4

I have a cluster of kubernetes (3 VM in VMware server) working with a Flannel not routed network (10.0.0.1/24) and a "public" private IP with Nginx reverse proxy... 10.10.0.1/24. So, all domains points to 10.10.0.10 and I do internal redirect to the exposed service in 10.0.0.1/24.

The problem is that I have 2 DMZ... For security reasons, I dont wanna to have 2 interfaces (eth0, ehh1) with one DMZ each one... If some attacker hack my kubemaster, can jump from one DMZ to other.

I want to manage this like VMware server do... Passing Trunk with native vlan to a single port. There's some way to config a single interface (eth0) with trunk and native vlan, and use Contiv for expose kubernetes services in differents vlans directly?

Honestly I dont want to have one cluster for each vlan of services...

Thanks in advance!

JuliSmz
  • 996
  • 1
  • 12
  • 26

1 Answers1

1

This can be accomplished by configuring your Kubernetes nodes to be BGP neighbors of your router and then installing MetalLB and configuring it in BGP mode.

https://metallb.universe.tf

TJ Zimmerman
  • 3,100
  • 25
  • 39