search

Security Group

In Hyper, a security group acts as a virtual firewall that controls the traffic for one or more containers. You add rules to each security group that allow traffic to or from its associated containers. When we decide whether to allow traffic to reach a container, we evaluate all the rules from all the security groups that are associated with the container:

  • if a container has no associated security group, it is accessible (within the network it resides, as well as the Internet)

  • if a container has associated security group(s) with no egress rule, it cannot access the Internet

  • if a container has associated security group(s) with no ingress rule, it is not accessible from other containers, nor the Internet

Security group works independently from port, e.g. You need to publish the container ports even if the associated security group allows the traffic.

hashtag
Create a security group

Security group is defined in a yaml file. Please read the security group reference for more details.

    $ cat ssh_sg.yaml
    name: ssh-sg
    description: sg-ssh-description
    rules:
      - protocol: tcp
        direction: ingress
        port_range_min: 22
        port_range_max: 22
        remote_ip_prefix: 0.0.0.0/0
    $ hyper sg create -f ssh_sg.yaml ssh-sg

hashtag
Associate security groups

When you launch a container, you associate one or more security groups with the container.

hashtag
Change security groups

You can update containers to add or remove security groups.

To remove a security group from a container:

hashtag
Update a security group

You can modify the rules for a security group on the fly; the new rules are automatically applied to all containers that are associated with the security group.

hashtag
Remove a security group

Note: You cannot remove a security group which is in use by containers.

PreviousPortNextConsole

Last updated