I’m giving a try to Consul Connect and it works great. The thing I’m currently not able to figure out is how to avoid “east-west” traffic on the specific host, especially in the case of Docker containers.
Is there some documentation about best practices ?
here’s a few things I tried :
use host network for the container and run its proxy from the host
– result : every container seems to be able to use the proxy of one another by sending requests on the right port
use separate bridge networks and bind each proxy (still on host) on the specific interface
– result : if a container is able to figure out the IP of the other network bridge, the traffic is routed to host, then following the host’s routing table, ends on the other interface and traffic is forwarded to the proxy
use the default bridge network for containers then run each proxy (as a container this time) in the container’s network (–network=container:my_container_name) then bind the client to both the host’s lo and to the docker bridge IP
– result : it kind of work to protect outgoing traffic but if I do the same thing for the destination service, I’m unable to reach it…