Reputation: 11
How to establish an communication between two application containers
I have deployed an one application in shared domain(public access). Another application in owned domain(private access). The owned domain application should only communicate with shared domain application. The private application should not be able to access it from public . Please provide some examples to establish communication between one application in shared domain and other one in owned domain.
Upvotes: 0
Views: 86
Answers (1)
Reputation: 15051
There are two types of domains in Cloud Foundry:
- Domains (also sometimes called private or owned domains)
- Shared Domains
Shared domains are available to all users on Cloud Foundry. This means anyone that can push an app in any org/space can use this domain. For every installation of Cloud Foundry, there will be at least one shared domain (often called the "apps domain"). Shared domains are created with cf create-shared-domain. Creating a shared domain requires admin or operator level permissions because it impacts the entire foundation.
Private domains are domains available to a limited set of users on Cloud Foundry. This is why they are called private, because access to map routes in those domains is restricted. A private domain is shared across some set of orgs and spaces, with only apps in those spaces being able to use the domain. Any user can create a private domain by issuing the cf create-domain command. This does not require admin or operator permissions.
Neither of these domains provide any sort of restriction in terms of who can access a route which is mapped under one of these domains. Thus if you have a private domain example.com and you map a route www.example.com to an app www-example, access is only restricted by IP & networking rules.
If you want to have restricted access to an app, for example if you have a service app that is only accessed by other apps, you can use the container to container network for that.
In this case, your customer facing apps will have a regular shared or private domain route mapped to them. The backend service apps can be accessed by the customer facing apps over the C2C network using either IP addresses (typically used with a service registry like Eureka) or using the internal domain. Every platform has a shared domain that's flagged as "internal". This is only used on the C2C network and allows a basic level of discovery by DNS.
Hope that helps!
Upvotes: 1
Related Questions
- Communicate with GET request between 2 applications - only one of them run as a docker container
- Communicate between two containers in Google cloud build
- API Communication Between 2 Containers
- How docker container can communicate in PCF
- Communicate between two docker containers
- Docker - communicate between two containers
- Enable container-to-container networking between all the apps in the space
- Establish conversation between hello-world apps in Docker containers
- Communicating Between Docker Containers - Common Techniques
- Cross container communication with Docker