Is anyone running Nomad/Consul in an air-gapped environment

I am doing research into potentially running Nomad and Consul in an air-gapped environment.

Is there anyone that is or has done this?

Are there any gotchas/restrictions/functionality not available running like this?

Any advice would be awesome! Thanks!

1 Like

Yes we have scenarios that is required. We aren’t fully ready yet but there are a few things.

  1. Obviously you will need a registry for docker and/or artifacts that is accessible (and populated)
  2. Ensure that your jobs reference this (we use Levant rendering here)
  3. Ensure you set the consul meta tags (in nomad) I’d you are using consul connect - to your local registry
  4. There’s a google pause container (this one tripped us up) you’ll need to make sure is in your local registry too

That’s it off the top of my head :grinning:

4 Likes

You may want to consider adding a fingerprint-denylist to your client configuration, to exclude cloud provider fingerprinting that will make network calls that won’t receive responses.

2 Likes

ooooh, thanks @tgross - we have not set that. Adding to my checklist :slight_smile: