Start of docs for group level service and network stanza.

This commit is contained in:
Preetha Appan 2019-09-08 22:39:30 -05:00
parent 37a1b8ed2c
commit 3367da4d1f
No known key found for this signature in database
GPG Key ID: 9F7C19990A50EAFC
2 changed files with 53 additions and 1 deletions

View File

@ -4,7 +4,9 @@ page_title: "network Stanza - Job Specification"
sidebar_current: "docs-job-specification-network" sidebar_current: "docs-job-specification-network"
description: |- description: |-
The "network" stanza specifies the networking requirements for the task, The "network" stanza specifies the networking requirements for the task,
including the minimum bandwidth and port allocations. including the minimum bandwidth and port allocations. The network stanza
can be specified at the task group level to enable all tasks in the task
group to share the same network namespace.
--- ---
# `network` Stanza # `network` Stanza
@ -12,6 +14,12 @@ description: |-
<table class="table table-bordered table-striped"> <table class="table table-bordered table-striped">
<tr> <tr>
<th width="120">Placement</th> <th width="120">Placement</th>
<td>
<code>job -> group -> **network**</code>
</td>
</tr>
<tr>
<th width="120">Placement</th>
<td> <td>
<code>job -> group -> task -> resources -> **network**</code> <code>job -> group -> task -> resources -> **network**</code>
</td> </td>
@ -25,6 +33,15 @@ and services. Because you don't know in advance what host your job will be
provisioned on, Nomad will provide your tasks with network configuration when provisioned on, Nomad will provide your tasks with network configuration when
they start up. they start up.
Nomad 0.10 enables support for the `network` stanza at the task group level. When
the `network` stanza is defined at the group level with `bridge` as the networking mode,
all tasks in the task group share the same network namespace. This is a prerequisite for
[Consul Connect](/guides/integrations/consul-connect/index.html). Tasks running within a
network namespace are not visible to applications outside the namespace on the same host.
This allows [Connect][] enabled applications to bind only to localhost within the shared network stack,
and use the proxy for ingress and egress traffic.
Note that this document only applies to services that want to _listen_ on a Note that this document only applies to services that want to _listen_ on a
port. Batch jobs or services that only make outbound connections do not need to port. Batch jobs or services that only make outbound connections do not need to
allocate ports, since they will use any available interface to make an outbound allocate ports, since they will use any available interface to make an outbound
@ -57,10 +74,17 @@ job "docs" {
- `port` <code>([Port](#port-parameters): nil)</code> - Specifies a TCP/UDP port - `port` <code>([Port](#port-parameters): nil)</code> - Specifies a TCP/UDP port
allocation and can be used to specify both dynamic ports and reserved ports. allocation and can be used to specify both dynamic ports and reserved ports.
- `mode` `(string: "host")- Mode of the network. The following modes are available:
- “none” - Task group will have an isolated network without any network interfaces.
- “bridge” - Task group will have an isolated network namespace with an interface that is bridged with the host
- “host” - Each task will join the host network namespace and a shared network namespace is not created.
This matches the current behavior in Nomad 0.9
### `port` Parameters ### `port` Parameters
- `static` `(int: nil)` - Specifies the static TCP/UDP port to allocate. If omitted, a dynamic port is chosen. We **do not recommend** using static ports, except - `static` `(int: nil)` - Specifies the static TCP/UDP port to allocate. If omitted, a dynamic port is chosen. We **do not recommend** using static ports, except
for `system` or specialized jobs like load balancers. for `system` or specialized jobs like load balancers.
- `to` `(string:nil)` - Applicable when using "bridge" mode to configure port to map to inside the task's network namespace.
The label assigned to the port is used to identify the port in service The label assigned to the port is used to identify the port in service
discovery, and used in the name of the environment variable that indicates discovery, and used in the name of the environment variable that indicates
@ -167,6 +191,25 @@ When the task is started, it is passed an additional environment variable named
`NOMAD_HOST_PORT_http` which indicates the host port that the HTTP service is `NOMAD_HOST_PORT_http` which indicates the host port that the HTTP service is
bound to. bound to.
### Bridge Mode
The following example is a group level network stanza that uses bridge mode
and port mapping.
```hcl
network {
mode = "bridge"
port "http" {
static = 9002
to = 9002
}
}
```
[docker-driver]: /docs/drivers/docker.html "Nomad Docker Driver" [docker-driver]: /docs/drivers/docker.html "Nomad Docker Driver"
[qemu-driver]: /docs/drivers/qemu.html "Nomad QEMU Driver" [qemu-driver]: /docs/drivers/qemu.html "Nomad QEMU Driver"
[Connect]: /docs/job-specification/connect.html "Nomad Consul Connect Integration"
### Limitations
Only one `network` stanza can be specified, when it is defined at the task group level.

View File

@ -16,6 +16,11 @@ description: |-
<code>job -> group -> task -> **service**</code> <code>job -> group -> task -> **service**</code>
</td> </td>
</tr> </tr>
<th width="120">Placement</th>
<td>
<code>job -> group -> **service**</code>
</td>
</tr>
</table> </table>
The `service` stanza instructs Nomad to register the task as a service using the The `service` stanza instructs Nomad to register the task as a service using the
@ -71,6 +76,9 @@ configuration to integrate Nomad with service discovery, please see the
must take to configure Nomad. Simply adding this configuration to your job file must take to configure Nomad. Simply adding this configuration to your job file
does not automatically enable service discovery. does not automatically enable service discovery.
Nomad 0.10 also allows specifying the `service` stanza at the task group level.
This enables services in the same task group to opt into [Consul Connect][] integration.
## `service` Parameters ## `service` Parameters
- `check` <code>([Check](#check-parameters): nil)</code> - Specifies a health - `check` <code>([Check](#check-parameters): nil)</code> - Specifies a health
@ -628,3 +636,4 @@ system of a task for that driver.</small>
[network]: /docs/job-specification/network.html "Nomad network Job Specification" [network]: /docs/job-specification/network.html "Nomad network Job Specification"
[qemu]: /docs/drivers/qemu.html "Nomad qemu Driver" [qemu]: /docs/drivers/qemu.html "Nomad qemu Driver"
[restart_stanza]: /docs/job-specification/restart.html "restart stanza" [restart_stanza]: /docs/job-specification/restart.html "restart stanza"
[Connect]: /docs/job-specification/connect.html "Nomad Consul Connect Integration"