openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
enterprise-4.21
openshift-docs/modules/nw-udn-about.adoc
JoeAldinger 694e8fca2c MNW-2: CQA 2.0
2026-01-13 13:25:40 +00:00

15 lines
1.3 KiB
Plaintext
Raw Permalink Blame History

// Module included in the following assemblies:
//
// * networking/multiple_networks/primary_networks/about-user-defined-networks.adoc
:_mod-docs-content-type: CONCEPT
[id="about-udn_{context}"]
= About the UserDefinedNetwork CR
[role="_abstract"]
To create advanced network segmentation and isolation, users and administrators create `UserDefinedNetwork` (UDN) custom resource (CR)s. UDNs provide granular control over network traffic within specific namespaces.
The following diagram shows four cluster namespaces, where each namespace has a single assigned user-defined network (UDN), and each UDN has an assigned custom subnet for its pod IP allocations. The OVN-Kubernetes handles any overlapping UDN subnets. Without using the Kubernetes network policy, a pod attached to a UDN can communicate with other pods in that UDN. By default, these pods are isolated from communicating with pods that exist in other UDNs. For microsegmentation, you can apply network policy within a UDN. You can assign one or more UDNs to a namespace, with a limitation of only one primary UDN to a namespace, and one or more namespaces to a UDN.
.Namespace isolation using a UserDefinedNetwork CR
image::527-OpenShift-UDN-isolation-012025.png[The namespace isolation concept in a user-defined network (UDN)]
View Git Blame Copy Permalink