networking - Nomad 和端口映射

Question

Nomad 有三种不同的方式来映射端口:

组级下网络节

配置下的网络节 -> 资源级别

配置级别下的 port_map 节

有什么区别，什么时候应该使用哪个？

Answer 1

首先port_map isdeprecated ,
所以你不应该将它用作任务驱动程序配置的一部分。

Up until Nomad 0.12, ports could be specified in a task's resource stanza and setusing the docker port_map field. As more features have been added to the groupnetwork resource allocation, task based network resources are deprecated. With itthe port_map field is also deprecated and can only be used with task networkresources.

Users should migrate their jobs to define ports in the group network stanza andspecified which ports a task maps with the ports field.

port在 group network 节中定义了可用于识别
服务发现中的端口。此标签也用作环境变量名称的一部分
这表明您的应用程序应绑定(bind)到哪个端口。

ports在任务级别指定哪个 port从网络节应该是
在任务分配/容器中可用。来自 officialdocs

A Docker container typically specifies which port a service will listen on byspecifying the EXPOSE directive in the Dockerfile.

Because dynamic ports will not match the ports exposed in your Dockerfile, Nomadwill automatically expose any ports specified in the ports field.

TLDR；
所以只有一个正确的定义:

job "example" {
  group "example-group" {
    network {
      # Dynamic ports
      port "foo" {}
      port "bar" {}
      # Mapped ports
      port "http"  { to = 80 }
      port "https" { to = 443 }
      # Static ports
      port "lb" { static = 8080 }
    }

    task "task-1" {
      driver = "docker"
      config {

        ...
 
        ports = [
          "foo",
          "http",
        ]
      }
    }

    task "task-2" {
      driver = "docker"
      config {

        ...
 
        ports = [
          "bar",
          "https",
        ]
      }
    }

    task "task-3" {
      driver = "docker"
      config {

        ...
 
        ports = [
          "lb",
        ]
      }
    }
  }
}

考虑运行这种类型的作业文件(使用任何图像)。然后你会得到以下
后端和容器之间的端口映射:

for port in $(docker ps --format "{{.Ports}}"); do echo $port; done | grep tcp | cut -d':' -f 2

# Dynamic ports 'foo' and 'bar'
# 25968->25968/tcp,
# 29080->29080/tcp,

# Mapped ports 'http' and 'https'
# 29936->80/tcp,
# 20987->443/tcp,

# Static port 'lb'
# 8080->8080/tcp,

现在，如果你进入 task-1分配/容器并检查环境变量，然后你
如果您的任务需要与之通信，将能够获取分配端口的值
另一个。

env | grep NOMAD | grep PORT

# NOMAD_PORT_bar=29080
# NOMAD_HOST_PORT_bar=29080

# NOMAD_PORT_foo=25968
# NOMAD_HOST_PORT_foo=25968

# NOMAD_PORT_http=80
# NOMAD_HOST_PORT_http=29936

# NOMAD_PORT_https=443
# NOMAD_HOST_PORT_https=20987

# NOMAD_PORT_lb=8080
# NOMAD_HOST_PORT_lb=8080

为了使服务之间的通信更容易，最好使用服务
发现，例如 Consul (也来自 HashiCorp)并让你
生活更容易考虑某种负载平衡器，例如
Fabio或者
Traefik .这是 nice blogpost
来自 HashiCorp 的工程师关于它的信息。