Hi,
I am going to lose my mind ^^
The plan is to separate networks from north to south : front/app/data and to bind all containers on each network with those characteristics (this is an individual docker host) :
#front
docker network create --driver=bridge --attachable -o=“com.docker.network.bridge.enable_icc=false” -o=“com.docker.network.bridge.enable_ip_masquerade=true” -o “com.docker.network.bridge.host_binding_ipv4”=“DOCKER_HOST_PUB_IP” front.public
#app
docker network create --driver=bridge –internal --attachable -o=“com.docker.network.bridge.enable_icc=false” -o="com.docker.network.bridge.enable_ip_masquerade=false app.internal
#data
docker network create --internal --attachable --driver=bridge -o=“com.docker.network.bridge.enable_ip_masquerade=false” back.internal
If ICC disabled and service and data bridge network internal, how containers can use a service from the front network inside his containerized system ? For instance :
- contA is a secure code scanning
- contB is jenkins
- contB wants to use contA through the host ip mapping (published port) on the front interface
In addition, how containers contA can communicate with contB and contB with contC, if icc is not used, and same, app and data still internal ?
- contA is a web server on front network
- contB is a tomcat on app network
- contC is a database on data network
Appreciate any help ^^ tell if it’s not really clear…
Thanks