justJanne@startrek.websitetoSelfhosted@lemmy.world•PSA: Docker nukes your firewall rules and replaces them with its own.English
1·
6 months agoThere’s no alternative for 0.0.0.0 and a firewall if you’re e.g. using kubernetes.
There’s no alternative for 0.0.0.0 and a firewall if you’re e.g. using kubernetes.
That assumes you’re on some VPS with a hardware firewall in front.
Often enough you’re on a dedicated server that’s directly exposed to the internet, with those iptables rules being the only thing standing between your services and the internet.
Also note that even a dual boot system is leaky. A kernel level anticheat has enough power to do firmware upgrades on peripherals or the UEFI, so a badly behaving kernel level anticheat could easily take over your entire system in a way that can never be gotten rid of.
You need to be able to have multiple nodes in one LAN access ports on each others’ containers without exposing those to the world and without using additional firewalls in front of the nodes.
That’s why kubernetes ended up removing docker support and instead recommends podman or using containerd natively.