Unable to bind docker containers to localhost

Hi all!

I’m trying to bind docker container (fluentd) to localhost to make it accessible only from local machine. In pure docker I do:

docker run -p 127.0.0.1:24224:24224 fluent/fluentd

I’m trying to reproduce it with nomad:

nomad.hcl

datacenter = "dc1"

bind_addr = "0.0.0.0"
data_dir = "/var/lib/nomad"
disable_update_check = true
enable_syslog = true

addresses {
  http = "127.0.0.1"
}

advertise {
  http = "127.0.0.1"
}

ports {
  http = 4646
}

server {
  enabled = true
  bootstrap_expect = 1
  server_join {
    retry_join = [ "127.0.0.1" ]
  }
}

client {
  enabled = true
  host_network "local" {
    interface = "lo"
    cidr = "127.0.0.0/8"
  }
}

job file

group "fluentd" {
  task "fluentd" {
    driver = "docker"

    config {
      image = "fluent/fluentd"
      network_mode = "bridge"

      port_map = {
        fluentd = 24224
      }
    }

    resources {
      memory = "200"
      cpu = 100
      network {
        port "fluentd" {
          host_network = "private"
          static = 24224
        }
      }
    }
  }
}

docker ps

648c71d811b7  fluent/fluentd  18 seconds ago  Up 17 seconds 5 minutes ago Up 5 minutes 
 5140/tcp, 192.168.11.193:24224->24224/tcp, 192.168.11.193:24224->24224/udp  fluentd-34cb6aa9-ecbd-755c-6cfc-44fdec0aed64

nomad

nomad --version
Nomad v0.12.5 (514b0d667b57068badb43795103fb7dd3a9fbea7)

Am I doing anything wrong or it’s impossible for now?

Hi @Davasny. I believe you should change your jobspec to use network_mode = "host" in order to achieve the desired networking outcome. Details about the Nomad Docker driver network_mode config option and on Docker host networking should provide additional background and context.

Thanks,
jrasell and the Nomad team.