K
Q

Kubernetes - Multi-tenant Networking plugin

6/6/2019

I was working on Kubernetes to implement Multi-tenant network scenario which requires tenant isolation.

Consider tenant is a namespace, I wanted to isolate each namespace with a different network so that the pods in the namespaces should not talk to each other without allowing network policies. I have deployed Contiv as a solution, Contiv work well with my requirement but, tenant to tenant communication is not possible with Contiv.

My requirement:

  1. Each Namespace (tenant) should have their own network segments.

    Eg: Namespace(N1) should have IPs from 10.1.2.0/24 segment and Namespace (N2) should have IPs from 10.1.3.0/24 segment.

  2. Namespace (tenant) should be isolated using network segments.

    Eg: Pod (P1) in the Namespace (N1) should not able to talk to Pod (P2) in the Namespace (N2) without the specific network policy to allow the communication in place.

  3. Tenant to Tenant communication should be allowed/deny using Kind: NetworkPolicy

  4. Should be able to create multiple network segment in the same tenant

    Eg: Namespace (N1) can have multiple IP segments like,

    Namespace (N1) Network1 = 10.1.2.0/24

Namespace (N2) Network2 = 10.2.2.0/24

Any suggestion?

-- rolz
kubernetes
multi-tenant
namespaces
networking
pod

Similar Questions

ERROR minimum kernel version required for CoreDNS is 4.14.35 (UEKR5)
Why is my persistent disk failing to mount to my pod?
Reduce wait-time for kubectl scale
Kubernetes ingress-nginx gives 502 error (Bad Gateway)
Kubernetes pods cannot communicate internally
How do i setup/enable all the required plugins for kibana on kubernetes?

0 Answers