I spun up a Mesosphere cluster on Digital Ocean (development) and it's not allowing me to allow external (non vpn) connections to containers or apps. How can this be solved ?
Asked
Active
Viewed 247 times
0
-
Which Linux flavour are you using? Also, have you reviewed https://www.digitalocean.com/community/tags/firewall already? – Michael Hausenblas Mar 24 '15 at 20:42
-
I'm using debian - I actually managed to get a manually run docker container (on master) to be accessed outside the VPN , but through Marathon I still can't get it done – Nadi Hassan Hassan Mar 25 '15 at 00:15
1 Answers
4
To ensure that the world doesn't have access to your cluster normally, there have been iptables rules installed. By default, these allow full access inside the cluster and nothing externally.
If you're interested in running real applications, I'd recommend the following:
- Put HAProxy on a single node.
- Setup the haproxy-marathon-bridge script.
- On the same box that you installed HAProxy on, setup iptables to allow access to the port that HAProxy is listening on.
By doing this, you'll have a single place to refer to when giving access to applications running on your Mesos cluster. No matter where the app or container is scheduled (with marathon), you'll always be able to reach it via. haproxy.
grampelberg
- 258
- 1
- 2
- 5
-
This is what I found out . I'd like to add that you need to make sure the script being spat out by haproxy has the correct IPs for front facing ports , since they can be relative IPs – Nadi Hassan Hassan Mar 26 '15 at 00:24