#Secured K8S/Trident Environment

1 messages · Page 1 of 1 (latest)

slate gyro Feb 27, 2025, 11:55 AM

We would like to implement trident with ISCSI support.
I have created SVM for trident only and would like to know what the best way is to secure the endpoint access.
I can ask the network department to provide me two options to my LIF configuration - Layer 2 without any routing / firewall or ask the security/network department to use layer 3 with routing ?

mint tapir Feb 27, 2025, 12:34 PM

if possible go for Layer 2 because that way you can at least be sure that nobody outside your "k8s storage network" can access the SVM. however, as soon as someone has access to a container, possibly even as root, they can still access the SVM IPs, no matter if via L2 or L3. Security is not inherently different between L2 and L3 networks