stackoom
  简体   繁体   中英

Multicast isolation in kubernetes

 原文  2018-03-17 18:23:39       kubernetes/ multicast

Question

How can I isolate multicast traffic in one namespace in kubernetes. Ingress policy didn't solve this, I can capture multicast traffic from different namespace.

1 answers

solution1
 2 ACCPTED  2018-03-17 22:16:38

Usually, you can use Network Policy to manage it.

Looks like now the only one Network Provider with a support of Network Policy has the support of multicast - Weave.

But, based on its documentation , it is not possible to manage multicast rules:

As of version 1.9 of Weave Net, the Network Policy Controller allows all multicast traffic. Since a single multicast address may be used by multiple pods, we cannot implement rules to isolate them individually. You can turn this behaviour off (block all multicast traffic) by adding --allow-mcast=false as an argument to weave-npc in the YAML configuration.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Multicast traffic to Kubernetes Kubernetes: pods network isolation Kubernetes. namespaces isolation Tenant isolation with Kubernetes on networking level Network of ActiveMQ brokers using Multicast inside Kubernetes Non-invasive UDP Multicast on Kubernetes kubernetes: intra-cluster isolation of applications Isolation between kubernetes.admission policies in OPA Azure Kubernetes - RBAC role for namespace isolation multicast udp packets to all kubernetes pods on different nodes
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM