[Enhancement] Isolation of deployments and safer security practices. #17

Utkar5hM · 2024-02-09T08:36:46Z

Currently, all deployments can communicate to each other since they are deployed in the same network. To prevent that, We can have a unique network for each deployment and add nginx svc and the deployment's respective database container into the same network so that the container can only talk to these and not anything else. We can use docker network connect/disconnect commands for this.

It would be better to work on this task once #8 is closed as it will change how database containers are handled.

Currently all the deployed containers have Internet access which they shouldn't as that would not only increase the ability of users to do malicious activity on deployments but might also expose services under internal network that the staging server could be a part of. It would be safer to have an option( env variable set to true by default) to add --internal flag to deployment networks.
Have a look at securing containers. (maybe gVisor and other things that could help??)

The text was updated successfully, but these errors were encountered:

Utkar5hM added enhancement New feature or request help wanted Extra attention is needed stalled labels Feb 9, 2024

Provide feedback