OpenSshift's Project based isolation support
The usual networking in OpenShift clusters is for projects to be isolating communication. Under this project based isolation there are a few rules:
* default namespace can talk to any pod/svc in any other namespace belonging to any project
* pods in any namespace belonging to any project can talk to pods/svcs in the default namespace
* pods in non default namespace can't talk to pods/svcs in other non defaults namespaces but their own.
Blueprint information
- Status:
- Complete
- Approver:
- Antoni Segura Puimedon
- Priority:
- High
- Drafter:
- Antoni Segura Puimedon
- Direction:
- Approved
- Assignee:
- Luis Tomas Bolivar
- Definition:
- Approved
- Series goal:
- None
- Implementation:
- Implemented
- Milestone target:
- None
- Started by
- Antoni Segura Puimedon
- Completed by
- Michal Dulko
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
[WIP] Ensure isolation between namespaces
Gerrit topic: https:/
Addressed by: https:/
Ensure OpenShift gate uses the namespace subnet/sg drivers
Gerrit topic: https:/
Addressed by: https:/
Add namespace isolation for services
Gerrit topic: https:/
Addressed by: https:/
Set namespace security group driver for namespace gate
Gerrit topic: https:/
Gerrit topic: https:/
Addressed by: https:/
Ensure delete_
Gerrit topic: https:/