Reputation: 974
is it possible to bind consul connect upstreams to another interface besides 127.0.0.1
loopback?
Consul Connect - Nomad This article says you can run the connect proxy within the official Docker container but then there is an issue where the upstream dependencies can't be exposed. Running the raw_exec
version I see the upstreams available on the host machine 127.0.0.1. But if i run the same config within a container other containers can't connect to those ports.
Example configuration:
task "proxy" {
driver = "docker"
config {
image = "consul:1.4.0"
force_pull = true
network_mode = "host"
args = [
"connect", "proxy",
"-service", "api",
"-log-level", "debug",
"-upstream", "upstream:${NOMAD_PORT_tcp}"
]
}
env {
"CONSUL_HTTP_ADDR" = "${NOMAD_IP_tcp}:8500"
}
resources {
network {
port "tcp" {}
}
}
}
In this configuration the service called upstream is only available if you sh
into the container itself and check with netcat
. Is there a way to force Consul Connect to bind the upstream service to 0.0.0.0
so it can be exposed on the local Docker network?
Upvotes: 1
Views: 528
Reputation: 974
The trick here was to use network_mode = "host"
for both the sidecar container and any other containers that want to utilize the sidecar. The host Docker network makes this possible:
"RABBITMQ_HOST" = "localhost"
"RABBITMQ_PORT" = "${NOMAD_PORT_proxy_rabbitmq}"
since the Consul Connect sidecar is binding all upstreams to localhost
and the Docker host
network exposes all ports within a container as if the container was running as a raw process on the host machine.
Upvotes: 1