justJanne@startrek.websitetoSelfhosted@lemmy.world•PSA: Docker nukes your firewall rules and replaces them with its own.English
1·
10 months agoThere’s no alternative for 0.0.0.0 and a firewall if you’re e.g. using kubernetes.
There’s no alternative for 0.0.0.0 and a firewall if you’re e.g. using kubernetes.
That assumes you’re on some VPS with a hardware firewall in front.
Often enough you’re on a dedicated server that’s directly exposed to the internet, with those iptables rules being the only thing standing between your services and the internet.
You need to be able to have multiple nodes in one LAN access ports on each others’ containers without exposing those to the world and without using additional firewalls in front of the nodes.
That’s why kubernetes ended up removing docker support and instead recommends podman or using containerd natively.