> if they were running on the same node, their src ip will be the nodes ip
Are you tring nodeport service? You can try to configure externalTrafficPolicy = Local, then it will perserve the source pod IP. 2018-01-30 16:00 GMT+08:00 Oğuz Yarımtepe <oguzyarimt...@gmail.com>: > I had tested NetworkPolicy issue. The problem is, even the pods are > isolated, if they were running on the same node, their src ip will be the > nodes ip. Isolating the worker nodes and defining vlans for each of them > and defining pods according to these tags is a solution but, my vlan number > is more than my worker node number. > > On Tue, Jan 30, 2018 at 10:09 AM, 'Tim Hockin' via Kubernetes user > discussion and Q&A <kubernetes-users@googlegroups.com> wrote: > >> Look into NetworkPolicy - it's not your traditional VLAN approach to >> ACL, it's more dynamic and application-focused. >> >> On Mon, Jan 29, 2018 at 10:27 PM, Oğuz Yarımtepe >> <oguzyarimt...@gmail.com> wrote: >> > My current k8s structure is 2 worker and one master node deployment. I >> am >> > testing it with NodePort services. Now we will install a bigger >> cluster, 3 >> > master and more worker nodes. The problem is, using NodePort is causing >> all >> > the services exit with the same worker node ips. But we need vlan >> > definitions and isolate services or pods. Our switch has ACLs related >> with >> > these vlans so, some can access eachother some can not. How can i define >> > this structure at K8s? >> > >> > Any tip? >> > >> > I know Calico can be used, but this will be a software based approach. >> Any >> > other method at network level? >> > >> > -- >> > You received this message because you are subscribed to the Google >> Groups >> > "Kubernetes user discussion and Q&A" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an >> > email to kubernetes-users+unsubscr...@googlegroups.com. >> > To post to this group, send email to kubernetes-users@googlegroups.com. >> > Visit this group at https://groups.google.com/group/kubernetes-users. >> > For more options, visit https://groups.google.com/d/optout. >> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Kubernetes user discussion and Q&A" group. >> To unsubscribe from this topic, visit https://groups.google.com/d/to >> pic/kubernetes-users/DJJGg50Wbyg/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> kubernetes-users+unsubscr...@googlegroups.com. >> To post to this group, send email to kubernetes-users@googlegroups.com. >> Visit this group at https://groups.google.com/group/kubernetes-users. >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Oğuz Yarımtepe > http://about.me/oguzy > > -- > You received this message because you are subscribed to the Google Groups > "Kubernetes user discussion and Q&A" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to kubernetes-users+unsubscr...@googlegroups.com. > To post to this group, send email to kubernetes-users@googlegroups.com. > Visit this group at https://groups.google.com/group/kubernetes-users. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
