how to seperate traffic in Rook
AFAIK ceph have 2 specific trafic path:
- Traffic between client and ceph nodes,
- Traffic between ceph nodes (Inter Ceph-node).
So, let say my network is like this
Note :
- Kube-node-4 is a kubernet worker that do not take part as rook node. Just a ceph-client
- Red, Green and blue line is a seperate ethernet network.
Can I do trafic seperation like this using Rook? Is there any documentation on how to do it?
Sincerely
-bino-
Check out the ceph docs, what you describe is the separation of public and cluster networks. Cluster network is used for OSD <--> OSD traffic only (replication of PGs) while the public network is for Ceph clients as well as the other Ceph daemons (MON, MGR, etc). I'm not familiar with rook but according to the guide you have to override the config, to get the current config map run:
kubectl -n rook-ceph get ConfigMap rook-config-override -o yaml
Enable the hostNetwork setting in the Ceph Cluster CRD configuration. For example,
network:
provider: host
and then
Define the subnets to use for public and private OSD networks. Edit the rook-config-override configmap to define the custom network configuration:
kubectl -n rook-ceph edit configmap rook-config-override
In the editor, add a custom configuration to instruct ceph which subnet is the public network and which subnet is the private network. For example:
apiVersion: v1
data:
config: |
[global]
public network = 10.0.7.0/24
cluster network = 10.0.10.0/24
public addr = ""
cluster addr = ""
After applying the updated rook-config-override configmap, it will be necessary to restart the OSDs by deleting the OSD pods in order to apply the change. Restart the OSD pods by deleting them, one at a time, and running ceph -s between each restart to ensure the cluster goes back to "active/clean" state.
- What will happen to evicted pods in kubernetes?
- Mongo DB deployment not working in kubernetes because processor doesn't have AVX support
- Flux not decrypting using SOPS
- Python Kubernetes Client: equivalent of kubectl api-resources --namespaced=false
- Not possible to use containers in Azure Pipelines self-hosted agents deployed as Azure K8s pods
- My kubernetes pods keep crashing with "CrashLoopBackOff" but I can't find any log
- GKE autoscaling
- how do I enable mount propagation in Rancher - Kubernetes feature gates?
- How to resolve unmet dependencies between containerd and runc?
- Shell (ssh) into Azure AKS (Kubernetes) cluster worker node
- How to enable Calico network policy on the existing AKS cluster
- Azure Kubernetes Service (AKS) uses Application Gateway Ingress Controller (AGIC) : How to implement HSTS header in ASP.Net Core 6.0?
- TLS Termination in K8S Gateway API (azure implementation) Resource?
- Any python client method available to get/set env variables of kubernetes deployment
- In Kubernetes, how can I scale a Deployment to zero when idle
- ClusterIssuer Failed to register ACME account: secret already exists
- kubectl - How to restart a deployment (or all deployment)
- Docker Desktop 1node Kubernetes Jenkins share docker.sock from host into agent docker container
- How can I get the prometheus metrics for informer watch operation latency?
- How do I get a certificate (public and private key) into a windows container in AKS?
- How to manage persistent connections in kubernetes
- Port 6443 connection refused when setting up kubernetes
- HashiCorp Vault 403 Permission Denied issue with Kubernetes Auth
- Argo Workflow always using default serviceaccount
- How to skip helm tests deployment in Grafana Tanka
- Unable to Copy data from POD to local using kubectl cp command
- Node had taints that the pod didn't tolerate error when deploying to Kubernetes cluster
- Should Health Checks call other App Health Checks
- AWS EKS External DNS keeps deleting and recreating records
- Helm installation command: connection reset by peer