|
|
|
|
|
|
by qbasic_forever
1260 days ago
|
|
|
Docker's network 'isolation' isn't as bulletproof as you imagine, especially if you're on Linux. From your host machine you can access every single service IP directly which is sometimes unexpected as you might assume it's firewalled off. I'm pretty sure long ago docker used to warn folks their network isolation isn't to be used in any production security sense, it's strictly for developer convenience. If the config is uneweildly you could just throw everything into one default network, as it's still just as secure as that when you're defining individual networks (i.e. neither is super secure). |
|
|
Then again, I use openvpn and had to deal with network routing tables.