search

adi90x / rancher-active-proxy

All in one active reverse proxy for Rancher ! For Kubernetes : https://github.com/adi90x/kube-active-proxy
MIT License
156 stars 55 forks source link

tags to hook limit rule application #47

Closed DACRepair closed 6 years ago

DACRepair commented 6 years ago

I have a rancher cluster running with services destined for the internet, and some that are internal. I don't want to rely on DNS resolution alone, so I was wondering if there was a way to limit whether or not RAP actually creates a rule. I was looking at "Specific Host", but I have the containers load balanced over several boxes. Ideally I would run an internal RAP and an external RAP, however I am not really seeing a way to do this.

Thanks!

DACRepair commented 6 years ago

31 does a better job explaining it.

adi90x commented 6 years ago

Not sure to understand how an internal / external RAP would be usefull ? Main work of RAP , is to forward external traffic to docker containers ? What is your setup ?

DACRepair commented 6 years ago

So much like #31, I am running several hosts in a cluster, but no specific host has containers hard mapped other than RAP so that it's always on the same IP. The plan would be to pin 2 separate instances of RAP to 2 different hosts / IP's so that one can have an IP my local DNS server / local workstations can get to, and the other IP have NAT set up to the internet. This way I can say a service is also available to the outside. I could do this with one instance, however I don't trust just using DNS to determine whether it resolves on the outside or not.

adi90x commented 6 years ago

I see your idea, it would mean limiting containers to be read only from RAP instance on specific host ? It is the same as SPECIFIC_HOST, however at container level. Need to find a way to deal with that, but it is an interesting evolution.

Le 27 févr. 2018 22:00, "DACRepair" notifications@github.com a écrit :

So much like #31 https://github.com/adi90x/rancher-active-proxy/issues/31, I am running several hosts in a cluster, but no specific host has containers hard mapped other than RAP so that it's always on the same IP. The plan would be to pin 2 separate instances of RAP to 2 different hosts / IP's so that one can have an IP my local DNS server / local workstations can get to, and the other IP have NAT set up to the internet. This way I can say a service is also available to the outside. I could do this with one instance, however I don't trust just using DNS to determine whether it resolves on the outside or not.

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/adi90x/rancher-active-proxy/issues/47#issuecomment-369024247, or mute the thread https://github.com/notifications/unsubscribe-auth/AKpqdBpxuBGak0_TXNnjThR5cAT5JjPcks5tZGzvgaJpZM4SVIgr .

adi90x commented 6 years ago

Problem should be solved with the last merged branch ! Check RAP_NAME & rap.rap_name ! This should give you a way to do what you want !