Rancher
From Christoph's Personal Wiki
Rancher is a container management platform. Rancher natively supports and manages all of your Kubernetes, Mesos, and Swarm clusters.
Setup Rancher HA with AWS
NOTE: This section is currently incomplete. It will be updated soon.
- VPC: rancher-vpc (w/3 subnets)
- VPC CIDR: 172.22.0.0/16
- Rancher management subnet: 172.22.1.0/24 (us-west-2a)
- Rancher management server nodes (EC2 instances):
- mgmt-host-1 (172.22.1.210)
- mgmt-host-2 (172.22.1.211)
- mgmt-host-3 (172.22.1.212)
| Security group inbound rules | ||||
|---|---|---|---|---|
| Type | Protocol | Port | Source | Purpose |
| SSH | TCP | 22 | 0.0.0.0/0 | ssh |
| HTTP | TCP | 80 | 0.0.0.0/0 | http |
| HTTPS | TCP | 443 | 0.0.0.0/0 | https |
| TCP | TCP | 81 | 0.0.0.0/0 | proxy_to_http |
| TCP | TCP | 444 | 0.0.0.0/0 | proxy_to_https |
| TCP | TCP | 6379 | 172.22.1.0/24 | redis |
| TCP | TCP | 2376 | 172.22.1.0/24 | swarm |
| TCP | TCP | 2181 | 0.0.0.0/0 | zookeeper_client |
| TCP | TCP | 2888 | 172.22.1.0/24 | zookeeper_quorum |
| TCP | TCP | 3888 | 172.22.1.0/24 | zookeeper_leader |
| TCP | TCP | 3306 | 172.22.1.0/24 | mysql (RDS) |
| TCP | TCP | 8080 | 0.0.0.0/0 | |
| TCP | TCP | 18080 | 0.0.0.0/0 | <optional> |
| UDP | UDP | 500 | 172.22.1.0/24 | access between nodes |
| UDP | UDP | 4500 | 172.22.1.0/24 | access between nodes |
| Rancher management stack | ||||
|---|---|---|---|---|
| Service | Containers | IPs | Traffic to | Ports |
| 6 x cattle | ||||
| rancher-ha-parent | 172.22.1.210, 172.22.1.211, 172.22.1.212 | zookeeper, redis | ||
| rancher-ha-cattle | 172.22.1.210, 172.22.1.211, 172.22.1.212 | zookeeper, redis | ||
| 2 x go-machine-service | ||||
| management_go-machine-service_{1,2} | 172.22.1.210, 172.22.1.211 | cattle | ||
| 3 x load-balancer | ||||
| management_load-balancer_{1,2,3} | 172.22.1.210, 172.22.1.211, 172.22.1.212 | websocket-proxy, cattle | 80, 443, 81, 444 | |
| 3 x load-balancer-swarm | ||||
| management_load-blancer-swarm_{1,2,3} | 172.22.1.210, 172.22.1.211, 172.22.1.212 | websocket-proxy-ssl | 2376/tcp | |
| 2 x rancher-compose-executor | ||||
| management_rancher-compose-executor_{1,2} | 172.22.1.211, 172.22.1.212 | cattle | ||
| 3 x redis | ||||
| rancher-ha-redis | 172.22.1.210, 172.22.1.211, 172.22.1.212 | tunnel | ||
| 36 x tunnel | ||||
| 2 x websocket-proxy | ||||
| management_websocket-proxy_{1,2} | 172.22.1.210, 172.22.1.212 | cattle | ||
| 2 x websocket-proxy-ssl | ||||
| management_websocket-proxy-ssl_{1,2} | 172.22.1.210, 172.22.1.211 | cattle | ||
| 3 x zookeeper | ||||
| rancher-ha-zk | 172.22.1.210, 172.22.1.211, 172.22.1.212 | tunnel | ||
