Internal and public rules in one Load balancer

mazeslav · April 27, 2018, 6:32pm

Hi
I have a 10 services in a stack. All of them have rules in loadbalancer like this:

- hostname: <something>.com
        priority: 11
        protocol: http
        service: <somthing>
        source_port: 80
        target_port: 8080

All of these are accessible from Internet and distributed between several hosts. My question is:
How can I restrict access from internet to some services but all services need to communicate with each other ? When I’m trying to change Access Type for one service in LB UI from Public to Internal I get error:
“Port 80 has multiple rules with conflicting access/protcols”.
Or I just need to delete rules from LB for those services for which I want to restrict access?

vincent · April 28, 2018, 6:05am

A single balancer cannot listen both publicly and internally only for the same port. So you need two (or more) different balancers.

Or if the limitations of round-robin DNS is “good enough”, you don’t need a balancer at all for internal communication. All the services in the environment can already directly reach each other by default.

mazeslav · April 28, 2018, 8:32am

Thank you for clarifying that.
should It be a LB in the same stack where my first LB is placed or it should be a different stack or it doesn’t matter and will the new one automatically register in Rancher Route53 and AWS Route 53?

Topic		Replies	Views
[newbie] Confused about internal loadbalancer Rancher 1.x	0	810	December 12, 2017
How does cattle deal with multiple stacks with load balancer services Rancher 1.x	2	873	March 22, 2017
Rancher load balancing questions Rancher 1.x	7	2524	December 21, 2016
[Fixed] Problem Publishing public LoadBalancer Port on host Rancher 1.x	2	1547	November 6, 2015
Multiple load balancers with Route53 Rancher 1.x	0	965	May 9, 2017

Internal and public rules in one Load balancer

Related Topics