游牧和端口映射 [英] Nomad and port mapping
问题描述
Nomad有三种不同的端口映射方式:
Nomad has three different ways to map ports:
- 组级别下的网络节
- 配置下的网络节->资源水平
- 配置级别下的port_map节
有什么区别,什么时候应该使用?
What is the difference and when I should use which?
推荐答案
-
首先是
port_map是因此您不应该将其用作任务驱动程序配置的一部分.First of all
port_mapis depricated, so you shouldn't be using that as part of task driver configuration.直到Nomad 0.12,可以在任务的资源节中指定和设置端口使用docker
port_map字段.随着更多功能添加到该组在网络资源分配中,不建议使用基于任务的网络资源.用它port_map字段也已弃用,只能与任务网络一起使用资源.Up until Nomad 0.12, ports could be specified in a task's resource stanza and set using the docker
port_mapfield. As more features have been added to the group network resource allocation, task based network resources are deprecated. With it theport_mapfield is also deprecated and can only be used with task network resources.用户应迁移其作业,以在组网络节和通过
ports字段指定任务映射的端口.Users should migrate their jobs to define ports in the group network stanza and specified which ports a task maps with the
portsfield. 组网络节中的-
port定义了可用于标识以下内容的标签:服务发现中的端口.此标签还用作环境变量名称的一部分指示您的应用程序应绑定到哪个端口. portin the group network stanza defines labels that can be used to identify the port in service discovery. This label is also used as apart of environment variable name that indicates which port your application should bind to.端口指定网络节中的哪个port在任务分配/容器内部可用.来自官方文档portsat the task level specifies whichportfrom network stanza should be available inside task allocation/container. From official docsDocker容器通常指定服务将通过哪个端口侦听在Dockerfile中指定EXPOSE指令.
A Docker container typically specifies which port a service will listen on by specifying the EXPOSE directive in the Dockerfile.
因为动态端口与Dockerfile中公开的端口不匹配,所以Nomad将自动显示在端口"字段中指定的所有端口.
Because dynamic ports will not match the ports exposed in your Dockerfile, Nomad will automatically expose any ports specified in the ports field.
因此只有一个正确的定义:
So there is only one correct definition:
job "example" { group "example-group" { network { # Dynamic ports port "foo" {} port "bar" {} # Mapped ports port "http" { to = 80 } port "https" { to = 443 } # Static ports port "lb" { static = 8080 } } task "task-1" { driver = "docker" config { ... ports = [ "foo", "http", ] } } task "task-2" { driver = "docker" config { ... ports = [ "bar", "https", ] } } task "task-3" { driver = "docker" config { ... ports = [ "lb", ] } } } }考虑运行此类作业文件(带有任何图像).然后您将获得以下内容后端和容器之间的端口映射:
Consider running this type of job file (with whatever images). Then you will get the following port mapping between a backend and containers:
for port in $(docker ps --format "{{.Ports}}"); do echo $port; done | grep tcp | cut -d':' -f 2 # Dynamic ports 'foo' and 'bar' # 25968->25968/tcp, # 29080->29080/tcp, # Mapped ports 'http' and 'https' # 29936->80/tcp, # 20987->443/tcp, # Static port 'lb' # 8080->8080/tcp,现在,如果您进入
task-1分配/容器并检查env变量,那么您如果您的任务需要与之通信,将能够获取分配的端口的值彼此.Now, if you get inside
task-1allocation/container and check env variables, then you would be able to get values for allocated ports if your tasks need to communicate with one another.env | grep NOMAD | grep PORT # NOMAD_PORT_bar=29080 # NOMAD_HOST_PORT_bar=29080 # NOMAD_PORT_foo=25968 # NOMAD_HOST_PORT_foo=25968 # NOMAD_PORT_http=80 # NOMAD_HOST_PORT_http=29936 # NOMAD_PORT_https=443 # NOMAD_HOST_PORT_https=20987 # NOMAD_PORT_lb=8080 # NOMAD_HOST_PORT_lb=8080为了使服务之间的通信更容易,最好使用服务发现,例如领事(同样来自Hashicorp),并让您生活更轻松,请考虑使用某种负载均衡器,例如 Fabio 或特拉菲克.这是一个不错的博客发布来自Hashicorp的工程师.
In order to make communication between services easier, it is better to use service discovery, e.g. Consul (also from Hashicorp) and to make you life even easier consider some sort of load balancer, e.g. Fabio or Traefik. Here is a nice blog post from Hashicorp's Engineer about it.
这篇关于游牧和端口映射的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
