Difference between revisions of "Rancher"

From Christoph's Personal Wiki
Jump to: navigation, search
(Setup Rancher HA with AWS)
Line 1: Line 1:
'''Rancher''' is a container management platform. Rancher natively supports and manages all of your Kubernetes, Mesos, and Swarm clusters.
+
'''Rancher''' is a container management platform. Rancher natively supports and manages all of your Cattle, Kubernetes, Mesos, and Swarm clusters.
  
 
==Setup Rancher HA with AWS==
 
==Setup Rancher HA with AWS==
 
<div style="margin: 10px; padding: 5px; border: 2px solid red;">'''NOTE:''' This section is currently incomplete. It will be updated soon.</div>
 
<div style="margin: 10px; padding: 5px; border: 2px solid red;">'''NOTE:''' This section is currently incomplete. It will be updated soon.</div>
  
* VPC: rancher-vpc (w/3 subnets)
+
For my Rancher HA with AWS setup, I will use the following:
 +
 
 +
===Virtual Private Cloud (VPC)===
 +
* Virtual Private Cloud (VPC): rancher-vpc (w/3 subnets)
 
* VPC CIDR: 172.22.0.0/16
 
* VPC CIDR: 172.22.0.0/16
 
* Rancher management subnet: 172.22.1.0/24 (us-west-2a)
 
* Rancher management subnet: 172.22.1.0/24 (us-west-2a)
* Rancher management server nodes (EC2 instances):
+
 
 +
===Rancher management server nodes (EC2 instances)===
 +
* Rancher management server nodes (EC2 instances running CentOS 7):
 
** mgmt-host-1 (172.22.1.210)
 
** mgmt-host-1 (172.22.1.210)
 
** mgmt-host-2 (172.22.1.211)
 
** mgmt-host-2 (172.22.1.211)
 
** mgmt-host-3 (172.22.1.212)
 
** mgmt-host-3 (172.22.1.212)
  
 +
Each of the Rancher management server nodes (referred to as "server nodes" from now on) will have Docker 1.10.3 installed and running.
 +
 +
Each of the server nodes will have the following security group inbound rules:
 
<div style="float:left; margin:0px 20px 20px 0px;">
 
<div style="float:left; margin:0px 20px 20px 0px;">
 
{| align="center" style="border: 1px solid #999; background-color:#FFFFFF"
 
{| align="center" style="border: 1px solid #999; background-color:#FFFFFF"
Line 56: Line 64:
 
<br clear="all"/>
 
<br clear="all"/>
  
 +
===External load balancer (ELB)===
 +
The external load balancer (LB) will be running on an AWS Elastic Load Balancer (ELB) and we shall called this ELB: "rancher-ext-lb" and it will have the following listeners configured:
 +
<div style="float:left; margin:0px 20px 20px 0px;">
 +
{| align="center" style="border: 1px solid #999; background-color:#FFFFFF"
 +
|-
 +
! colspan="6" bgcolor="#EFEFEF" | '''ELB listeners'''
 +
|-align="center" bgcolor="#1188ee"
 +
!Load Balancer Protocol
 +
!Load Balancer Port
 +
!Instance Protocol
 +
!Instance Port
 +
!Cipher
 +
!SSL Certificate
 +
|-
 +
| TCP || 80 || TCP || 81 || N/A || N/A
 +
|-
 +
| TCP || 443 || TCP || 444 || N/A || N/A
 +
|-
 +
| HTTP || 8080 || HTTP || 8080 || N/A || N/A
 +
|}
 +
</div>
 +
<br clear="all"/>
 +
 +
* Create ELB policies:
 +
$ AWS_PROFILE=dev
 +
$ LB_NAME=rancher-ext-lb
 +
$ POLICY_NAME=rancher-ext-lb-ProxyProtocol-policy
 +
$ aws --profile ${AWS_PROFILE} elb create-load-balancer-policy \
 +
      --load-balancer-name ${LB_NAME} \
 +
      --policy-name ${POLICY_NAME} \
 +
      --policy-type-name ProxyProtocolPolicyType \
 +
      --policy-attributes AttributeName=ProxyProtocol,AttributeValue=true
 +
$ aws --profile ${AWS_PROFILE} elb set-load-balancer-policies-for-backend-server \
 +
      --load-balancer-name ${LB_NAME} \
 +
      --instance-port 81 \
 +
      --policy-names ${POLICY_NAME}
 +
$ aws --profile ${AWS_PROFILE} elb set-load-balancer-policies-for-backend-server \
 +
      --load-balancer-name ${LB_NAME} \
 +
      --instance-port 444 \
 +
      --policy-names ${POLICY_NAME}
 +
 +
===Rancher HA management stack===
 +
A fully functioning Rancher HA setup will have the following Docker containers running:
 
<div style="float:left; margin:0px 20px 20px 0px;">
 
<div style="float:left; margin:0px 20px 20px 0px;">
 
{| align="center" style="border: 1px solid #999; background-color:#FFFFFF"
 
{| align="center" style="border: 1px solid #999; background-color:#FFFFFF"

Revision as of 00:09, 8 October 2016

Rancher is a container management platform. Rancher natively supports and manages all of your Cattle, Kubernetes, Mesos, and Swarm clusters.

