I had tested NetworkPolicy issue. The problem is, even the pods are isolated, if they were running on the same node, their src ip will be the nodes ip. Isolating the worker nodes and defining vlans for each of them and defining pods according to these tags is a solution but, my vlan number is more than my worker node number.
On Tue, Jan 30, 2018 at 10:09 AM, 'Tim Hockin' via Kubernetes user discussion and Q&A <kubernetes-users@googlegroups.com> wrote: > Look into NetworkPolicy - it's not your traditional VLAN approach to > ACL, it's more dynamic and application-focused. > > On Mon, Jan 29, 2018 at 10:27 PM, Oğuz Yarımtepe > <oguzyarimt...@gmail.com> wrote: > > My current k8s structure is 2 worker and one master node deployment. I am > > testing it with NodePort services. Now we will install a bigger cluster, > 3 > > master and more worker nodes. The problem is, using NodePort is causing > all > > the services exit with the same worker node ips. But we need vlan > > definitions and isolate services or pods. Our switch has ACLs related > with > > these vlans so, some can access eachother some can not. How can i define > > this structure at K8s? > > > > Any tip? > > > > I know Calico can be used, but this will be a software based approach. > Any > > other method at network level? > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Kubernetes user discussion and Q&A" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to kubernetes-users+unsubscr...@googlegroups.com. > > To post to this group, send email to kubernetes-users@googlegroups.com. > > Visit this group at https://groups.google.com/group/kubernetes-users. > > For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Kubernetes user discussion and Q&A" group. > To unsubscribe from this topic, visit https://groups.google.com/d/ > topic/kubernetes-users/DJJGg50Wbyg/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > kubernetes-users+unsubscr...@googlegroups.com. > To post to this group, send email to kubernetes-users@googlegroups.com. > Visit this group at https://groups.google.com/group/kubernetes-users. > For more options, visit https://groups.google.com/d/optout. > -- Oğuz Yarımtepe http://about.me/oguzy -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
