We like all the concepts in rancher to deploy services in a total cloud centric way. However in a more traditional IT department the IPsec Overlay may causes some trouble here.
Is there a way to mange service/container with rancher based on a fixed network topology which the security team already has splitted in different zones (VLANS) which are all routable but have given security rules between them.
I would model this with different labels attached to hosts in a given department (VLAN) and only allow service to be deployed there. We also like to use the internal DNS discovery goodies ranher provides. But is there a way to avoid the additional IPSec tunnels and use the preexisting routed connectivity?
an intersting article about the network stuff in container networks is here at k8s:
With the arrival of k8s at rancher now it would be interesting to hear about the direction of
rancher in terms of networking CNI etc.