chrisd
Cadet
Cadet
  • 612 Views

End-point protection on Openshift

What do you use for end-point protection on the nodes in your openshift environments?

Labels (1)
0 Kudos
1 Reply
Ricardo
Flight Engineer Flight Engineer
Flight Engineer
  • 604 Views

Re: End-point protection on Openshift

It depends. 

No endpoint is exposed to the outer world automaticaly. You need to explicity create a route for that. 

Inside the cloud, you have 3 configurations:

  1. ovs-subnet: no restriction. Everyone talks to everyone inside the cloud
  2. ovs-multitenant: communication restricted to the project (namespace). It allows outgoing trafic from the pods, but incomming, is restricted to the same project. 
  3. ovs-networkpolicy: allows a fine grained communication, where you can specify who can talk to whom, inclusive limiting port communication. 

https://docs.openshift.com/container-platform/3.11/install_config/configuring_sdn.html

Reply
Loading...
Join the discussion
You must log in to join this conversation.