I want to be able to deploy an ACI container group but I want none of the containers in the group to be able to communicate with one another. According to the documentation, containers can communicate on any port even if it's not exposed. Is there a way to lock down all containers within a group?
Asked
Active
Viewed 81 times
0
-
Why do you want to do this through ACI? Do you mind prefer other services? – Charles Xu Mar 16 '20 at 02:13
-
For security purposes. Untrusted execution and cost savings – Ryan Mar 16 '20 at 02:22
-
Any more questions? Does it solve your problem? If it works for you please accept it as the answer. – Charles Xu Mar 24 '20 at 01:49
1 Answers
0
For your requirements, I don't think there is an appropriate way to achieve it through the ACI. Maybe you can install the firewall in the image and use it. But it's not good and it will make the image bigger.
I recommend you take a try to the AKS, it has the network policy between the pods. And you can deploy the images with only one container for each of them. You can get more details from the Network policies of the AKS.
Charles Xu
- 29,862
- 2
- 22
- 39