

I looked up when pasta became the default networking backend for rootless and it seems to have been with podman 5.0. I do remember using podman 5.x versions, so I was most likely using pasta.
The reason why I seperated each app into their own network was indeed for security. The only container with access to all the networks is the reverse proxy.
Containers within a pod can use localhost to access each other. Containers outside of the pod needs to use the pod name to access the containers in the pod.