OpenSshift's Project based isolation support

Registered by Antoni Segura Puimedon on 2018-07-03

The usual networking in OpenShift clusters is for projects to be isolating communication. Under this project based isolation there are a few rules:

* default namespace can talk to any pod/svc in any other namespace belonging to any project
* pods in any namespace belonging to any project can talk to pods/svcs in the default namespace
* pods in non default namespace can't talk to pods/svcs in other non defaults namespaces but their own.

Blueprint information

Status:
Started
Approver:
Antoni Segura Puimedon
Priority:
High
Drafter:
Antoni Segura Puimedon
Direction:
Approved
Assignee:
Luis Tomas Bolivar
Definition:
Approved
Series goal:
None
Implementation:
Started
Milestone target:
None
Started by
Antoni Segura Puimedon on 2018-07-03

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:subnet-isolation,n,z

Addressed by: https://review.openstack.org/579181
    [WIP] Ensure isolation between namespaces

Gerrit topic: https://review.openstack.org/#q,topic:bp/openshift-project-isolation-support,n,z

Addressed by: https://review.openstack.org/580680
    Ensure OpenShift gate uses the namespace subnet/sg drivers

Gerrit topic: https://review.openstack.org/#q,topic:namespace-project,n,z

Addressed by: https://review.openstack.org/581421
    Add namespace isolation for services

Gerrit topic: https://review.openstack.org/#q,topic:bug/1785035,n,z

Addressed by: https://review.openstack.org/588487
    Set namespace security group driver for namespace gate

Gerrit topic: https://review.openstack.org/#q,topic:fix-openshift-gates,n,z

Gerrit topic: https://review.openstack.org/#q,topic:bug/1786447,n,z

Addressed by: https://review.openstack.org/590739
    Ensure delete_network_pools include all the ports

Gerrit topic: https://review.openstack.org/#q,topic:bug/1787951,n,z

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.