search

compose-x / ecs_composex

Manage, Configure and Deploy your services and AWS services and applications from your docker-compose definitions
https://docs.compose-x.io
Mozilla Public License 2.0
166 stars 17 forks source link

[FR] ingress - allow to specify ports for a specific ingress source #573

Closed JohnPreston closed 2 years ago

JohnPreston commented 2 years ago

Some services might have multiple ports open, for normal traffic and debug. i.e. a service might serve active traffic on 80 and have debugger on 8080.

Currently, when setting ingress, all the declared ports of the service are exposed. This is not something one might want from all sources.

Allowing to indicate which source should have access to specific ports would allow to restrict this further

In the following example, Ingress from 0.0.0.0/0 will only be allowed onto port 80, whereas ingress from 192.168.0.0/24 will be allowed to both ports granted to both ports. When Ports is not specified, assumed all ports (here, 80 and 8080).

services:
  serviceA:
    ports:
      - 80/tcp
      - 8080/tcp
    x-network:
      Ingress:
        ext_sources:
          - IPv4: 0.0.0.0/0
            Ports: [80]
          - IPv4: 192.168.0.0/24
            Ports: [80, 8080]
          - IPv4: 172.23.240.0/28
akanungo22 commented 2 years ago

Yes.. this was my requirement