0

We want to use docker swarm with Elasticsearch in containers. That is multiple instances of Elasticsearch in different Docker hosts that operate in a swarm.

However, we would like to use a large subnet and then restrict access between containers per container. Is this possible?

For example:

Host 1:                                        Host 2:
   192.168.1.10                                192.168.1.11
 - Elasticsearch-node1<----------------------->Elasticsearch-node2
   192.168.1.12                                192.168.1.13
 - Elasticsearch-node3<----------------------->Elasticsearch-node4

In the above example all containers utilize a 192.168.1.0/24 network but we want to limit access so that node1 can only communicate with node2 and not node3 or node4. How would we achieve this?

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
nillenilsson
  • 153
  • 1
  • 8

1 Answers1

0

You can achieve separation between services on the same overlay network by using Consul Connect, but that adds to the moving-parts count in your system.

What is the reason that you cannot put services into distinct overlay networks?

jpsecher
  • 111
  • 7