Internal and external network suggestion

I am trying to learn kubernetes and rancher. Here is what i want to accomplish :

  1. I have few docker containers which i want to service only from my internal network using
  2. I have same as above but those containers will be accessible from internet on

What i have at the moment is following :

  1. Rancher server
  2. RancherOS to be used for the cluster and as one node
  3. I have made a cluster and added the node from 2. and disabled the nginx controller.
  4. Install traefik app
  5. I have forwarded port 80, 443 to my node.
  6. Added few containers
  7. Added ingress rules

So at the moments it works with the external network. I can write from the internet and everything works as it should.

Now my problem is how can i add the internal network now ?

Do i create another cluster ? Another node on the same host ? Should i install two traefik and then use class in ingress for the internal stuff ?

My idea was to add another ip to the same interface on the rancheros then add another node on the same host but with the other ip but i can’t get it to work. Rancher sees both nodes with the same name and doesn’t use the information i give it i mean --address when creating the node. Of course even when i do this it would require that i setup a DNS server internally so it knows which domains are served internally but i haven’t done that yet since i can’t seem to figure out how to handle the two ip on the host and use them in two different nodes. I am unsure what is require, maybe it’s the wrong route i am going.

I would appreciate if somebody had some ideas.


We had a similar situation (also with Rancher) when designing how we would serve apps both internally and externally. Initially we thought we could just have a shared cluster and use labels to separate the workloads in the same clusters, but that didn’t feel quite right.

In the end we went with different clusters per network in order to increase the isolation between those workloads. Doing shared workloads is still doable though, using multiple ingress would be a good way to assist things as well. For the service DNS’ could you identify zones in there, ie internal DNS and external DNS?

I haven’t played around with RancherOS yet (still using RHEL nodes) but have you tried asking that question over in the rancher slack? They might have some more input there.

@macintoshprime thank you for taking the time to reply. Yes i did ask but it seems like whole this rancher / kubernetes is a unknown territory. All that i have learned i did by myself during 2 weeks and it’s quite frustrating not having somebody to talk with regarding ideas and suggestions. I might give up on the whole thing since i don’t quite know how to proceed from here.

My feeling is creating another cluster to serve internal facing traffic would be best. It keeps the workloads isolated and you could minimize having to debug issues based on have the two networks, just keeps things more simple.

Sorry to hear you’re been having a hard time finding people to talk to about this issue. Are there any other issues you’re having with Rancher/Kubernetes, I would like to help make it less of unkown territory if possible :slight_smile:

Don’t give up. Rancher do have a slack channel where you can get help

Join Rancher Users on Slack!

Thank you for your reply. Ok so two clusters but i only have one host (the RancherOS) machine. This machine has one internal ip in my network, i can however make an alias and have two if needed but then can i install two clusters with nodes on the same host ? And if so can i specify one ip to one cluster and another to the other one ? I could spin another machine but trying to kerp power consumption low since this is at home. I think after i have found a plausible solution to this i might get deeper into kubernetes/rancher but until then i am stuck and cant continue.

I actually tried but it was awful quite in there :slightly_frowning_face:

I got bit further, i found out i needed an Load Balancer and since i am not using a cloud provider i found MetalLB so i added that to the cluster, gave it a pool of ip’s. I then installed two instances of traefik in the cluster which both pulled an ip from the pool and voila i was now ready to make different services for internal and external usage. I will have to continue and see if i can have it all working, i need to deploy a DNS server that can resolve to internal ip on some of the domains.

1 Like

That’s awesome! I had completely forgotten about MetalLB, glad to hear it is working for you :slight_smile:

Wish I could be of more assistance with the DNS server issue, that’s a little out of my wheel house. If I come across anything that might help I will keep you updated.