Shulou(Shulou.com)06/01 Report--

This article is to share with you what the Rancher network is like. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

Rancher network

First, let's look at the topology of the Rancher network:

Tunnel maintenance (based on config.json)

If a new host is added, add an IPSec tunnel

If there is a new container, but the IPSec tunnel already exists, update xfrm policy

If there is a deletion, do the opposite.

Tunnel routing:

The internal protocol stack of the container determines that there is a directly connected route to the destination address 10.42.x.x, and sends the ARP request.

The agent-instance container on the same Host listens for the ARP request and, after receiving the message, determines whether the destination IP is on this Host.

If the destination IP is not on the Host, use your own MAC to respond to the ARP request

The container receives the ARP response and sends the business message to agent-instance

The IPSec policy in the agent-instance container sends the message into the IPSec tunnel and sends it to the agent-instance of the destination Host for unpacking and forwarding.

Configure the network:

Rancher-Metadata

Fixed IP address: 169.254.169.250

Metadata Server:webserver, profile answers.yml

Support reload: provide service reload interface

Distributed: metadata server is stored in each host

Rancher-DNS

Distributed: each Rancher-DNS serves only the containers on this Host

Source IP: records are stored as client_ip as key

Records are also generated in two special cases:

Add External-service:..rancher.local

Add an alias to service:.. rancher.local

External-DNS

An agent equivalent to a DNS server

Service must Expose port to the host, otherwise the domain name record cannot be generated

Need to set the label io.rancher.host.external_dns_ip= for Host

Domain name rules:.

Load Balance

Using Haproxy for load balancing

Lb forwards traffic to endpoints over the managed network

LB port expose to host

You need to specify whether to start an instance of LB on each host

External-LB

Service requires expose port

Io.rancher.service.external_lb_endpoint

External-LB automatically creates Pool and member information, including::

Thank you for reading! This is the end of this article on "what the Rancher network is like". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.