Is there an easy way to restrict network access between services/containers which are not linked together but still use rancher managed network ? currently all of the containers can talk to each other which is not that secure for our use case.
I know I can mess around with IPTables on each host , but that’s not going to work well, when new services and containers are dropped and added and new IP’s assigned. Is there a way to manage it all automatically?
It should be possible to dynamically read the links from metadata and syncs that up with IPTables rules. Then you could run that as a global service (“run one container on each host”).