I have a small company network with the following services/servers:
- Jenkins
- Stash (Atlassian)
- Confluence (Atlassian)
- LDAP
- Owncloud
- zabbix (monitoring)
- puppet
- and some Java web apps
all running in separate kvm(libvirt)-vms in separate virtual-subnets on 2 machines (1 internal, 1 hetzner-rootserver) with shorewall inbetween. I'm thinking about switching to Docker.
But I have two questions:
- How can I achieve network security between docker containers (i.e. I want to prevent owncloud to access any host in the network except ldap-hosts-sslport)
- Just by using docker-linking? If yes: does docker really allow to access only linked containers, but no others?
- By using kubernetes?
- By adding multiple bridging-network-interfaces for each container?
- Would you switch all my infra-services/-servers to docker, or a hybrid solution with just the owncloud and the java-web-apps on docker?