Hi,
Apologies if this was covered in a tutorial, but I have what may be a silly question.
If some of my Nomad jobs use Consul Connect, and Consul has ACL enabled, do I need a Consul agent (i.e. a Consul client agent) running on the same host as each server node in my Nomad cluster? It appears that Nomad client agents make a request to the Nomad server leader to request SI tokens on their behalf.
I could set up my Nomad servers to point to one of the Consul servers that are NOT co-located on the same host, or I could put a Consul agent on the Nomad servers themselves.
Is one way considered better than another?
Thanks!