With the version v0.10.0 of Nomad a very important new feature has landed, network namespaces. Network namespaces allows integration with Consul Connect and that allows you to connect to remote services without having to know their address and port. Plus some security stuff but I care more about my services working than being securely broken.

You can read more official information here:

• https://www.nomadproject.io/guides/integrations/consul-connect/index.html
• https://www.hashicorp.com/blog/hashicorp-nomad-0-10-beta/
• https://www.hashicorp.com/blog/consul-connect-integration-in-hashicorp-nomad/

Consul Connect in Nomad are called sidecars. However… sidecars are an advanced feature and the docs and examples are very confusing. At least I found them very confusing. So here is a slightly modified version of the example job file with lots of comments that hopefully explains how to use this great new feature.

more…

I also found the docs for consul connect to be confusing. They don't clearly differentiate the difference between the client and server proxy.

Some declarations that are worth stating explicitly:

• consul acl needs to be setup first, see consul acl for more info
• acl and intention are used somewhat interchangeably here
• client side consul connect proxies can only talk to other consul connect proxies
• client side consul connect proxies can not talk directly to a service
• the docs explaining -service vs -listen vs -upstream are terrible
• I'll use the term proxy to mean consul connect process
• the term service refers to the actual service (eg. redis)
• the term server proxy refers to the proxy that connects to a real service
• the term client proxy refers to the proxy that clients connect to

Having said all that, service mesh sounds like they're worth having.

Mitchell Hashimoto at least partly agrees with me.

more…

I found the otherwise great consul docs to be very obtuse and confusing and maybe even wrong.

I'm running these commands against my home setup which only has a single consul server. In a more realistic setup you'll need to duplicate the config changes on all your consul servers and then restart them one at a time.

Ran against consul 1.4.0

more…

Prometheus is really good at pulling metrics but it needs help if you want to test if a given host is up with a simple ping.

In this post I'll show you my config that gets a list of hosts from consul (plus some static hosts) and then ping them to monitor if they're up or not.

If a host goes down then fire an alert.

more…