Hello,
I work with the managed network to deploy all my containers via rancher. However I’d like to be able to contact some containers directly from my “unmanaged” networks, is-it possible ? By bridging if or creating a router inside a dedicated container ?
Here is what I try to achieve:
host 10.99.1.1 (unmanaged) --> server with ranger-agent 10.99.1.2 (unmanaged) --> container 10.42.1.1 (managed)
Cheers
We do this in our setup. We use ‘labels’ in the docker-compose file (labels: io.rancher.scheduler.affinity:host_label: xyz=true) and the rancher web ui host setup (xyz=true) to pin a container to a certain host. This is needed because rancher may place the container on container restart somewhere else and the managed network DNS would only return the managed network IP and not the unmanaged host IP.
The exported port of the container is reachable through the managed network IP and the unmanaged network host IP. My understanding is that Rancher does this with iptables preroute/postroute rules in the NAT table redirecting/masquerading any traffic to/from the exported port of a container (iptables -L -n -v -t nat).
I understand, but in this case you have to expose (and with rancher we can’t bind a particular IP yet) the port of your container.
My approach would be to not expose the port and access to the container to the managed network from the unmanaged network. It’s why I though to a kind of “net proxy” between the 2 networks.