I’ll be running Rancher on a VM host in a company-wide shared data center. I’m a little unclear about the 10.42.0.0/16 IP space that Rancher uses… is it only used locally on each node, or does this IP space need to be available/reserved in my data center for a multi-node deployment?
It’s internal to the containers/Rancher set up. It does not “have to be reserved”, however, if you are using it on your network, then the 10.42.0.0/16 subnet won’t be able to reach your containers or vice-versa since it does not perform NATing. Other sub-nets won’t have issues. Let’s say you have a Wordpress container, it will be accessed using the host’s IP address - say 10.13.10.3. The 10.42.0.0/16 address is used between containers in the Rancher managed network.
At least it’s my understanding - I didn’t test it.
If you happen to already be using the 10.42.x used in your set up for hosts, then you can always update the subnet that Rancher is using.
Thanks you so much etiweather and Denise! I think that clears up my question quite well!
Can we specify the ip space when creating rancher/server using executing “docker run” command? for example, setting an environment variable. otherwise, the default environment will use the 10.42 IP space.
@okenjian Are you talking about the managed network (all the containers using the 10.42.x.x
IP)? If so, you can update it following the docs.
Yes, any setting can be overridden with an environment variable by prepending CATTLE_
, uppercasing and replacing dots with underscores:
-e CATTLE_DOCKER_NETWORK_SUBNET_CIDR=172.16.0.0/16
yes, i am talking about the managed network. but I want to set the value by environment variable. And vincent has told me how to set it.
thank you!
this is exactly what I want, thank you very much!
Are there implications in using 172.x.x.x or 192.x.x.x in a multi-node deployment with the way Rancher is using IPSec tunnels, or do we need to ensure that we are using a more public address space?
@dan For the IPsec tunnels, you only need to make sure that UDP ports 500
and 4500
are open on the hosts.