I disable IPv6 and I’m somewhat scared of the concept of having containers with public IPs.

Routable != routed.

If your containers have a Global Unicast Address then it's possible to look at connetion logs and figure out which container made a particular request, for instance.

▲

matt-p 3 hours ago | parent [-]

Yes, not addressable is even safer. Especially so for someone not specialized in networking.

▲

yrro 3 hours ago | parent [-]

It's not safer: it impedes observability.

▲

matt-p 3 hours ago | parent [-]

It doesn't impeed observability for goodness sakes. It does however impeed accidentally opening up your internal network because you don't really understand your firewall/virtual router/whatever.

	▲	yrro 3 hours ago \| parent [-]
		Of course it impedes observability. With IPv6, I can see the IP addresses of the containers that connect to a service. With IPv4, I get (at best) the IP address of the container host, thanks to NAT. Are you also afraid of port forwarding? Have you considered that your ISP could choose to send your router packets destined for RFC1918 addresses?