Workspace private network
Partial — no service discovery API
Services in the same workspace run on a dedicated Docker bridge network (bfc-ws-{workspaceId}). Containers can reach each other by Docker DNS name lc-{serviceId}.
What works
- Web service → Postgres/Key Value over internal hostname
- Web service → private service on
PORT - Isolation from other workspaces' containers
What is not included
- Private DNS API or automatic service discovery registry
- Cross-workspace private networking
- Encrypted overlay beyond Docker network isolation
Pass connection strings and internal hostnames via environment variables.