d026ff1f66
This PR implements first-class support for Nomad running Consul Connect Mesh Gateways. Mesh gateways enable services in the Connect mesh to make cross-DC connections via gateways, where each datacenter may not have full node interconnectivity. Consul docs with more information: https://www.consul.io/docs/connect/gateways/mesh-gateway The following group level service block can be used to establish a Connect mesh gateway. service { connect { gateway { mesh { // no configuration } } } } Services can make use of a mesh gateway by configuring so in their upstream blocks, e.g. service { connect { sidecar_service { proxy { upstreams { destination_name = "<service>" local_bind_port = <port> datacenter = "<datacenter>" mesh_gateway { mode = "<mode>" } } } } } } Typical use of a mesh gateway is to create a bridge between datacenters. A mesh gateway should then be configured with a service port that is mapped from a host_network configured on a WAN interface in Nomad agent config, e.g. client { host_network "public" { interface = "eth1" } } Create a port mapping in the group.network block for use by the mesh gateway service from the public host_network, e.g. network { mode = "bridge" port "mesh_wan" { host_network = "public" } } Use this port label for the service.port of the mesh gateway, e.g. service { name = "mesh-gateway" port = "mesh_wan" connect { gateway { mesh {} } } } Currently Envoy is the only supported gateway implementation in Consul. By default Nomad client will run the latest official Envoy docker image supported by the local Consul agent. The Envoy task can be customized by setting `meta.connect.gateway_image` in agent config or by setting the `connect.sidecar_task` block. Gateways require Consul 1.8.0+, enforced by the Nomad scheduler. Closes #9446
138 lines
4.4 KiB
Plaintext
138 lines
4.4 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: upstreams Stanza - Job Specification
|
|
description: |-
|
|
The "upstreams" stanza allows specifying options for configuring
|
|
upstream services
|
|
---
|
|
|
|
# `upstreams` Stanza
|
|
|
|
<Placement
|
|
groups={[
|
|
'job',
|
|
'group',
|
|
'service',
|
|
'connect',
|
|
'sidecar_service',
|
|
'proxy',
|
|
'upstreams',
|
|
]}
|
|
/>
|
|
|
|
The `upstreams` stanza allows configuring various options for managing upstream
|
|
services that a [Consul
|
|
Connect](/docs/integrations/consul-connect) proxy routes to. It
|
|
is valid only within the context of a `proxy` stanza.
|
|
|
|
For Consul-specific details see the [Consul Connect
|
|
Guide](https://learn.hashicorp.com/consul/getting-started/connect#register-a-dependent-service-and-proxy).
|
|
|
|
```hcl
|
|
job "countdash" {
|
|
datacenters = ["dc1"]
|
|
|
|
group "dashboard" {
|
|
network {
|
|
mode = "bridge"
|
|
|
|
port "http" {
|
|
static = 9002
|
|
to = 9002
|
|
}
|
|
}
|
|
|
|
service {
|
|
name = "count-dashboard"
|
|
port = "9002"
|
|
|
|
connect {
|
|
sidecar_service {
|
|
proxy {
|
|
upstreams {
|
|
destination_name = "count-api"
|
|
local_bind_port = 8080
|
|
datacenter = "dc2"
|
|
local_bind_address = "127.0.0.1"
|
|
mesh_gateway {
|
|
mode = "local"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
task "dashboard" {
|
|
driver = "docker"
|
|
|
|
env {
|
|
COUNTING_SERVICE_URL = "http://${NOMAD_UPSTREAM_ADDR_count_api}"
|
|
}
|
|
|
|
config {
|
|
image = "hashicorpnomad/counter-dashboard:v3"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
```
|
|
|
|
## `upstreams` Parameters
|
|
|
|
- `destination_name` `(string: <required>)` - Name of the upstream service.
|
|
- `local_bind_port` - `(int: <required>)` - The port the proxy will receive
|
|
connections for the upstream on.
|
|
- `datacenter` `(string: "")` - The Consul datacenter in which to issue the
|
|
discovery query. Defaults to the empty string, which Consul interprets as the
|
|
local Consul datacenter.
|
|
- `local_bind_address` - `(string: "")` - The address the proxy will receive
|
|
connections for the upstream on.
|
|
- `mesh_gateway` <code>([mesh_gateway][mesh_gateway_param]: nil)</code> - Configures the mesh gateway
|
|
behavior for connecting to this upstream.
|
|
|
|
### `mesh_gateway` Parameters
|
|
|
|
- `mode` `(string: "default")` - The mode of operation in which to use [Connect Mesh Gateways][mesh_gateways]
|
|
Defaults to the mode as determined by the Consul [service-defaults][service_defaults_mode]
|
|
configuration for the service. Can be configured with the following modes:
|
|
- `local` - In this mode the Connect proxy makes its outbound connection to a
|
|
gateway running in the same datacenter. That gateway is then responsible for
|
|
ensuring the data gets forwarded along to gateways in the destination datacenter.
|
|
- `remote` - In this mode the Connect proxy makes its outbound connection to a
|
|
gateway running in the destination datacenter. That gateway will then forward
|
|
the data to the final destination service.
|
|
- `none` - In this mode, no gateway is used and a Connect proxy makes its
|
|
outbound connections directly to the destination services.
|
|
|
|
The `NOMAD_UPSTREAM_ADDR_<destination_name>` environment variables may be used
|
|
to interpolate the upstream's `host:port` address.
|
|
|
|
Applications are encouraged to connect to `127.0.0.1` and a well defined port
|
|
(eg 6379 for Redis) by default. Then when using Consul Connect the application
|
|
can be deployed with the Redis upstream's `local_bind_port = 6379` and require
|
|
no explicit configuration.
|
|
|
|
## `upstreams` Examples
|
|
|
|
The following example is an upstream config with the name of the destination service
|
|
and a local bind port.
|
|
|
|
```hcl
|
|
upstreams {
|
|
destination_name = "count-api"
|
|
local_bind_port = 8080
|
|
}
|
|
```
|
|
|
|
[job]: /docs/job-specification/job 'Nomad job Job Specification'
|
|
[group]: /docs/job-specification/group 'Nomad group Job Specification'
|
|
[task]: /docs/job-specification/task 'Nomad task Job Specification'
|
|
[interpolation]: /docs/runtime/interpolation 'Nomad interpolation'
|
|
[sidecar_service]: /docs/job-specification/sidecar_service 'Nomad sidecar service Specification'
|
|
[upstreams]: /docs/job-specification/upstreams 'Nomad upstream config Specification'
|
|
[service_defaults_mode]: https://www.consul.io/docs/connect/config-entries/service-defaults#meshgateway
|
|
[mesh_gateway_param]: /docs/job-specification/upstreams#mesh_gateway-parameters
|
|
[mesh_gateways]: https://www.consul.io/docs/connect/gateways/mesh-gateway#mesh-gateways
|