Hi there,
I’ve been trying to figure this out for a while now with no joy. I have the following 2 jobs which are using Docker and bridge networking:
job "job1" {
type = "service"
group "group" {
count = 1
network {
mode = "bridge"
}
task "web" {
driver = "docker"
config {
image = "nginx:latest"
}
}
task "redis" {
driver = "docker"
config {
image = "redis:latest"
}
}
}
}
job "job2" {
type = "service"
group "group" {
count = 1
network {
mode = "bridge"
}
task "web" {
driver = "docker"
config {
image = "nginx:latest"
}
}
}
}
My question is: Is there a way I can make it so the jobs/groups cannot communicate with other jobs/groups, but each task gets given its own IP and can communicate with other tasks in the same group?
Hi,
Do you know Consul Service Mesh?
This is a way I use to get them to communicate across tasks and groups.
This an example jobs I used:
job "mosquitto-stack" {
region = "global"
datacenters = ["dc1"]
type = "service"
node_pool = "all"
group "mosquitto-server" {
count = 1
restart {
attempts = 10
interval = "5m"
delay = "10s"
mode = "delay"
}
network {
mode = "bridge"
port "mqtt" {
to = 1883
static = 1883
}
}
service {
name = "mqtt"
port = "1883"
connect {
sidecar_service {}
sidecar_task {
resources {
cpu = 64
memory = 64
}
}
}
}
task "server" {
driver = "docker"
config {
image = "eclipse-mosquitto:latest"
mount {
type = "bind"
target = "/mosquitto/config/mosquitto.conf"
source = "local/mosquitto.conf"
readonly = false
bind_options {
propagation = "rshared"
}
}
ports = ["mqtt"]
}
template {
data = <<EOH
listener 1883
allow_anonymous true
EOH
destination = "local/mosquitto.conf"
}
template {
data = <<EOH
ANSIBLE_FORCE_COLOR=TRUE
EOH
destination = "secrets/file.env"
env = true
}
resources {
cpu = 128
memory = 128
}
}
}
group "mosquitto-client" {
count = 1
restart {
attempts = 10
interval = "5m"
delay = "10s"
mode = "delay"
}
network {
mode = "bridge"
}
service {
name = "mesh"
connect {
sidecar_service {
proxy {
upstreams {
destination_name = "mqtt"
local_bind_port = "1883"
}
}
}
sidecar_task {
resources {
cpu = 64
memory = 64
}
}
}
}
task "client" {
driver = "docker"
config {
image = "alpine:latest"
entrypoint = ["/bin/sleep", "3600"]
}
resources {
cpu = 128
memory = 128
}
}
}
}
You don’t have to - that’s exactly what Nomad sets up for you. A task in a group can communicate with other tasks in the same group (see the Nomad Runtime Environment docs, you can get the IP:port of all other declared ports, which you would declare using the port stanza in the network block.