github.com/Ilhicas/nomad@v1.0.4-0.20210304152020-e86851182bc3/website/content/docs/job-specification/expose.mdx (about)

     1  ---
     2  layout: docs
     3  page_title: expose Stanza - Job Specification
     4  sidebar_title: expose
     5  description: |-
     6    The "expose" stanza allows specifying options for configuring Envoy expose
     7    paths used in Consul Connect integration
     8  ---
     9  
    10  # `expose` Stanza
    11  
    12  <Placement
    13    groups={[
    14      'job',
    15      'group',
    16      'service',
    17      'connect',
    18      'sidecar_service',
    19      'proxy',
    20      'expose',
    21    ]}
    22  />
    23  
    24  The `expose` stanza allows configuration of additional listeners for the default
    25  Envoy sidecar proxy managed by Nomad for [Consul Connect][learn-consul-connect].
    26  These listeners create a bypass of the Connect TLS and network namespace
    27  isolation, enabling non-Connect enabled services to make requests to specific
    28  HTTP paths through the sidecar proxy.
    29  
    30  The `expose` configuration is valid within the context of a `proxy` stanza.
    31  Additional information about Expose Path configurations for Envoy can be found
    32  in Consul's [Expose Paths Configuration Reference][consul-expose-path-config].
    33  
    34  Service [check][] configurations can use their [expose][] parameter to
    35  automatically generate expose path configurations for HTTP and gRPC checks.
    36  
    37  ```hcl
    38  job "expose-check-example" {
    39    datacenters = ["dc1"]
    40  
    41    group "api" {
    42      network {
    43        mode = "bridge"
    44      }
    45  
    46      service {
    47        name = "count-api"
    48        port = "9001"
    49  
    50        connect {
    51          sidecar_service {}
    52        }
    53  
    54        check {
    55          expose   = true
    56          name     = "api-health"
    57          type     = "http"
    58          path     = "/health"
    59          interval = "10s"
    60          timeout  = "3s"
    61        }
    62      }
    63  
    64      task "web" {
    65        driver = "docker"
    66  
    67        config {
    68          image = "hashicorpnomad/counter-api:v3"
    69        }
    70      }
    71    }
    72  }
    73  ```
    74  
    75  For uses other than Consul service checks, use the `expose` configuration in the
    76  `proxy` stanza. The example below effectively demonstrates exposing the
    77  `/health` endpoint similar to the example above, but using the fully flexible
    78  `expose` configuration.
    79  
    80  ```hcl
    81  job "expose-example" {
    82    datacenters = ["dc1"]
    83  
    84    group "api" {
    85      network {
    86        mode = "bridge"
    87  
    88        port "api_expose_healthcheck" {
    89          to = -1
    90        }
    91      }
    92  
    93      service {
    94        name = "count-api"
    95        port = "9001"
    96  
    97        connect {
    98          sidecar_service {
    99            proxy {
   100              expose {
   101                path {
   102                  path            = "/health"
   103                  protocol        = "http"
   104                  local_path_port = 9001
   105                  listener_port   = "api_expose_healthcheck"
   106                }
   107              }
   108            }
   109          }
   110        }
   111  
   112        check {
   113          name     = "api-health"
   114          type     = "http"
   115          path     = "/health"
   116          port     = "api_expose_healthcheck"
   117          interval = "10s"
   118          timeout  = "3s"
   119        }
   120      }
   121  
   122      task "web" {
   123        driver = "docker"
   124  
   125        config {
   126          image = "hashicorpnomad/counter-api:v3"
   127        }
   128  
   129        # e.g. reference ${NOMAD_PORT_api_expose_healthcheck} for other uses
   130      }
   131    }
   132  }
   133  ```
   134  
   135  ## `expose` Parameters
   136  
   137  - `path` <code>([Path]: nil)</code> - A list of [Envoy Expose Path Configurations][expose_path]
   138    to expose through Envoy.
   139  
   140  ### `path` Parameters
   141  
   142  - `path` `(string: required)` - The HTTP or gRPC path to expose. The path must be prefixed
   143    with a slash.
   144  
   145  - `protocol` `(string: required)` - Sets the protocol of the listener. Must be
   146    `http` or `http2`. For gRPC use `http2`.
   147  
   148  - `local_path_port` `(int: required)` - The port the service is listening to for connections to
   149    the configured `path`. Typically this will be the same as the `service.port` value, but
   150    could be different if for example the exposed path is intended to resolve to another task
   151    in the task group.
   152  
   153  - `listener_port` <code>([Port]: required)</code> - The name of the port to use
   154    for the exposed listener. The port should be configured to [map inside][network-to]
   155    the task's network namespace.
   156  
   157  ## `expose` Examples
   158  
   159  The following example is configured to expose the `/metrics` endpoint of the
   160  Connect-enabled `count-dashboard` service, using the `HTTP` protocol.
   161  `count-dashboard` is expected to listen inside its namespace to port `9001`, and
   162  external services will be able to reach its `/metrics` endpoint by connecting to
   163  the [network interface][network_interface] of the node on the allocated
   164  `metrics` [Port][].
   165  
   166  ```hcl
   167  service {
   168    name = "count-dashboard"
   169    port = "9001"
   170  
   171    connect {
   172      sidecar_service {
   173        proxy {
   174          expose {
   175            path {
   176              path            = "/metrics"
   177              protocol        = "http"
   178              local_path_port = 9001
   179              listener_port   = "metrics"
   180            }
   181          }
   182        }
   183      }
   184    }
   185  }
   186  ```
   187  
   188  ## `path` Examples
   189  
   190  The following example is an expose configuration that exposes a `/metrics`
   191  endpoint using the `http2` protocol (typical for gRPC), and an HTTP `/v2/health`
   192  endpoint.
   193  
   194  ```hcl
   195  proxy {
   196    expose {
   197      path {
   198        path            = "/metrics"
   199        protocol        = "http2"
   200        local_path_port = 9001
   201        listener_port   = "expose"
   202      }
   203      path {
   204        path            = "/v2/health"
   205        protocol        = "http"
   206        local_path_port = 9001
   207        listener_port   = "expose"
   208      }
   209    }
   210  }
   211  ```
   212  
   213  ### Exposing Service Checks
   214  
   215  A common use case for `expose` is for exposing endpoints used in Consul service
   216  check definitions. For these cases the [expose][] parameter in the service check
   217  stanza can be used to automatically generate the expose path configuration.
   218  Configuring a port for use by the check is optional, as a dynamic port will be
   219  automatically generated if not provided.
   220  
   221  ```hcl
   222  check {
   223    expose   = true
   224    type     = "http"
   225    name     = "dashboard-health"
   226    path     = "/health"
   227    interval = "10s"
   228    timeout  = "3s"
   229  }
   230  ```
   231  
   232  [network-to]: /docs/job-specification/network#to
   233  [consul-expose-path-config]: https://www.consul.io/docs/connect/registration/service-registration#expose-paths-configuration-reference
   234  [expose-path]: /docs/job-specification/expose#path-1
   235  [expose]: /docs/job-specification/service#expose
   236  [path]: /docs/job-specification/expose#path-parameters 'Nomad Expose Path Parameters'
   237  [port]: /docs/job-specification/network#port-parameters 'Nomad Port Parameters'
   238  [network_interface]: /docs/configuration/client#network_interface
   239  [learn-consul-connect]: https://learn.hashicorp.com/tutorials/nomad/consul-service-mesh
   240  [check]: /docs/job-specification/service#check-parameters