[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OpensShift SDN



On Fri, Jan 15, 2016 at 9:35 AM, Dan Winship <danw redhat com> wrote:
> On 01/14/2016 05:54 PM, Srinivas Naga Kotaru (skotaru) wrote:
>> Dan
>>
>> One question
>>
>> Masters also using same port for VXLAN communication with nodes
>> right? If we block the port from internal and external subnets
>> but if we put masters in internal network, they won’t be abel to
>> talk to external nodes or vise verse right?
>
> The VXLAN is only used for communication with *pods*. So in that
> situation, the master wouldn't directly be able to reach pods on
> external nodes, but that may or may not be a problem. (There is some
> reason that we make the master also be a node by default, which has
> something to do with some tool which wants to have access to the pods,
> but I don't remember what that is.)

If the Master's can't reach Pods then the Web Console integration with
java Pods (via jolokia) won't work.

>
> Master<->Node communication (eg, to launch new pods, etc) happens by the
> nodes connecting to port 8443 on the master, so wherever the master is,
> both kinds of nodes need to be able to reach that port.
>
>> One solution could be put masters in another subnet and control
>> access between master, internal and external subnets. Any other
>> better approach without doing this?
>
> Sure. Or just have some firewall holes specific to the master.
>
> -- Dan
>
> _______________________________________________
> dev mailing list
> dev lists openshift redhat com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]