We are trying to use sidecar_service to connect 2 services together with nomad.
I used the sample job from
nomad init -connect command, and ran it into a 2 client node cluster (dashboard and api tasks are each deployed to their own host)
It works perfectly as long as we allow any TCP traffic between the 2 nodes.
But I we want to allow only a whitelist of necessary ports, communication is obviously cut off.
OK, so I checked from nomad and consul documentation which ports to open, and allowed
21000-21255 port range according to Consul ports requirements.
But… It stil does not works, and I notice that the envoy container does not listen to a port within the previously documented range (27849 in my case)
If I open this port btw my 2 host servers, it works again, like expected.
So my questions are:
- which range of port is used by nomad while creating sidecar instances ? Is it documented elsewhere ?
- Can I force a fixed port value for the sidecar task on my own ?
Thank you for any help.