Difference between revisions of "Rancher"
From Christoph's Personal Wiki
(Created page with "'''Rancher''' is a container management platform. Rancher natively supports and manages all of your Kubernetes, Mesos, and Swarm clusters. ==Setup Rancher HA with AWS== <div...") |
(→Setup Rancher HA with AWS) |
||
| Line 3: | Line 3: | ||
==Setup Rancher HA with AWS== | ==Setup Rancher HA with AWS== | ||
<div style="margin: 10px; padding: 5px; border: 2px solid red;">'''NOTE:''' This section is currently incomplete. It will be updated soon.</div> | <div style="margin: 10px; padding: 5px; border: 2px solid red;">'''NOTE:''' This section is currently incomplete. It will be updated soon.</div> | ||
| + | |||
| + | * VPC: rancher-vpc (w/3 subnets) | ||
| + | * VPC CIDR: 172.22.0.0/16 | ||
| + | * Rancher management subnet: 172.22.1.0/24 (us-west-2a) | ||
| + | * Rancher management server nodes (EC2 instances): | ||
| + | ** mgmt-host-1 (172.22.1.210) | ||
| + | ** mgmt-host-2 (172.22.1.211) | ||
| + | ** mgmt-host-3 (172.22.1.212) | ||
<div style="float:left; margin:0px 20px 20px 0px;"> | <div style="float:left; margin:0px 20px 20px 0px;"> | ||
| Line 15: | Line 23: | ||
!Purpose | !Purpose | ||
|- | |- | ||
| − | | | + | |SSH || TCP || 22 || 0.0.0.0/0 || ssh |
|- | |- | ||
| − | | | + | |HTTP || TCP || 80 || 0.0.0.0/0 || http |
|- | |- | ||
| − | | | + | |HTTPS || TCP || 443 || 0.0.0.0/0 || https |
| + | |- | ||
| + | |TCP || TCP || 81 || 0.0.0.0/0 || proxy_to_http | ||
| + | |- | ||
| + | |TCP || TCP || 444 || 0.0.0.0/0 || proxy_to_https | ||
| + | |- | ||
| + | |TCP || TCP || 6379 || 172.22.1.0/24 || redis | ||
| + | |- | ||
| + | |TCP || TCP || 2376 || 172.22.1.0/24 || swarm | ||
| + | |- | ||
| + | |TCP || TCP || 2181 || 0.0.0.0/0 || zookeeper_client | ||
| + | |- | ||
| + | |TCP || TCP || 2888 || 172.22.1.0/24 || zookeeper_quorum | ||
| + | |- | ||
| + | |TCP || TCP || 3888 || 172.22.1.0/24 || zookeeper_leader | ||
| + | |- | ||
| + | |TCP || TCP || 3306 || 172.22.1.0/24|| mysql (RDS) | ||
| + | |- | ||
| + | |TCP || TCP || 8080 || 0.0.0.0/0 || | ||
| + | |- | ||
| + | |TCP || TCP || 18080 || 0.0.0.0/0 || ''<optional>'' | ||
| + | |- | ||
| + | |UDP || UDP || 500 || 172.22.1.0/24 || access between nodes | ||
| + | |- | ||
| + | |UDP || UDP || 4500 || 172.22.1.0/24 || access between nodes | ||
| + | |} | ||
| + | </div> | ||
| + | <br clear="all"/> | ||
| + | |||
| + | <div style="float:left; margin:0px 20px 20px 0px;"> | ||
| + | {| align="center" style="border: 1px solid #999; background-color:#FFFFFF" | ||
| + | |- | ||
| + | ! colspan="5" bgcolor="#EFEFEF" | '''Rancher management stack''' | ||
| + | |-align="center" bgcolor="#1188ee" | ||
| + | !Service | ||
| + | !Containers | ||
| + | !IPs | ||
| + | !Traffic to | ||
| + | !Ports | ||
|- | |- | ||
| − | | | + | |colspan="5" bgcolor="#999" | 6 x cattle |
| + | |- bgcolor="#eee" | ||
| + | | || rancher-ha-parent || 172.22.1.210, 172.22.1.211, 172.22.1.212 || zookeeper, redis|| | ||
| + | |- bgcolor="#eee" | ||
| + | | || rancher-ha-cattle || 172.22.1.210, 172.22.1.211, 172.22.1.212 || zookeeper, redis || | ||
|- | |- | ||
| − | | | + | |colspan="5" bgcolor="#999" | 2 x go-machine-service |
| + | |- bgcolor="#eee" | ||
| + | | || management_go-machine-service_{1,2} || 172.22.1.210, 172.22.1.211 || cattle || | ||
|- | |- | ||
| − | | | + | |colspan="5" bgcolor="#999" | 3 x load-balancer |
| + | |- bgcolor="#eee" | ||
| + | | || management_load-balancer_{1,2,3} || 172.22.1.210, 172.22.1.211, 172.22.1.212 || websocket-proxy, cattle || 80, 443, 81, 444 | ||
|- | |- | ||
| − | | | + | |colspan="5" bgcolor="#999" | 3 x load-balancer-swarm |
| + | |- bgcolor="#eee" | ||
| + | | || management_load-blancer-swarm_{1,2,3} || 172.22.1.210, 172.22.1.211, 172.22.1.212 || websocket-proxy-ssl || 2376/tcp | ||
|- | |- | ||
| − | | | + | |colspan="5" bgcolor="#999" | 2 x rancher-compose-executor |
| + | |- bgcolor="#eee" | ||
| + | | || management_rancher-compose-executor_{1,2} || 172.22.1.211, 172.22.1.212 || cattle || | ||
