Network ports between tasks in the same group

Hello,

I have two tasks within the same group in Nomad and would like to have the port 6000 exposed by one task and connected to by the other task.

However I don’t want the port 6000 exposed to anyone OUTSIDE of the task group, since it has the insecure x11 protocol exposed.

Here is the nomad job I built:

job "vnc" {

    group "vnc" {
      network {
  
        port "vnc" {
          to = 8080
        }
  
        port "x11" {
          static = 6000
        }
      }
      task "vnc" {
        driver = "docker"
  
        config {
          image = "theasp/novnc"
          ports = ["vnc","x11"]
        }
  
        env {
          RUN_XTERM="no"
        }
      }
  
      task "browser" {
        driver = "docker"
  
        config {
          image="psharkey/intellij:latest"
  
          entrypoint = ["sh", "-c", "sleep 5; /opt/intellij/bin/idea.sh"]
        }
  
        env {
          DISPLAY="${NOMAD_HOST_IP_vnc}:0.0"
        }
      }
  
    }
  }
  

The job works, however I find myself with 6000 exposed to the entire network but I wanted that ported only exposed to the other task(s) in my group.

I wonder if I have to use consul connect for this, it seems a bit overkill.

Thanks,

David

I think you want just a bridge network. Networking | Nomad | HashiCorp Developer

I read the link you said, and that definitely looks like what I was looking for, I updated the sample job from the original post to use bridge:

job "vnc" {

  group "vnc" {

    network {
         mode = "bridge"
      port "vnc" {
        to = 8080
      }
    }

    task "vnc" {
      driver = "docker"

      config {
        image = "theasp/novnc"
        ports = ["vnc","x11"]
      }

      env {
        RUN_XTERM="no"
      }
    }

    task "browser" {
      driver = "docker"
      config {
        image="psharkey/intellij:latest"
        entrypoint = ["sh", "-c", "sleep 5; /opt/intellij/bin/idea.sh"]
      }
      env {
        DISPLAY="127.0.0.1:0.0"
      }
    }

  }
}

Looks like the right behaviour, thanks @Kamilcuk

1 Like