Possibility to have granular control over service isolation

[ghost]

Hello Team,

In the isolation documentation, it is mentioned that "default receives the Virtual Network ID (VNID) 0; all other projects receive non-zero VNIDs." and then these non-zero VNIds cannot talk to each other. This provides us:

1. Service A defined in projectA will be accessible to all pods in projectA
2. Service A defined in project A will not be accessible to pods in projectB

Is there any way to configure such that:

1. Service A defined in projectA will be accessible only to certain pods in project A
2. Service A defined in project A can be made accessible to certain pods in project B without defining an external route?

Regards, Shilpa

[ivanthelad]

Shouldn't this requirement fall under the "Service Catalog" concept as it appears to me more related API management. See https://ci.openshift.redhat.com/roadmap_overview.html see "Service Catalog"

[ivanthelad]

Hi Shilpa, Did your move this item?

[rajatchopra]

Let's keep this issue open. Quite a bit of the service catalog work will be needed at the sdn plugin level.

[ghost]

Thanks @rajatchopra and good to know