Hyper Docs
  • Introduction
  • What is Hyper
  • Why Hyper
  • Regions
  • Pricing
  • Quota and Limits
  • FAQ
  • Getting Started
    • Generate API Credential
    • Install CLI
    • Part 1 - Starting and inspecting your first container
    • Part 2 - Working with multiple containers
    • Part 3 - Hyper Compose
    • Migrate data
      • hyper container as client
      • hyper container as server
  • Features
    • Container
      • Container
      • Logs
      • Compose
      • Cron
      • Service
      • Func
    • Storage
      • Volume
      • Snapshot
    • Network
      • Network
      • Floating IP
      • Port
      • Security Group
    • Console
      • Filter
  • Reference
    • CLI
      • attach
      • commit
      • config
      • create
      • exec
      • images
      • info
      • inspect
      • kill
      • load
      • login
      • logout
      • logs
      • port
      • ps
      • pull
      • push
      • rename
      • restart
      • rm
      • rmi
      • run
      • search
      • start
      • stats
      • stop
      • version
      • update
      • wait
      • Volume
        • create
        • init
        • inspect
        • ls
        • rm
      • Snapshot
        • create
        • ls
        • rm
      • FIP
        • allocate
        • attach
        • detach
        • ls
        • release
        • name
      • Security Group
        • create
        • ls
        • inspect
        • rm
        • update
      • Compose
        • create
        • down
        • up
        • rm
        • ps
        • pull
        • run
        • kill
        • start
        • stop
        • scale
      • Service
        • create
        • ls
        • inspect
        • scale
        • rolling-update
        • attach-fip
        • detach-fip
        • rm
      • Cron
        • create
        • inspect
        • ls
        • history
        • rm
      • Func
        • create
        • update
        • inspect
        • ls
        • rm
        • logs
        • call
        • get
    • API
      • 2016-04-04 [Ver. 1.23]
        • Container
          • List Containers
          • Create a container
          • Get container logs
          • Start a container
          • Stop a container
          • Restart a container
          • Resize a container
          • Rename a container
          • Kill a container
          • Attach to a container
          • Remove a container
          • Update a container
          • Get container stats
          • Inspect a container
          • Exec Create
          • Commit a container
        • Event
          • Monitor events with WebSocket
        • Misc
          • Display system-wide information
          • Show the hyper version information
          • Exec Start
          • Exec Resize
          • Exec Inspect
        • Image
          • Inspect Images
          • Search Images
          • List Images
          • Load Images
          • Create an image
          • Remove an image
          • Push an image
        • Volume
          • List volumes
          • Create a volume
          • Remove a volume
          • Init a volume
          • Inspect a volume
        • Snapshot
          • Create a snapshot
          • List snapshots
          • Inspect a snapshot
          • Remove a snapshot
        • Network
          • Allocate floating IP
          • Attach a floating IP to a (running) container
          • Detach floating IP from a (running) container
          • List floating IP
          • Release floating IP
          • Name floating IP
        • Security Group
          • Create a security group
          • Remove a security group
          • Inspect a security group
          • Update a security group
          • List security groups
        • Service
          • service create
          • service list
          • service inspect
          • service update
          • service remove
        • Compose
          • Compose up
          • Compose create
          • Compose down
          • Compose rm
          • Compose start
          • Compose stop
          • Compose kill
        • Cron
          • Cron create
          • Cron list
          • Cron inspect
          • Cron remove
          • Cron history
        • Func
          • Func create
          • Func update
          • Func list
          • Func inspect
          • Func remove
          • Func call
          • Func get
          • Func logs
          • Func status
    • Compose File Reference
    • Security Group Reference
  • FAQ
    • Pricing
    • Quota and Limits
    • Privacy Policy
    • Terms of Service
    • Acceptable Use Policy
  • Docs version
Powered by GitBook
On this page
  • Create a security group
  • Associate security groups
  • Change security groups
  • Update a security group
  • Remove a security group
  1. Features
  2. Network

Security Group

PreviousPortNextConsole

Last updated 7 years ago

In Hyper, a security group acts as a virtual firewall that controls the traffic for one or more containers. You add rules to each security group that allow traffic to or from its associated containers. When we decide whether to allow traffic to reach a container, we evaluate all the rules from all the security groups that are associated with the container:

  • if a container has no associated security group, it is accessible (within the network it resides, as well as the Internet)

  • if a container has associated security group(s) with no egress rule, it cannot access the Internet

  • if a container has associated security group(s) with no ingress rule, it is not accessible from other containers, nor the Internet

Security group works independently from port, e.g. You need to publish the container ports even if the associated security group allows the traffic.

Create a security group

Security group is defined in a yaml file. Please read for more details.

    $ cat ssh_sg.yaml
    name: ssh-sg
    description: sg-ssh-description
    rules:
      - protocol: tcp
        direction: ingress
        port_range_min: 22
        port_range_max: 22
        remote_ip_prefix: 0.0.0.0/0
    $ hyper sg create -f ssh_sg.yaml ssh-sg

Associate security groups

When you launch a container, you associate one or more security groups with the container.

    $ hyper run --sg ssh-sg -d -P jdeathe/centos-ssh
    846434fface4d566d7ee06f7809f1065d9efbca732e2dd47184f6244162ee944

Change security groups

You can update containers to add or remove security groups.

    $ hyper update --sg-add ssh-sg ssh-container
    ssh-container

To remove a security group from a container:

    $ hyper update --sg-rm ssh-sg ssh-container
    ssh-container

Update a security group

You can modify the rules for a security group on the fly; the new rules are automatically applied to all containers that are associated with the security group.

    $ cat ssh_sg_update.yaml
    name: ssh-sg
    description: sg-ssh-description
    rules:
      - protocol: tcp
        direction: ingress
        port_range_min: 22
        port_range_max: 23
        remote_ip_prefix: 0.0.0.0/0
    $ hyper sg update -f ssh_sg_update.yaml ssh-sg

Remove a security group

    $ hyper sg rm ssh-sg

Note: You cannot remove a security group which is in use by containers.

the security group reference