K
Q

Kubernetes and Vlans overlay network (L2)

12/18/2017

I have a cluster of kubernetes (3 VM in VMware server) working with a Flannel not routed network (10.0.0.1/24) and a "public" private IP with Nginx reverse proxy... 10.10.0.1/24. So, all domains points to 10.10.0.10 and I do internal redirect to the exposed service in 10.0.0.1/24.

The problem is that I have 2 DMZ... For security reasons, I dont wanna to have 2 interfaces (eth0, ehh1) with one DMZ each one... If some attacker hack my kubemaster, can jump from one DMZ to other.

I want to manage this like VMware server do... Passing Trunk with native vlan to a single port. There's some way to config a single interface (eth0) with trunk and native vlan, and use Contiv for expose kubernetes services in differents vlans directly?

Honestly I dont want to have one cluster for each vlan of services...

Thanks in advance!

-- JuliSmz
docker
flannel
kubernetes
networking
vmware

Similar Questions

kubernetes RBAC DENY not preventing access
Timeout connecting to AKS cluster
Google cloud CDN and asset fingerprinting with rolling deployments
Kubernetes & Garbage collector: trying to remove used images

1 Answer

3/25/2019

This can be accomplished by configuring your Kubernetes nodes to be BGP neighbors of your router and then installing MetalLB and configuring it in BGP mode.

https://metallb.universe.tf

-- TJ Zimmerman
Source: StackOverflow