docs: clarify network topology requirements for clients (#17779)

The requirements for client-to-server and client-to-client topologies are not
well-documented in the production install requirements docs. Document that
clients make connections to servers (and not the other way around), and that
clients don't need to communicate with each other (with some exceptions).

Fixes: #17631
This commit is contained in:
Tim Gross 2023-06-30 10:46:29 -04:00 committed by GitHub
parent 45073e8a05
commit e7cc7f2123
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -57,6 +57,19 @@ their servers. This allows having a set of Nomad servers that service clients
that can be spread geographically over a continent or even the world in the case that can be spread geographically over a continent or even the world in the case
of having a single "global" region and many datacenter. of having a single "global" region and many datacenter.
Nomad clients make connections to servers on the RPC port and then maintain a
persistent TCP connection. The server and client use this TCP connection for
two-way communication. As a result, clients that are geographically distributed
from the servers do not need to have publically routable IP addresses in order
to communicate with the servers (although the workloads running on the clients
may need public IPs). All connections between Nomad servers and between clients
and servers must be secured with [mTLS][].
Nomad clients are typically not required to be reachable from each other unless
your workloads need to communicate with each other. The optional [ephemeral disk
migration][] field is one exception, and requires that clients can reach each
other on their HTTP ports.
## Ports Used ## Ports Used
Nomad requires 3 different ports to work properly on servers and 2 on clients, Nomad requires 3 different ports to work properly on servers and 2 on clients,
@ -216,3 +229,5 @@ in automated pipelines for [CLI operations][docs_cli], such as
[docs_cli]: /nomad/docs/commands [docs_cli]: /nomad/docs/commands
[`nomad job plan`]: /nomad/docs/commands/job/plan [`nomad job plan`]: /nomad/docs/commands/job/plan
[`nomad fmt`]: /nomad/docs/commands/fmt [`nomad fmt`]: /nomad/docs/commands/fmt
[mTLS]: /nomad/tutorials/transport-security/security-enable-tls
[ephemeral disk migration]: /nomad/docs/job-specification/ephemeral_disk#migrate