encryptio
commented
8 years ago Slight correction: the bind options in 2.3 do NOT allow not binding an cluster socket. However, we can bind them to the loopback interface (which is unique per pod) to get the same results.
They are not subject to auth keys (or admin passwords.)
NB: It's not yet possible to bind to different interfaces for driver and intracluster ports, so we can't have the driver port open and the intracluster port closed. In 2.3 the bind options will be more granular (https://github.com/rethinkdb/rethinkdb/issues/5467) so we can restrict them properly.