Hey everyone! I'm currently trying to set up a swarm service that routes outgoing traffic through specific IPs or interfaces, different from those used by other services in my cluster. I'm wondering if this is possible and how I might achieve it. I've already experimented with the bridge network and made some tweaks to the default iptable rules, but it seems like the bridge network functions differently with swarm compared to standard Docker, making routing changes quite tricky. I plan to dive into the overlay network soon to see if there's a way to intercept service traffic with iptables. By the way, I've noticed the default gateway for containers gets set to the IP of the first network mentioned in the Docker Compose file. Any help would be greatly appreciated!
2 Answers
It sounds like you're looking to create specific source IP routes for a service. Unfortunately, Docker Swarm doesn't support that natively. You can use iproute2 rules to accomplish it, but it can get complicated. What's your end goal here? Wouldn't it be easier to just run the service on a dedicated host?
I get where you're coming from, but just to clarify, you really can't do this natively with Swarm as you'd like. Are you looking for a more robust solution or just a quick workaround?
That's an interesting suggestion, but dedicating a host every time would reduce resilience. I'd prefer to avoid that if possible. Maybe deploying a VM would be better for scalability.