Rancher doesn’t expose ports

  docker, iptables, networking, rancher

I have setup: Rancher (1.6.30) and Docker (18.09.9).

When I create a rancher cluster from docker-compose:

version: '2'
services:
  mongo:
    image: mongo:4.4.2
    stdin_open: true
    volumes:
    - /var/lib/mongo/data/db:/data/db
    tty: true
    ports:
    - 27017:27017/tcp
  app1:
    image: XX
    stdin_open: true
    tty: true
    ports:
    - 10503:80/tcp
    labels:
      io.rancher.container.pull_image: always
  app2:
    image: XX
    stdin_open: true
    tty: true
    ports:
    - 10504:8080/tcp
  app3:
    image: XX
    stdin_open: true
    tty: true
    ports:
    - 10502:8080/tcp
    - 15502:8500/tcp
    labels:
      io.rancher.container.pull_image: always
  db:
    image: postgres:11.7-alpine
    stdin_open: true
    volumes:
    - /var/lib/postgresql/data:/var/lib/postgresql/data
    tty: true
    ports:
    - 10501:5432/tcp
    labels:
      io.rancher.container.pull_image: always

There are no ports exposed to the world. As we can see by using docker ps

docker ps

Although, I can reach the service from outside the container, but only from current machine, when I use "localhost" in url. But when I try to connect from different IP – there is a timeout.

I think there is something wrong with rancher, because when i create container manually

docker run -p 10503:80 -d registry/service

service is accessible from anywhere and docker ps prints binding in "port" column.

This is iptables after creating docker containers by rancher:

iptables -L -n –line-numbers -t nat

As we can see, there are no bindings.

It’s quite weird, because I have same situation in other server (same rancher + docker, same applications), and there everything works well.

Thanks in advance

Source: Docker Questions

LEAVE A COMMENT