
>
> Reason am asking was we have few data centers and each data center host
> internal and external apps. Node which hosting internal apps reside in a
> different subnet than external nodes. External nodes resides in a separate
> protected network,
>
> As usual, internal nodes/subnet is more relaxed compare to protected network
> while talking to internal resources. External network need explicit ACL’s to
> open to connect same resources.
>
> We were decided to install dedicated cluster installation per data center.
> The question remain is, can we use this single install to host both internal
> and external apps by using regions/zones and node selector feature.  This
> way we can designated few nodes as internal and few as external similar to
> OSE 2.X node profile by separating nodes??

The scheduler in 3.x is much more powerful than what could be done
with node profiles out of the box in 2.x:

https://docs.openshift.com/enterprise/3.1/admin_guide/scheduler.html#sample-policy-configurations

You would likely want to use MatchNodeSelector.  In addition you'll
likely find the affinity and anti-affinity support very useful for
ensuring work is scheduled properly across availability zones.


>
> Will it create any issues due to SDN? SDN will be single network might be
> sharing by both internal and external apps but this SDN is private and am
> thinking don’t pose any security issues? If required we can still use VNDI
> option to further isolation project traffic by creating separate projects
> for internal and external apps??
>
> We can install separate cluster installations for internal and external to
> get full clean isolation but it further complex and double multiple API end
> points along with per data center API end points.
>
> Is my understanding correct or am missing anything in this whole picture?
>
>
> Srinivas Kotaru
>
> _______________________________________________
> dev mailing list
> dev lists openshift redhat com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]