Setup Rancher HA with AWS

NOTE: This section is currently incomplete. It will be updated soon.

For my Rancher HA with AWS setup, I will use the following:

Virtual Private Cloud (VPC)

  • Virtual Private Cloud (VPC): rancher-vpc (w/3 subnets)
  • VPC CIDR: 172.22.0.0/16
  • Rancher management subnet: 172.22.1.0/24 (us-west-2a)

Rancher management server nodes (EC2 instances)

  • Rancher management server nodes (EC2 instances running CentOS 7):
    • mgmt-host-1 (172.22.1.210)
    • mgmt-host-2 (172.22.1.211)
    • mgmt-host-3 (172.22.1.212)

Each of the Rancher management server nodes (referred to as "server nodes" from now on) will have Docker 1.10.3 installed and running.

Each of the server nodes will have the following security group inbound rules:

Security group inbound rules
Type Protocol Port Source Purpose
SSH TCP 22 0.0.0.0/0 ssh
HTTP TCP 80 0.0.0.0/0 http
HTTPS TCP 443 0.0.0.0/0 https
TCP TCP 81 0.0.0.0/0 proxy_to_http
TCP TCP 444 0.0.0.0/0 proxy_to_https
TCP TCP 6379 172.22.1.0/24 redis
TCP TCP 2376 172.22.1.0/24 swarm
TCP TCP 2181 0.0.0.0/0 zookeeper_client
TCP TCP 2888 172.22.1.0/24 zookeeper_quorum
TCP TCP 3888 172.22.1.0/24 zookeeper_leader
TCP TCP 3306 172.22.1.0/24 mysql (RDS)
TCP TCP 8080 0.0.0.0/0
TCP TCP 18080 0.0.0.0/0 <optional>
UDP UDP 500 172.22.1.0/24 access between nodes
UDP UDP 4500 172.22.1.0/24 access between nodes


External load balancer (ELB)

The external load balancer (LB) will be running on an AWS Elastic Load Balancer (ELB) and we shall called this ELB: "rancher-ext-lb" and it will have the following listeners configured:

ELB listeners
Load Balancer Protocol Load Balancer Port Instance Protocol Instance Port Cipher SSL Certificate
TCP 80 TCP 81 N/A N/A
TCP 443 TCP 444 N/A N/A
HTTP 8080 HTTP 8080 N/A N/A


  • Create ELB policies:
$ AWS_PROFILE=dev
$ LB_NAME=rancher-ext-lb
$ POLICY_NAME=rancher-ext-lb-ProxyProtocol-policy
$ aws --profile ${AWS_PROFILE} elb create-load-balancer-policy \
      --load-balancer-name ${LB_NAME} \
      --policy-name ${POLICY_NAME} \
      --policy-type-name ProxyProtocolPolicyType \
      --policy-attributes AttributeName=ProxyProtocol,AttributeValue=true
$ aws --profile ${AWS_PROFILE} elb set-load-balancer-policies-for-backend-server \
      --load-balancer-name ${LB_NAME} \
      --instance-port 81 \
      --policy-names ${POLICY_NAME}
$ aws --profile ${AWS_PROFILE} elb set-load-balancer-policies-for-backend-server \
      --load-balancer-name ${LB_NAME} \
      --instance-port 444 \
      --policy-names ${POLICY_NAME}

Rancher HA management stack

A fully functioning Rancher HA setup will have the following Docker containers running:

Rancher management stack
Service Containers IPs Traffic to Ports
6 x cattle
rancher-ha-parent 172.22.1.210, 172.22.1.211, 172.22.1.212 zookeeper, redis
rancher-ha-cattle 172.22.1.210, 172.22.1.211, 172.22.1.212 zookeeper, redis
2 x go-machine-service
management_go-machine-service_{1,2} 172.22.1.210, 172.22.1.211 cattle
3 x load-balancer
management_load-balancer_{1,2,3} 172.22.1.210, 172.22.1.211, 172.22.1.212 websocket-proxy, cattle 80, 443, 81, 444
3 x load-balancer-swarm
management_load-blancer-swarm_{1,2,3} 172.22.1.210, 172.22.1.211, 172.22.1.212 websocket-proxy-ssl 2376/tcp
2 x rancher-compose-executor
management_rancher-compose-executor_{1,2} 172.22.1.211, 172.22.1.212 cattle
3 x redis
rancher-ha-redis 172.22.1.210, 172.22.1.211, 172.22.1.212 tunnel
36 x tunnel
2 x websocket-proxy
management_websocket-proxy_{1,2} 172.22.1.210, 172.22.1.212 cattle
2 x websocket-proxy-ssl
management_websocket-proxy-ssl_{1,2} 172.22.1.210, 172.22.1.211 cattle
3 x zookeeper
rancher-ha-zk 172.22.1.210, 172.22.1.211, 172.22.1.212 tunnel



External links

Retrieved from "http://wiki.christophchamp.com/index.php?title=Rancher&oldid=6663"