openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
enterprise-4.21
openshift-docs/modules/nw-cudn-about.adoc
JoeAldinger 694e8fca2c MNW-2: CQA 2.0
2026-01-13 13:25:40 +00:00

15 lines
1.4 KiB
Plaintext
Raw Permalink Blame History

// Module included in the following assemblies:
//
// * networking/multiple_networks/primary_networks/about-user-defined-networks.adoc
:_mod-docs-content-type: CONCEPT
[id="about-cudn_{context}"]
= About the ClusterUserDefinedNetwork CR
[role="_abstract"]
The `ClusterUserDefinedNetwork` (CUDN) custom resource (CR) provides cluster-scoped network segmentation in {product-title} and isolation for administrators only. Defining this resource ensures that network traffic is securely partitioned across the entire cluster.
The following diagram demonstrates how a cluster administrator can use the CUDN CR to create network isolation between tenants. This network configuration allows a network to span across many namespaces. In the diagram, network isolation is achieved through the creation of two user-defined networks, `udn-1` and `udn-2`. These networks are not connected and the `spec.namespaceSelector.matchLabels` field is used to select different namespaces. For example, `udn-1` configures and isolates communication for `namespace-1` and `namespace-2`, while `udn-2` configures and isolates communication for `namespace-3` and `namespace-4`. Isolated tenants (Tenants 1 and Tenants 2) are created by separating namespaces while also allowing pods in the same namespace to communicate.
.Tenant isolation using a ClusterUserDefinedNetwork CR
image::528-OpenShift-multitenant-0225.png[The tenant isolation concept in a user-defined network (UDN)]
View Git Blame Copy Permalink