Query about RBAC for subnets
Rodolfo Alonso Hernandez
ralonsoh at redhat.com
Mon Apr 24 13:38:08 UTC 2023
Hello Aditya:
This is not possible in Neutron. If you want to segregate the traffic, what
I recommend is to create a network per service and each network with the
corresponding subnet. Each external network will be the GW of a router. Any
VM that needs to have access to any service (external network) can create
an internal network and connect it to the corresponding router.
Regards.
On Mon, Apr 24, 2023 at 3:17 PM Aditya Sathish <saditya at vt.edu> wrote:
> Hello,
>
> We currently have an external network that is being interfaced from the
> physical interface of the compute server to an L3 switch with different
> subnets to different services. These services (and, by extension, the
> subnets) must be accessed and controlled by the operator to allow a project
> only a subset of these services. RBAC can only set rules for the network as
> a whole. Can this network be made external but only share a few subnets
> with each project?
>
> If not the RBAC way, is there another alternative to achieve the same?
>
> Regards,
> Aditya
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230424/b0635a04/attachment.htm>
More information about the openstack-discuss
mailing list