Docker Community Forums

Share and learn in the Docker community.

Overlay networks and isolation with swarm mode in 1.12


(Mschirrmeister) #1

In the old Docker/Swarm we created overlay networks that the containers for a specific app/service are isolated and could not reach containers from other apps/services.

In Docker 1.12 swarm mode it seems like this is no longer possible.
If I create a service put in a overlay network lets say “mynet” and expose a port, the service gets also added to the “ingress” overlay network. If I understand it correct this ingress overlay network (10.255.0.0/16) is used for the load balancing.
All containers in the swarm cluster that have exposed ports via the service can reach each other via this ip from the ingress network.

So, does it mean if I create services and publish ports where the ingress network is used for load balancing, then it does not make sense to assign them also another overlay network?
And does it also mean the isolation of containers is gone when using the load balancing feature (ingress overlay network) in docker 1.12?

Thanks
Marco