I want to achieve the below setup:
The idea is that some containers can talk with each other as usual but they would not have any ability to access the Internet. At the same time though, some other containers would be able to both a) access the Internet and b) be able to communicate with their unpriviledged cousins somehow (either via Unix sockets or TCP/IP).
Is this possible with Rancher?
Edit - The “no Internet” restriction must be enforced outside on the container. So, blocking Internet from within the container itself is not useful (the assumption is that the container is untrusted).