Converting docker networking to Noamd

[Sean Farrow]

Hi all,

 

I have a docker compose file that creates and assigns networks to different containers so that certain containers can access each other, others can be accessed from the outside and others still are internal only and are not publicly available.

I am wondering how I would do this with Nomad? Is overlay networking supported?

Any help/examples appreciated

Kind regards

Sean.

[pre...@hashicorp.com]

Hi Sean 

We don't have support for overlay networking, but there are some open issues around it like https://github.com/hashicorp/nomad/issues/511 

Having a good networking story for Nomad and CNI plugin integration are both areas we've talked about and are in a future roadmap.

[Michael Schurter]

The Docker driver in Nomad does support specifying a custom network if you have a network overlay like weave setup: https://www.nomadproject.io/docs/drivers/docker.html#network_mode

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/nomad/issues
IRC: #nomad-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Nomad" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nomad-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/nomad-tool/734d9455-e8f5-4151-84c5-1351756b16bd%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Michael Schurter]

When network_mode is set to something other than "bridge" (the default") or "host", Nomad will advertise the IP and port specified by Docker for the container in Consul. So if you're using weave and advertising services in Consul from Nomad, Nomad will advertise the weave addresses by default. See the service.address_mode parameter for how to control this behavior: https://www.nomadproject.io/docs/job-specification/service.html#address_mode

However you may want to start using Nomad and Consul without an overlay network for simplicity. You can run your Docker containers with Nomad, advertise their addresses in Consul with the service stanza, and configure the containers to talk to each other by using the template stanza. Templates will restart your services when addresses they're using change. Alternatively you can have your containers talk directly to Consul to discover the services they need. While an overlay network enforces isolation between services, isolation isn't always necessary and using TLS internally is an alternative to using overlay networks for service isolation. Nomad itself suggests using mTLS for network isolation.

I hope that helps! As Preetha stated we're hoping to have an improved networking story in the future!

On Fri, Mar 30, 2018 at 12:58 PM, Sean Farrow <sean....@tendosolutions.com> wrote:

Hi Michael,

 

Do you know how weave networking works with consul?

Cheers

Sean.

To view this discussion on the web visit https://groups.google.com/d/msgid/nomad-tool/CAA5d-AWB_A9uDptmRxkmPe5zvpftBS_J7R7ob-_rtGA2dv0W7A%40mail.gmail.com.

[Sean Farrow]

Hi Michael,

 

Do you know how weave networking works with consul?

Cheers

Sean.

 

From: nomad...@googlegroups.com <nomad...@googlegroups.com> On Behalf Of Michael Schurter
Sent: 30 March 2018 17:13
To: Preetha Appan <pre...@hashicorp.com>
Cc: Nomad <nomad...@googlegroups.com>
Subject: Re: [nomad] Re: Converting docker networking to Noamd

 

The Docker driver in Nomad does support specifying a custom network if you have a network overlay like weave setup: https://www.nomadproject.io/docs/drivers/docker.html#network_mode

 

On Thu, Mar 29, 2018 at 2:23 PM, <pre...@hashicorp.com> wrote:

Hi Sean 

 

We don't have support for overlay networking, but there are some open issues around it like https://github.com/hashicorp/nomad/issues/511 

 

Having a good networking story for Nomad and CNI plugin integration are both areas we've talked about and are in a future roadmap.

On Wednesday, March 28, 2018 at 11:00:20 PM UTC-5, Sean Farrow wrote:

Hi all,

 

I have a docker compose file that creates and assigns networks to different containers so that certain containers can access each other, others can be accessed from the outside and others still are internal only and are not publicly available.

I am wondering how I would do this with Nomad? Is overlay networking supported?

Any help/examples appreciated

Kind regards

Sean.

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/nomad/issues
IRC: #nomad-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Nomad" group.

To unsubscribe from this group and stop receiving emails from it, send an email to nomad-tool+...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/nomad-tool/734d9455-e8f5-4151-84c5-1351756b16bd%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

 

--

This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/nomad/issues
IRC: #nomad-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Nomad" group.

To unsubscribe from this group and stop receiving emails from it, send an email to nomad-tool+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/nomad-tool/CAA5d-AWB_A9uDptmRxkmPe5zvpftBS_J7R7ob-_rtGA2dv0W7A%40mail.gmail.com.