I have the following case… When I define ports in a docker-compose file, it exposes the service to that port on the containing host on rancher. This creates a problem as I need more than one container per host, and use the LB. However, when I am testing the stack with docker-compose, if I dont add a port to expose it wont work on the local machine… Therefore I’m left adding/commenting the docker-compose file if I’m using it with rancher or on local dev…
I tried adding a rancher dns service to make a link, or a loadbalancer, but it wont work as I expect because docker-compose doesnt have “external_links”, etc… so everything I tried so far would require different docker-compose versions for Rancher & local docker-compose… I wanted to prevent that…
Can someone please give me some advice on how they are doing it or maybe we should talk abt a different way on how Rancher handles ports? Maybe a way of overriding the docker compose ports setup via rancher-compose? I dont know what would be best, so I thought I’d put it out here…
I also encounter similar questions. It seems to me not possible to have a docker-compose.yml that works the same in rancher as without rancher. The reason, If I understood you correctly, is that when in Rancher I usually do not expose any application ports on the host in order to take full advantage of scalability and rancher Service HA and I use even a distinct Stack only for the Load Balancer which I use to link to my application services. The Load Balancer stack is shared among several Stacks, becuase you can only have one Loadbalance per host since you would normally expose port 80. If we use a public load balancer for each Stack, one would need a number of hosts as the number of stacks waste of hosts resources (this is probably for another discussion).
The problem is that rancher LoadBalancer is a Rancher-only-invention and even though it looks like defined as a docker image rancher/load-balancer-service … bang surprise it actually does not exist at all in docker hub…and the exported rancher docker-compose.yml file leaves you with containers that have no exposed ports… most PaaS/CaaS have custom solutions for load balancer (I wish these were external pluggable services in Rancher)… one way to solve this would be to have an extended docker-compose file … called like docker-compose-outside-rancher.yml that extends the docker-compose.yml file and adds a normal nginx/haproxy linked to the containers one wants to access … but I don’t like to have this complexity and multiple compose files … so I really would like to either have the rancher load-balancer working outside of rancher or have a io.rancher label that tells rancher to suppress exposed ports … hopefully somebody has a brilliant solution to this
Yes, thats exactly my case… I also noticed that rancher LB and dns-service arent available “off rancher”, even though they get added to the docker-config if you add an LB or Link…
I’m also using a diffeent stack for LBs, so I guess this is probably the way many are going…
I think that having a LB that works on docker-composer would be enough, as the container itself woudnt attach to a host port, but the LB would (just like in rancher)…
I know rancher can use a specific IP for a container, but if its already in use, it will pick another… maybe something similar should be done for ports? i.e. if scaling the service and the port defined is already in use, another one is picked for that container…?
regarding the last sentence of ports…I think Rancher has support for random ephemeral ports automatically assigned if not ports is given. see https://github.com/rancher/rancher/issues/2097
maybe that will help?
Currently I need to add/remove the port mapping from my docker-compose file as without it I can’t run on a local machine, and with the ports mapping, rancher wont run more than one instance per host due to the port conflict… What I mentioned would be exactly ephemeral random ports like it uses when there is no mapping, but used also when there is a conflicting mapping… (Of course the rancher lb must be aware of these ports, but it shouldnt be hard since the feature per se is already there?)
Random ports is not in the current release (0.51) but in the next one (tonight or tomorrow). So you would say ports: 80/tcp or whatever and both vanilla docker-compose and Rancher will assign a random host port to map to container port 80.
We also will assign the same random host port to each container, so that external-dns works (if setup). …Mostly; If you have more containers than hosts then they obviously can’t all share the same port so some will spill over into other port number(s).
There is not a way to “soft request” a specific port for a particular service. “8080:80” is hard assignment and will fail if there’s no host with 8080 available (as before). It’s not in the UI but you can set the available random port range for each environment if needed so you know e.g. what range to allow past firewall. The default is the standard ephemeral port range (49153-65535).
waste of hosts resources (this is probably for another discussion).