The connect stanza allows configuring various options for
Consul Connect. It is
valid only within the context of a service definition at the task group
level. For using connect when Consul ACLs are enabled, be sure to read through
the Secure Nomad Jobs with Consul Connect
guide.
job "countdash"{datacenters=["dc1"]
group "api"{network{mode="bridge"}service{name="count-api"port="9001"connect{sidecar_service{}}}
task "web"{driver="docker"config{image="hashicorpnomad/counter-api:v3"}}}}
job "countdash"{datacenters=["dc1"] group "api"{network{mode="bridge"}service{name="count-api"port="9001"connect{sidecar_service{}}} task "web"{driver="docker"config{image="hashicorpnomad/counter-api:v3"}}}}
The following example is a minimal connect stanza with defaults and is
sufficient to start an Envoy proxy sidecar for allowing incoming connections
via Consul Connect.
connect{sidecar_service{}}
connect{sidecar_service{}}
The following example includes specifying upstreams.
The following is the complete countdash example. It includes an API service
and a frontend Dashboard service which connects to the API service as a Connect
upstream. Once running, the dashboard is accessible at localhost:9002.
job "countdash"{datacenters=["dc1"]
group "api"{network{mode="bridge"}service{name="count-api"port="9001"connect{sidecar_service{}}check{expose=truetype="http"name="api-health"path="/health"interval="10s"timeout="3s"}}
task "web"{driver="docker"config{image="hashicorpnomad/counter-api:v3"}}}
group "dashboard"{network{mode="bridge"
port "http"{static=9002to=9002}}service{name="count-dashboard"port="9002"connect{sidecar_service{proxy{upstreams{destination_name="count-api"local_bind_port=8080}}}}}
task "dashboard"{driver="docker"env{COUNTING_SERVICE_URL="http://${NOMAD_UPSTREAM_ADDR_count_api}"}config{image="hashicorpnomad/counter-dashboard:v3"}}}}
job "countdash"{datacenters=["dc1"] group "api"{network{mode="bridge"}service{name="count-api"port="9001"connect{sidecar_service{}}check{expose=truetype="http"name="api-health"path="/health"interval="10s"timeout="3s"}} task "web"{driver="docker"config{image="hashicorpnomad/counter-api:v3"}}} group "dashboard"{network{mode="bridge" port "http"{static=9002to=9002}}service{name="count-dashboard"port="9002"connect{sidecar_service{proxy{upstreams{destination_name="count-api"local_bind_port=8080}}}}} task "dashboard"{driver="docker"env{COUNTING_SERVICE_URL="http://${NOMAD_UPSTREAM_ADDR_count_api}"}config{image="hashicorpnomad/counter-dashboard:v3"}}}}
The following is an example service stanza for creating and using a connect ingress
gateway. It includes a gateway service definition and an api service fronted by
the gateway. Once running, the gateway can be used to reach the api service by first
looking up the gateway Consul DNS address, e.g.
job "ingress-demo"{datacenters=["dc1"]
group "ingress-group"{network{mode="bridge"
port "inbound"{static=8080to=8080}}service{name="my-ingress-service"port="8080"connect{gateway{ingress{listener{port=8080protocol="tcp"service{name="uuid-api"}}}}}}}}
job "ingress-demo"{datacenters=["dc1"] group "ingress-group"{network{mode="bridge" port "inbound"{static=8080to=8080}}service{name="my-ingress-service"port="8080"connect{gateway{ingress{listener{port=8080protocol="tcp"service{name="uuid-api"}}}}}}}}