|- | |- | ||
| − | | | + | |colspan="5" bgcolor="#999" | 3 x redis |
| + | |- bgcolor="#eee" | ||
| + | | || rancher-ha-redis || 172.22.1.210, 172.22.1.211, 172.22.1.212 || tunnel || | ||
|- | |- | ||
| − | | | + | |colspan="5" bgcolor="#999" | 36 x tunnel |
|- | |- | ||
| − | | | + | |colspan="5" bgcolor="#999" | 2 x websocket-proxy |
| + | |- bgcolor="#eee" | ||
| + | | || management_websocket-proxy_{1,2} || 172.22.1.210, 172.22.1.212 || cattle || | ||
|- | |- | ||
| − | | | + | |colspan="5" bgcolor="#999" | 2 x websocket-proxy-ssl |
| + | |- bgcolor="#eee" | ||
| + | | || management_websocket-proxy-ssl_{1,2} || 172.22.1.210, 172.22.1.211 || cattle || | ||
|- | |- | ||
| − | | | + | |colspan="5" bgcolor="#999" | 3 x zookeeper |
| + | |- bgcolor="#eee" | ||
| + | | || rancher-ha-zk || 172.22.1.210, 172.22.1.211, 172.22.1.212 || tunnel || | ||
|} | |} | ||
</div> | </div> | ||
<br clear="all"/> | <br clear="all"/> | ||
| − | + | <!-- | |
| + | rancher-ha-parent | ||
| + | ! IP Address | ||
| + | | Public on Host | ||
| + | ! Private in Container | ||
| + | ! Protocol | ||
| + | | None None 3306 TCP | ||
| + | | 172.22.1.210 6379 16379 TCP | ||
| + | | 172.22.1.210 3888 13888 TCP | ||
| + | | 172.22.1.210 2888 12888 TCP | ||
| + | | 172.22.1.210 2181 12181 TCP | ||
| + | | 172.22.1.210 18080 8080 TCP | ||
| + | --> | ||
==External links== | ==External links== | ||
Revision as of 23:43, 7 October 2016
Rancher is a container management platform. Rancher natively supports and manages all of your Kubernetes, Mesos, and Swarm clusters.
Setup Rancher HA with AWS
NOTE: This section is currently incomplete. It will be updated soon.
- VPC: rancher-vpc (w/3 subnets)
- VPC CIDR: 172.22.0.0/16
- Rancher management subnet: 172.22.1.0/24 (us-west-2a)
- Rancher management server nodes (EC2 instances):
- mgmt-host-1 (172.22.1.210)
- mgmt-host-2 (172.22.1.211)
- mgmt-host-3 (172.22.1.212)
| Security group inbound rules | ||||
|---|---|---|---|---|
| Type | Protocol | Port | Source | Purpose |
| SSH | TCP | 22 | 0.0.0.0/0 | ssh |
| HTTP | TCP | 80 | 0.0.0.0/0 | http |
| HTTPS | TCP | 443 | 0.0.0.0/0 | https |
| TCP | TCP | 81 | 0.0.0.0/0 | proxy_to_http |
| TCP | TCP | 444 | 0.0.0.0/0 | proxy_to_https |
| TCP | TCP | 6379 | 172.22.1.0/24 | redis |
| TCP | TCP | 2376 | 172.22.1.0/24 | swarm |
| TCP | TCP | 2181 | 0.0.0.0/0 | zookeeper_client |
| TCP | TCP | 2888 | 172.22.1.0/24 | zookeeper_quorum |
| TCP | TCP | 3888 | 172.22.1.0/24 | zookeeper_leader |
| TCP | TCP | 3306 | 172.22.1.0/24 | mysql (RDS) |
| TCP | TCP | 8080 | 0.0.0.0/0 | |
| TCP | TCP | 18080 | 0.0.0.0/0 | <optional> |
| UDP | UDP | 500 | 172.22.1.0/24 | access between nodes |
| UDP | UDP | 4500 | 172.22.1.0/24 | access between nodes |
| Rancher management stack | ||||
|---|---|---|---|---|
| Service | Containers | IPs | Traffic to | Ports |
| 6 x cattle | ||||
| rancher-ha-parent | 172.22.1.210, 172.22.1.211, 172.22.1.212 | zookeeper, redis | ||
| rancher-ha-cattle | 172.22.1.210, 172.22.1.211, 172.22.1.212 | zookeeper, redis | ||
| 2 x go-machine-service | ||||
| management_go-machine-service_{1,2} | 172.22.1.210, 172.22.1.211 | cattle | ||
| 3 x load-balancer | ||||
| management_load-balancer_{1,2,3} | 172.22.1.210, 172.22.1.211, 172.22.1.212 | websocket-proxy, cattle | 80, 443, 81, 444 | |
| 3 x load-balancer-swarm | ||||
| management_load-blancer-swarm_{1,2,3} | 172.22.1.210, 172.22.1.211, 172.22.1.212 | websocket-proxy-ssl | 2376/tcp | |
| 2 x rancher-compose-executor | ||||
| management_rancher-compose-executor_{1,2} | 172.22.1.211, 172.22.1.212 | cattle | ||
| 3 x redis | ||||
| rancher-ha-redis | 172.22.1.210, 172.22.1.211, 172.22.1.212 | tunnel | ||
| 36 x tunnel | ||||
| 2 x websocket-proxy | ||||
| management_websocket-proxy_{1,2} | 172.22.1.210, 172.22.1.212 | cattle | ||
| 2 x websocket-proxy-ssl | ||||
| management_websocket-proxy-ssl_{1,2} | 172.22.1.210, 172.22.1.211 | cattle | ||
| 3 x zookeeper | ||||
| rancher-ha-zk | 172.22.1.210, 172.22.1.211, 172.22.1.212 | tunnel | ||
