在docker swarm模式下默认情况下是否提供网络安全性/加密? [英] Is network security / encryption provided by default in docker swarm mode?
问题描述
Docker Engine群模式的叠加网络开箱即用.您还可以加密覆盖网络上不同节点上的容器之间交换的数据.要启用加密,请在创建覆盖网络时传递--opt加密标志:
Overlay networking for Docker Engine swarm mode comes secure out of the box. You can also encrypt data exchanged between containers on different nodes on the overlay network. To enable encryption, when you create an overlay network pass the --opt encrypted flag:
> $ docker network create --opt encrypted --driver overlay my-multi-host-network
因此,如果所有容器都在my-multi-host-network上运行,容器之间的所有通信是否会自动加密?换句话说,就好像所有的容器都在运行SSL一样,如果其余的用于从容器A到容器B的通信,那么REST请求(或通过其他任何通信协议发出的请求-AMQP等)是否已加密?
So if all the containers are running on the my-multi-host-network is all the traffic between the containers encrypted automatically? In other words it's as if all the containers were running SSL and if rest is used to communicate from container A to container B, the REST request (Or requests via any other communication protocol - AMQP, etc) is encrypted?
推荐答案
任何协调器中都有三个联网平面:
There are three networking planes in any orchestrator:
- 管理平面(大脑")
- 控制平面(发现")
- 数据平面(移动数据包")
在Swarm中,前两个默认是加密的,您不需要做任何特殊的事情.由于性能原因,默认情况下未对数据平面进行加密.但是,您可以使用--opt encrypted选项轻松对其进行加密.
The first two are encrypted by default in Swarm, you don't need to do anything special. The data plane is not encrypted by default, for performance reasons. However, you can easily encrypt it, using the --opt encrypted option.
如果创建加密网络,则将为数据平面启用IPSEC隧道.因此,是的,该网络上容器之间的所有通信都将被加密.
If you create an encrypted network, an IPSEC tunnel will be enabled for the data-plane. So yes, all communication between containers on that network will be encrypted.
这篇关于在docker swarm模式下默认情况下是否提供网络安全性/加密?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
