I am researching how to properly set up a docker swarm infrastructure and there is a problem I still haven't managed to find an answer for.
Let's say, in this basic scenario, I have 2 services:
- API: A Rest API service
- DB: A Database service.
┌────────┐
│ WWW │
└────────┘
▲
│
Swarm │
┌────────┼──────────────────────────┐
│ │ │
│ ┌─────▼──────┐ ┌───────────┐ │
│ │ │ │ │ │
│ │ API │◄──►│ DB │ │
│ │ │ │ │ │
│ └────────────┘ └───────────┘ │
│ │
└───────────────────────────────────┘
For security purposes, I do not want the DB service to be publicly available. I only want it to be accessibly for services inside the Docker Swarm, ideally I only want it be available for the API service.
I have tried to setup a bridge network (in a docker-compose file), but when using docker stack deploy
docker complains about it: "The network ... cannot be used with services. Only networks scoped to the swarm can be used, such as those created with the overlay driver.".
So, summarizing, my question is:
- How can I setup a network in order to make a service private to the swarm?
Thank you!