I deployed my service with docker swarm in the Digital Ocean VPC.
I want to block access from the service to http://169.254.169.254/metadata/v1.json which is the metadata API for security reasons. Does anyone know how to do that?
Thanks,
I deployed my service with docker swarm in the Digital Ocean VPC.
I want to block access from the service to http://169.254.169.254/metadata/v1.json which is the metadata API for security reasons. Does anyone know how to do that?
Thanks,
You should block it on your host-machine, Docker use host-machine network configuration, so if your host-machine use iptables, you could use this article to block access.
Also you could block egress traffic from Docker using same iptables, please see this answer.
There are 2 ways to block the IP: 169.254.169.254
1. Block the IP in the host machine
# to block:
$ route add -host 169.254.169.254 reject
# to show the current routes:
$ route
2. Block the IP for docker container only in the docker filter chain with iptables
# to block
$ iptables -I DOCKER-ISOLATION-STAGE-1 -d 169.254.169.254 -j DROP
# to show the current tables:
$ iptables -vL