github.com/iqoqo/nomad@v0.11.3-0.20200911112621-d7021c74d101/website/pages/docs/job-specification/network.mdx (about) 1 --- 2 layout: docs 3 page_title: network Stanza - Job Specification 4 sidebar_title: network 5 description: |- 6 The "network" stanza specifies the networking requirements for the task, 7 including the minimum bandwidth and port allocations. The network stanza 8 can be specified at the task group level to enable all tasks in the task 9 group to share the same network namespace. 10 --- 11 12 # `network` Stanza 13 14 <Placement 15 groups={[ 16 ['job', 'group', 'network'], 17 ['job', 'group', 'task', 'resources', 'network'] 18 ]} 19 /> 20 21 The `network` stanza specifies the networking requirements for the task, 22 including the minimum bandwidth and port allocations. When scheduling jobs in 23 Nomad they are provisioned across your fleet of machines along with other jobs 24 and services. Because you don't know in advance what host your job will be 25 provisioned on, Nomad will provide your tasks with network configuration when 26 they start up. 27 28 Nomad 0.10 enables support for the `network` stanza at the task group level. When 29 the `network` stanza is defined at the group level with `bridge` as the networking mode, 30 all tasks in the task group share the same network namespace. This is a prerequisite for 31 [Consul Connect](/docs/integrations/consul-connect). Tasks running within a 32 network namespace are not visible to applications outside the namespace on the same host. 33 This allows [Connect][] enabled applications to bind only to localhost within the shared network stack, 34 and use the proxy for ingress and egress traffic. 35 36 Note that this document only applies to services that want to _listen_ on a 37 port. Batch jobs or services that only make outbound connections do not need to 38 allocate ports, since they will use any available interface to make an outbound 39 connection. 40 41 ```hcl 42 job "docs" { 43 group "example" { 44 task "server" { 45 resources { 46 network { 47 mbits = 200 48 port "http" {} 49 port "https" {} 50 port "lb" { 51 static = "8889" 52 } 53 } 54 } 55 } 56 } 57 } 58 ``` 59 60 ## `network` Parameters 61 62 - `mbits` `(int: 10)` - Specifies the bandwidth required in MBits. 63 64 - `port` <code>([Port](#port-parameters): nil)</code> - Specifies a TCP/UDP port 65 allocation and can be used to specify both dynamic ports and reserved ports. 66 67 - `mode` `(string: "host")` - Mode of the network. The following modes are available: 68 69 - `none` - Task group will have an isolated network without any network interfaces. 70 - `bridge` - Task group will have an isolated network namespace with an interface 71 that is bridged with the host. Note that bridge networking is only 72 currently supported for the `docker`, `exec`, `raw_exec`, and `java` task 73 drivers. 74 - `host` - Each task will join the host network namespace and a shared network 75 namespace is not created. This matches the current behavior in Nomad 0.9. 76 77 ### `port` Parameters 78 79 - `static` `(int: nil)` - Specifies the static TCP/UDP port to allocate. If omitted, a dynamic port is chosen. We **do not recommend** using static ports, except 80 for `system` or specialized jobs like load balancers. 81 - `to` `(string:nil)` - Applicable when using "bridge" mode to configure port 82 to map to inside the task's network namespace. `-1` sets the mapped port equal to the dynamic port allocated by the scheduler. The `NOMAD_PORT_<label>` environment variable will contain the `to` value. 83 84 The label assigned to the port is used to identify the port in service 85 discovery, and used in the name of the environment variable that indicates 86 which port your application should bind to. For example: 87 88 ```hcl 89 port "foo" {} 90 ``` 91 92 When the task starts, it will be passed the following environment variables: 93 94 - <tt>NOMAD_IP_foo</tt> - The IP to bind on for the given port label. 95 - <tt>NOMAD_PORT_foo</tt> - The port value for the given port label. 96 - <tt>NOMAD_ADDR_foo</tt> - A combined 97 <tt>ip:port</tt> that can be used for convenience. 98 99 The label of the port is just text - it has no special meaning to Nomad. 100 101 ## `network` Examples 102 103 The following examples only show the `network` stanzas. Remember that the 104 `network` stanza is only valid in the placements listed above. 105 106 ### Bandwidth 107 108 This example specifies a resource requirement of 1 Gbit in bandwidth: 109 110 ```hcl 111 network { 112 mbits = 1000 113 } 114 ``` 115 116 ### Dynamic Ports 117 118 This example specifies a dynamic port allocation for the port labeled "http". 119 Dynamic ports are allocated in a range from `20000` to `32000`. 120 121 Most services run in your cluster should use dynamic ports. This means that the 122 port will be allocated dynamically by the scheduler, and your service will have 123 to read an environment variable to know which port to bind to at startup. 124 125 ```hcl 126 task "example" { 127 resources { 128 network { 129 port "http" {} 130 port "https" {} 131 } 132 } 133 } 134 ``` 135 136 ```hcl 137 network { 138 port "http" {} 139 } 140 ``` 141 142 ### Static Ports 143 144 This example specifies a static port allocation for the port labeled "lb". Static 145 ports bind your job to a specific port on the host they' are placed on. Since 146 multiple services cannot share a port, the port must be open in order to place 147 your task. 148 149 ```hcl 150 network { 151 port "lb" { 152 static = 6539 153 } 154 } 155 ``` 156 157 ### Mapped Ports 158 159 Some drivers (such as [Docker][docker-driver] and [QEMU][qemu-driver]) allow you 160 to map ports. A mapped port means that your application can listen on a fixed 161 port (it does not need to read the environment variable) and the dynamic port 162 will be mapped to the port in your container or virtual machine. 163 164 ```hcl 165 task "example" { 166 driver = "docker" 167 168 config { 169 port_map = { 170 http = 8080 171 } 172 } 173 174 resources { 175 network { 176 port "http" {} 177 } 178 } 179 } 180 ``` 181 182 The above example is for the Docker driver. The service is listening on port 183 `8080` inside the container. The driver will automatically map the dynamic port 184 to this service. 185 186 When the task is started, it is passed an additional environment variable named 187 `NOMAD_HOST_PORT_http` which indicates the host port that the HTTP service is 188 bound to. 189 190 ### Bridge Mode 191 192 The following example is a group level network stanza that uses bridge mode 193 and port mapping. 194 195 ```hcl 196 network { 197 mode = "bridge" 198 port "http" { 199 static = 9002 200 to = 9002 201 } 202 } 203 ``` 204 205 ### Limitations 206 207 - Only one `network` stanza can be specified, when it is defined at the task group level. 208 - Only the `NOMAD_PORT_<label>` and `NOMAD_HOST_PORT_<label>` environment 209 variables are set for group network ports. 210 211 [docker-driver]: /docs/drivers/docker 'Nomad Docker Driver' 212 [qemu-driver]: /docs/drivers/qemu 'Nomad QEMU Driver' 213 [connect]: /docs/job-specification/connect 'Nomad Consul Connect Integration'