I’m trying to expose my nomad web UI using Traefik and I hope someone can point me at a tutorial or at least give some tips:
- I have a small Nomad cluster with an ingress client plus 3 general duty clients
- the nomad server agent (only 1 for the moment) is running on another machine
- all 5 are debian VPSes in a single networking VPC
- only the ingress server has access to the outside world
- traefik is running as a nomad job with the docker driver
- services generally know about one another via consul and I have network sidecars working
- I’m otherwise configuring traefik using the tags api on various nomad tasks, which has generally been working well
- tags are (I think?) getting communicated through consul
Where I’m lost is how to tell traefik to reverse proxy out port 4646 from the server VPS if I don’t have a Nomad job to point it at.
So for my previous home lab Custer I ended up statically defining a service and load balancer in traefik along with other externally managed devices like Synology NAS UI and UniFi gear. This meant that I treated Nomad, Consul, and Vaults UI as an external systems which did not register themselves with all the tags to do auto detection.
For that setup I have an example here: CarbonCollins - Cloud / Networking / Internal Proxy · GitLab which assumes the ips are static, this is done in combination with the consul catalogue for auto service detection and such with jobs in Nomad.
Just as some potential avenues to look down
from memory it was not easily possible to add extra tags to their (Nomad, Consul, Vault, ect) service registrations making the traefik auto discovery work. However it’s been quite some time since I last looked at this so things may have changed.
I did at one point also start experimenting with consul external services for the nas and unifi gear, one to have some form of health check on them but also to see if I could then dynamically route to them like I did with Nomad jobs. I don’t remember the outcome of this experiment though as life got busy and have only just gotten back into messing with this again
Hope this helps a little but I would however love to hear if there are other ways (maybe even less statically defined ways) of doing this too from the Nomad team or others
Oh, that’s fantastic. Thank you.
I’ve also found this article that just runs traefik outside of nomad’s management, as a systemd-driven regular process on the ingress server, instead of running (as I’ve done as a first attempt) as a nomad job. This configuration might be a little less magical, while still using tagged nomad jobs to deal with routing: