We started to migrate our infrastructure to AWS backed nodes. We linked our AWS account to Docker Cloud following the step of Using Docker Cloud on AWS, however the cluster deploys do not complete, they fail with a timeout after stuck in “Waiting for the agent to contact…”. We try to use strict network rules and only allow the bare minimum of connections to our backend to reduce security issues, in the Use the Docker Cloud Agent you mention that we have to open 6783, 2375 TCP and 6783 UDP port, so our network ACL contains the following rules:
104 Custom TCP Rule TCP (6) 6783 0.0.0.0/0 ALLOW
105 Custom UDP Rule UDP (17) 6783 0.0.0.0/0 ALLOW
106 Custom TCP Rule TCP (6) 2375 0.0.0.0/0 ALLOW
100 ALL TCP TCP (6) ALL 0.0.0.0/0 ALLOW
Custom TCP Rule TCP (6) 2375 0.0.0.0/0
Custom TCP Rule TCP (6) 6783 0.0.0.0/0
Custom UDP Rule UDP (17) 6783 0.0.0.0/0
ALL Traffic ALL ALL 0.0.0.0/0
If we open up the ACL and SG and make all ports are accessible from 0 to 65535 via TCP and UDP also the deploy finishes successfully. So we are suspecting that there are other ports which should be opened too.
Can you help us out with this problem?