Hello Folks.
We’ve been experimenting with consul connect, using this page: Consul Service Mesh | Nomad by HashiCorp as inspiration.
We’ve got that example working ( after discovering Nomad connect functionality not working with SELinux enabled · Issue #7290 · hashicorp/nomad · GitHub ) using a local nomad/consul setup, but there is one aspect of it we don’t understand.
After a successful deploy, we ask consul what services it knows about via v1/agent/services and find the following:
“_nomad-task-70af0640-3a0e-fdc4-28e5-512ca651ae0a-group-api-count-api-9001-sidecar-proxy”: {
“Kind”: “connect-proxy”,
“ID”: “_nomad-task-70af0640-3a0e-fdc4-28e5-512ca651ae0a-group-api-count-api-9001-sidecar-proxy”,
“Service”: “count-api-sidecar-proxy”,
“Tags”: ,
“Meta”: {
“external-source”: “nomad”
},
“Port”: 20959,
“Address”: “10.81.75.44”,
“TaggedAddresses”: {
“lan_ipv4”: {
“Address”: “10.81.75.44”,
“Port”: 20959
},
“wan_ipv4”: {
“Address”: “10.81.75.44”,
“Port”: 20959
}
},
“Weights”: {
“Passing”: 1,
“Warning”: 1
},
“EnableTagOverride”: false,
“Proxy”: {
“DestinationServiceName”: “count-api”,
“DestinationServiceID”: “_nomad-task-70af0640-3a0e-fdc4-28e5-512ca651ae0a-group-api-count-api-9001”,
“LocalServiceAddress”: “127.0.0.1”,
“LocalServicePort”: 9001,
“Config”: {
“bind_address”: “0.0.0.0”,
“bind_port”: 26687
},
“MeshGateway”: {},
“Expose”: {}
},
“Datacenter”: “dc1”
}
At this point, we were expecting to be able to visit http://localhost:20959 and perhaps explore the count-api - but what we get back is an empty reply:
$ curl http://localhost:26687/
curl: (52) Empty reply from server
Is that expected? If it is - what should we be doing in order to expose this service both internally and externally? I notice there are two very relevant looking keywords in the Proxy stanza: ‘MeshGateway’ and ‘Expose’ - should we be working through this tutorial: Allow External Traffic Inside Your Service Mesh With Ingress Gateways | Consul - HashiCorp Learn ?
A bit of context. We’re trying to deploy a server process with a corresponding agent process. They communicate via the agent talking to the server via http, much like counter-dash corresponds with count-api. As humans, we can also interact via the server using that same http interface. Importantly, we want to deploy multiple independent sets of (server, [agent]) in the same cluster. The API that we’d like to build is something like:
Us: Hey nomad - please run this server and agent(s) for me!
Nomad (or consul!): OK - the server’s running here (http://localhost:53221/app-name)
Us: Hey nomad - please run this server and agent(s) for me, but slightly differently!
Nomad (or consul!): OK - the server’s running here (http://localhost:54110/app-name)
Eventually our intent is to automate that process talking to nomad’s API - for now we’re just trying to get started using .hcl files and the command line, and we seem to be really close to that without needing a MeshGateway or having to manually Expose things. What are we missing?
For reference, we’re using Nomad v1.2.6 and Consul v1.12.0.
Thanks in advance for any help - and apologies if we’ve missed some really obvious facts!