Connecting Multiple OpenShift SDNs with a Network Tunnel

Connecting Multiple OpenShift SDNs with a Network Tunnel

Introduction Istio, the upstream project for Red Hat OpenShift Mesh, has an interesting feature that allows you to extend the service mesh across multiple OpenShift clusters. The main requirement to implement this feature is that the IPs of the pods of the clusters that comprise the service mesh are all routable between each other. That […]

Read More...

An Open Source Load Balancer for OpenShift

An Open Source Load Balancer for OpenShift

Introduction A highly-available deployment of OpenShift needs at least two load balancers: One to load balance the control plane (the master API endpoints) and one for the data plane (the application routers). In most on-premise deployments, we use appliance-based load balancers (such as F5 or Netscaler). The architecture looks like the following: In this architecture, […]

Read More...

OpenShift and Network Security Zones: Coexistence Approaches

OpenShift and Network Security Zones: Coexistence Approaches

Introduction Kubernetes and consequently OpenShift adopt a flat Software Defined Network (SDN) model, which means that all pods in the SDN are in the same logical network. Traditional network implementations adopt a zoning model in which different networks or zones are dedicated to specific purposes, with very strict communication rules between each zone. When implementing […]

Read More...

NetworkPolicies and Microsegmentation

NetworkPolicies and Microsegmentation

Introduction Kubernetes introduced NetworkPolicies in 1.6 and in OpenShift this feature was made GA in 3.7. Microsegmentation is the idea of protecting each host with host-specific firewall rules. In this blog post, we will examine approaches for using NetworkPolicies to implement microsegmentation. NetworkPolicy SDN OpenShift installation requires you to choose the SDN implementation that is […]

Read More...