ptyork
Dabbler
- Joined
- Jun 23, 2021
- Messages
- 32
I'm experimenting with network segmentation and isolation. I currently have one physical interface (ens18), a bridge containing only that interface (br0) with a primary IP and an alias IP (lets call primary:10.0.0.10 and alias:10.0.0.11) as well as a VLAN (call it 10.30.30.30). Couple of questions.
1) Maybe a bug. Maybe a feature. But the list to restrict the bound IP addresses for the GUI, NFS and Kubernetes only show 10.0.0.10 and 10.0.0.11, but not 10.30.30.30. However, all three IP address options are shown for SMB. And at least for the GUI, I can select the 0.0.0.0 wildcard and have the GUI available on 10.30.30.30, but I can't restrict it to, say ONLY the 10.0.0.10 and 10.30.30.30. I assume the same applies to NFS and the Kubernetes Node IP, but I've not tested it.
2) Are there any strategies for getting greater flexibility/granularity with this? Maybe I want to be more restrictive with some SMB shares than with others. Or say I want Plex to be available on 10.30.30.30 and 10.0.0.10, but have all other apps restricted to just 10.0.0.10? And perhaps to have Traefik listening on all three? I know this kind of thing is possible using docker (creating multiple networks and assigning containers to one or more of them), but I don't even know if it is possible in the Kubernetes world, much less if there's a best practice for it on TNS. Any thoughts?
Thanks!
1) Maybe a bug. Maybe a feature. But the list to restrict the bound IP addresses for the GUI, NFS and Kubernetes only show 10.0.0.10 and 10.0.0.11, but not 10.30.30.30. However, all three IP address options are shown for SMB. And at least for the GUI, I can select the 0.0.0.0 wildcard and have the GUI available on 10.30.30.30, but I can't restrict it to, say ONLY the 10.0.0.10 and 10.30.30.30. I assume the same applies to NFS and the Kubernetes Node IP, but I've not tested it.
2) Are there any strategies for getting greater flexibility/granularity with this? Maybe I want to be more restrictive with some SMB shares than with others. Or say I want Plex to be available on 10.30.30.30 and 10.0.0.10, but have all other apps restricted to just 10.0.0.10? And perhaps to have Traefik listening on all three? I know this kind of thing is possible using docker (creating multiple networks and assigning containers to one or more of them), but I don't even know if it is possible in the Kubernetes world, much less if there's a best practice for it on TNS. Any thoughts?
Thanks!