Is network security / encryption provided by default in docker swarm mode?

半城伤御伤魂 提交于 2019-12-10 09:57:24

问题


In this document it says that:

Overlay networking for Docker Engine swarm mode comes secure out of the box. You can also encrypt data exchanged between containers on different nodes on the overlay network. To enable encryption, when you create an overlay network pass the --opt encrypted flag:

> $ docker network create --opt encrypted --driver overlay my-multi-host-network

So if all the containers are running on the my-multi-host-network is all the traffic between the containers encrypted automatically? In other words it's as if all the containers were running SSL and if rest is used to communicate from container A to container B, the REST request (Or requests via any other communication protocol - AMQP, etc) is encrypted?


回答1:


There are three networking planes in any orchestrator:

  • Management plane (the "brains")
  • Control plane (the "discovery")
  • Data plane (the "move-packets")

The first two are encrypted by default in Swarm, you don't need to do anything special. The data plane is not encrypted by default, for performance reasons. However, you can easily encrypt it, using the --opt encrypted option.

If you create an encrypted network, an IPSEC tunnel will be enabled for the data-plane. So yes, all communication between containers on that network will be encrypted.



来源:https://stackoverflow.com/questions/46119863/is-network-security-encryption-provided-by-default-in-docker-swarm-mode

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!