I’m using Docker for Azure as explained on the following page :
It works great. As explained, when a swarm service exposes a port, that port is automatically added as a load balancing rule on the external load balancer so that it is accessible from the internet.
This is great, but we have a number of services where we would like to expose a port on the host, but not on the internet. (We expose the port for convenience purposes, allowing us to ssh into the host and interact with the service). For these “internal” services, we don’t necessarily want to expose it on the internet.
I noticed that the “editions_controller” container is responsible for associating the exposed ports onto the external load balancer. If I stop that container the automatic port registration no longer happens and I can setup my own inbound rules using the azure CLI.
Is that the way to go or is there another way to configure docker for azure so that the load balancer doesn’t auto-register exposed ports, giving you more fine-grained control over what you want to see exposed via the external load balancer.
Is it for example possible to expose the ports on an internal load balancer, and have a separate external load balancer that you manage yourself ?