Date
1 - 2 of 2
Understanding the external network access in Diego
|
James Bayer
this setting is because we assume multi-tenant installations. it is
toggle quoted message
Show quoted text
strongly recommended that operators should have their cf configurations and application security group configurations setup to only allow outbound connectivity from in containers to other containers by going through the cf load balancer and not be directly connecting to other cell host/port mappings of application instances. On Thu, May 14, 2015 at 1:52 AM, Lev Berman <lev.berman(a)altoros.com> wrote:
Hello, everyone! --
Thank you, James Bayer |
|
|
|
Lev Berman <lev.berman@...>
Hello, everyone!
I have a Diego application. From the app's Garden container I can access the Internet and establish connections with tcp services running on other VMs but I can't connect to a tcp service running on the same VM until I allow the container to access external networks via the Garden API - https://github.com/cloudfoundry-incubator/garden/blob/master/doc/garden-api.md#allow-a-container-to-access-external-networks-and-ports. Also, I've created CF security groups to allow tcp traffic for all VMs I am trying to connect to. My questions are is this an expected functionality and what is the idea of the "allow the container to access external networks" API call since it only affects access to the same VM? Thanks! -- Lev Berman Altoros - Cloud Foundry deployment, training and integration Github *: https://github.com/ldmberman <https://github.com/ldmberman>* |
|
|