Able to see Ceph Mounts IP's using df-hT


Sorry if this topic has been already discussed. As the topic header says, i am able to see my ceph mount points IP’s within my container when I bind a folder in a ceph mounted location to the container.

Filesystem                                                                                        Type   Size  Used Avail Use% Mounted on
/dev/mapper/docker-252:0-5505040-173ec3f85ad1b1f2aabb93addd1c3f3fc2f8d2b5fb0ea8b9242e306b47ddd671 xfs     50G  1.5G   49G   3% /
tmpfs                                                                                             tmpfs  3.9G     0  3.9G   0% /dev
tmpfs                                                                                             tmpfs  3.9G     0  3.9G   0% /sys/fs/cgroup,172.yy.yy.yyy:6789,172.zz.zz.zzz:6789:/                                        ceph   750G  119G  631G  16% /home/workspace
/dev/mapper/vg000-mysqlvol                                                                        ext4   247G   17G  228G   7% /etc/hosts
shm                                                                                               tmpfs   64M  4.0K   64M   1% /dev/shm
tmpfs                                                                                             tmpfs  3.9G     0  3.9G   0% /sys/firmware

Here df -hT exposes that I am using ceph at backend and their IP’s and also it is getting executed in docker.

I do understand, that it is normal for a docker container to see the mount information like /dev/sda… but this causes ip to be exposed and it may cause security issues while the IP is exposed.

I can set a rule to block the access except a known IP’s, but still, exposing the IP kind of bugs me. Is there a way to mask the mount IP with the container.