[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OpensShift SDN



All of the support for this is in 1.1 except allowing each router to
have its own wildcard domain - once that's you can target regions with
different routers easily.

> On Jan 8, 2016, at 3:41 PM, Brenton Leanhardt <bleanhar redhat com> wrote:
>
> On Fri, Jan 8, 2016 at 3:17 PM, Diego Spinola Castro
> <spinolacastro gmail com> wrote:
>> What about routes,are the routers smart enough match services routes based
>> on a label?
>> Imagine having nodes spread across continents, the routing layer should
>> follow those rules ?
>
> We're working on router sharding right now actually:
>
> https://trello.com/c/DtPlixdb/49-8-router-sharding-traffic-ingress
>
> One feature of that card will allow you have a router in a namespace
> and assign it an label selector for it to monitor.
>
>>
>> 2016-01-08 17:03 GMT-03:00 Brenton Leanhardt <bleanhar redhat com>:
>>>
>>> On Fri, Jan 8, 2016 at 12:53 PM, Srinivas Naga Kotaru (skotaru)
>>> <skotaru cisco com> wrote:
>>>> Can we span cluster nodes across 2 physical subnets?
>>>>
>>>> Reason am asking was we have few data centers and each data center host
>>>> internal and external apps. Node which hosting internal apps reside in a
>>>> different subnet than external nodes. External nodes resides in a
>>>> separate
>>>> protected network,
>>>>
>>>> As usual, internal nodes/subnet is more relaxed compare to protected
>>>> network
>>>> while talking to internal resources. External network need explicit
>>>> ACL’s to
>>>> open to connect same resources.
>>>>
>>>> We were decided to install dedicated cluster installation per data
>>>> center.
>>>> The question remain is, can we use this single install to host both
>>>> internal
>>>> and external apps by using regions/zones and node selector feature.
>>>> This
>>>> way we can designated few nodes as internal and few as external similar
>>>> to
>>>> OSE 2.X node profile by separating nodes??
>>>
>>> The scheduler in 3.x is much more powerful than what could be done
>>> with node profiles out of the box in 2.x:
>>>
>>>
>>> https://docs.openshift.com/enterprise/3.1/admin_guide/scheduler.html#sample-policy-configurations
>>>
>>> You would likely want to use MatchNodeSelector.  In addition you'll
>>> likely find the affinity and anti-affinity support very useful for
>>> ensuring work is scheduled properly across availability zones.
>>>
>>>
>>>>
>>>> Will it create any issues due to SDN? SDN will be single network might
>>>> be
>>>> sharing by both internal and external apps but this SDN is private and
>>>> am
>>>> thinking don’t pose any security issues? If required we can still use
>>>> VNDI
>>>> option to further isolation project traffic by creating separate
>>>> projects
>>>> for internal and external apps??
>>>>
>>>> We can install separate cluster installations for internal and external
>>>> to
>>>> get full clean isolation but it further complex and double multiple API
>>>> end
>>>> points along with per data center API end points.
>>>>
>>>> Is my understanding correct or am missing anything in this whole
>>>> picture?
>>>>
>>>>
>>>> Srinivas Kotaru
>>>>
>>>> _______________________________________________
>>>> dev mailing list
>>>> dev lists openshift redhat com
>>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
>>>
>>> _______________________________________________
>>> dev mailing list
>>> dev lists openshift redhat com
>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
>
> _______________________________________________
> dev mailing list
> dev lists openshift redhat com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]