Feature Overview

Validate architecture with Hosted Control Planes for a control plane isolation provided by:

• Dedicated VMs to specific clusters (VM-based control plane isolation vs container-based).
• Hosted cluster isolation from clusters sharing the same management cluster for their control planes (cluster-to-cluster isolation). For example, can we configure different VLANs for each hosted cluster? or non-routed separate L2 networks?
• Assign IPs for API/Ingress for each hosted control in their own subnets/VLANs.

Document this architecture as a use case of the "shared-nothing]" based in VMs.

Goals

Show the multiple levels of isolation that OpenShift Hosted Control Plane provides to help in conversations with security concerned customers. There are instances of policies such as the ANSSI Security Recommendations where customers and partners need to achieve the highest level of security and where container-based isolation is seen below VM-based isolation or isolation at the physical level when it comes to hosting multiple tenants in the same infrastructure.