Is anyone running Nomad/Consul in an air-gapped environment

Nomad
1

I am doing research into potentially running Nomad and Consul in an air-gapped environment.

Is there anyone that is or has done this?

Are there any gotchas/restrictions/functionality not available running like this?

Any advice would be awesome! Thanks!

2 Likes
2

Yes we have scenarios that is required. We aren’t fully ready yet but there are a few things.

  1. Obviously you will need a registry for docker and/or artifacts that is accessible (and populated)
  2. Ensure that your jobs reference this (we use Levant rendering here)
  3. Ensure you set the consul meta tags (in nomad) I’d you are using consul connect - to your local registry
  4. There’s a google pause container (this one tripped us up) you’ll need to make sure is in your local registry too

That’s it off the top of my head :grinning:

5 Likes
3

You may want to consider adding a fingerprint-denylist to your client configuration, to exclude cloud provider fingerprinting that will make network calls that won’t receive responses.

3 Likes
4

ooooh, thanks @tgross - we have not set that. Adding to my checklist :slight_smile:

5

Thanks for the help guys.