Is anyone running Nomad/Consul in an air-gapped environment

rere8020 · December 21, 2020, 12:17am

I am doing research into potentially running Nomad and Consul in an air-gapped environment.

Is there anyone that is or has done this?

Are there any gotchas/restrictions/functionality not available running like this?

Any advice would be awesome! Thanks!

idrennanvmware · December 30, 2020, 2:42pm

Yes we have scenarios that is required. We aren’t fully ready yet but there are a few things.

Obviously you will need a registry for docker and/or artifacts that is accessible (and populated)
Ensure that your jobs reference this (we use Levant rendering here)
Ensure you set the consul meta tags (in nomad) I’d you are using consul connect - to your local registry
There’s a google pause container (this one tripped us up) you’ll need to make sure is in your local registry too

That’s it off the top of my head

tgross · January 5, 2021, 2:16pm

You may want to consider adding a fingerprint-denylist to your client configuration, to exclude cloud provider fingerprinting that will make network calls that won’t receive responses.

idrennanvmware · January 5, 2021, 2:24pm

ooooh, thanks @tgross - we have not set that. Adding to my checklist

rere8020 · January 21, 2021, 1:21pm

Thanks for the help guys.