Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not expose control plane nodes to tenants in a workload cluster #304

Open
jaymzmac opened this issue Oct 18, 2022 · 0 comments
Open

Do not expose control plane nodes to tenants in a workload cluster #304

jaymzmac opened this issue Oct 18, 2022 · 0 comments
Labels
enhancement New feature or request

Comments

@jaymzmac
Copy link

Is your feature request related to a problem? Please describe.

Cloud providers typically do not expose the Control Plane nodes to their customers in their Managed Kubernetes solutions. The customer will typically only see the Worker nodes in their cluster.

This enhances security and also reduces the risk that the tenant can negatively impact the health of the Kubernetes cluster which is very important for Cloud Providers offering uptime SLA for CAPVCD clusters.

Describe the solution you'd like

Have an option of deploying the control plane nodes in a different OrgVDC where the tenant does not have any access, and do not register the control plane nodes with the API server.

In this scenario, when the customer runs kubectl get nodes, they only see the worker nodes. And when they log in to the Cloud Director UI, they only see the VMs relating to the worker nodes.

Describe alternatives you've considered

No response

Additional context

No response
@jaymzmac jaymzmac added the enhancement New feature or request label Oct 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jaymzmac