Hi there!
I’m quite new in rancher world and i’m trying to achieve a simple thing (i guess…).
I have a simple infrastructure:
- rancher manager on 1 machine (with public ip)
- 1 master server with OpenVPN server
- 2 rancher hosts (private ip only) running my stack (on cattle)
The three machines are on Scaleway same private network. Doing SSH on each machine and trying to ping the other two works fine.
My goal: restrict access to only certain services over the public internet. And access it only through VPN or machines private network.
Here is my stack detail:
- backend - 2 replicas - must be accessible on port 9090 from VPN or private network only
- frontend - 2 replicas
- nginx: expose 80 on internet to display frontend. Redirect API requests to backend container
- fluentd
- eslasticsearch
- kibana: runs on port 4601. Must be accessible from VPN or private network only
So my stack is up and running but mapping container and hosts ports make kibana and backend accessible from internet. I want to prevent it and only allow ONLY nginx container to be reachable from internet.
If I don’t map ports for kibana and backend, then even from private network / VPN i’m still unable to reach the containers.
Since i’ve 2 hosts running my stack, and since i’m running cattle, how to create such restrictions / allowances? How to configure overlay rancher network to handle such security behavior?
Thanks for your help, have a good day.