Unable to put health check in task grouped with Consul Connect service. #7556
Comments
|
Hey @BenLuchterhand thanks for taking the time to report this! The ability to define service checks (and more generally, exposed paths) in Connect-enabled group-level services should be coming in Nomad v0.11 (soon!). The parent ticket tracking the effort is #6120. |
|
Awesome, thank you very much @shoenig! |
|
@shoenig I am playing around with the new Nomad 0.11 beta and I think I got it working based on other threads attached to the ticket you provided. Is there any way to append tags with this system to make it discoverable by Fabio? |
|
Hey @BenLuchterhand I just updated the docs with examples for exposing task-group service checks (no need to have the underlying Gathering what you have above, I suspect something like this should work job "example" {
datacenters = ["dc1"]
group "api" {
network {
mode = "bridge"
port "healthcheck" {
to = -1 # let the "exposed" port be dynamic, reference $NOMAD_PORT_healthcheck
}
}
service {
name = "api-frontend"
port = "5000" # useful only inside the network namespace, is what the task listens to
tags = ["urlprefix-/"]
connect {
sidecar_service {
proxy {
upstreams {
destination_name = "mongo-acc"
local_bind_port = 27017 # unrelated, mongo stuff
}
}
}
}
check {
type = "http"
name = "api-frontend-health"
port = "healthcheck" # the exposed port, used by Consul outside the network namespace
path = "/" # ideally only want to expose a minimal path, (e.g. /health)
expose = true # new!
interval = "30s"
timeout = "5s"
}
}
/* ... task ... */
}
}
I'm not quite sure what you mean, tags are a part of the service definition, and the checks are already inherently tied to those. |
|
That is perfect! Thank you so much! |
|
I am also having difficulty trying to get heath checks working on consul connected jobs on nomad 0.11.0. For anyone else struggling, I documented the one job that I did get working here https://discuss.hashicorp.com/t/consul-connect-with-health-checks/7591 I suspect there is a bug in the http check because I have several other jobs that should work, but as soon as I add the health check; consul connect stops working (despite the heath check being green). If I can get a reliably reproducible job I will open a new issue and link it here. |
|
I'm going to lock this issue because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active issues. |
I'm trying to load balance a simple API through Fabio. I had accomplished it simply by placing the right health check in the API's task stanza, but since I switched to using Consul Connect (and using a bridged network mode) I've had to move it all outside of the task causing both the Proxy and the API getting routed through Fabio.
Ideally I'd like to move the tag and implement a health check within the API task but I can't seem to do it without encountering the error I posted in the "Issue" section. This would prevent the proxy from also getting routed. Is there any way to do this or am I trying to do something impossible? I'm very new to this sort of development, I really appreciate your help and patience!
EDIT: The group I'm referring to is the "api" group about half way down the Job file.
Nomad version
Nomad v0.10.4 (f750636)
Issue
Placing the service and health check within the API task itself causes a "failed to create container: API error (400): conflicting options: port publishing and the container type network mode" error, so to route through Fabio I placed them where they are currently in the api group outside of the task.
Job file (if appropriate)
The text was updated successfully, but these errors were encountered: