[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OpensShift SDN



On Fri, Jan 8, 2016 at 3:17 PM, Diego Spinola Castro
<spinolacastro gmail com> wrote:
> What about routes,are the routers smart enough match services routes based
> on a label?
> Imagine having nodes spread across continents, the routing layer should
> follow those rules ?

We're working on router sharding right now actually:

https://trello.com/c/DtPlixdb/49-8-router-sharding-traffic-ingress

One feature of that card will allow you have a router in a namespace
and assign it an label selector for it to monitor.

>
> 2016-01-08 17:03 GMT-03:00 Brenton Leanhardt <bleanhar redhat com>:
>>
>> On Fri, Jan 8, 2016 at 12:53 PM, Srinivas Naga Kotaru (skotaru)
>> <skotaru cisco com> wrote:
>> > Can we span cluster nodes across 2 physical subnets?
>> >
>> > Reason am asking was we have few data centers and each data center host
>> > internal and external apps. Node which hosting internal apps reside in a
>> > different subnet than external nodes. External nodes resides in a
>> > separate
>> > protected network,
>> >
>> > As usual, internal nodes/subnet is more relaxed compare to protected
>> > network
>> > while talking to internal resources. External network need explicit
>> > ACL’s to
>> > open to connect same resources.
>> >
>> > We were decided to install dedicated cluster installation per data
>> > center.
>> > The question remain is, can we use this single install to host both
>> > internal
>> > and external apps by using regions/zones and node selector feature.
>> > This
>> > way we can designated few nodes as internal and few as external similar
>> > to
>> > OSE 2.X node profile by separating nodes??
>>
>> The scheduler in 3.x is much more powerful than what could be done
>> with node profiles out of the box in 2.x:
>>
>>
>> https://docs.openshift.com/enterprise/3.1/admin_guide/scheduler.html#sample-policy-configurations
>>
>> You would likely want to use MatchNodeSelector.  In addition you'll
>> likely find the affinity and anti-affinity support very useful for
>> ensuring work is scheduled properly across availability zones.
>>
>>
>> >
>> > Will it create any issues due to SDN? SDN will be single network might
>> > be
>> > sharing by both internal and external apps but this SDN is private and
>> > am
>> > thinking don’t pose any security issues? If required we can still use
>> > VNDI
>> > option to further isolation project traffic by creating separate
>> > projects
>> > for internal and external apps??
>> >
>> > We can install separate cluster installations for internal and external
>> > to
>> > get full clean isolation but it further complex and double multiple API
>> > end
>> > points along with per data center API end points.
>> >
>> > Is my understanding correct or am missing anything in this whole
>> > picture?
>> >
>> >
>> > Srinivas Kotaru
>> >
>> > _______________________________________________
>> > dev mailing list
>> > dev lists openshift redhat com
>> > http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
>> >
>>
>> _______________________________________________
>> dev mailing list
>> dev lists openshift redhat com
>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
>
>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]