jagedn
commented
4 months ago yes, good idea
Closed jagedn closed 4 months ago
jagedn
commented
4 months ago yes, good idea
abhi18av
commented
4 months ago Good then @jhaezebr , could you please setup HTTPS in the az-nomadlab setup? Then we can add then and test it immediately.
Also, quick reminder if you're going to change the terraform template, could you please make the manager node as a nomad server as well? This way we would not need to the SSH hopping for the portal.
jhaezebr
commented
4 months ago This would mean that the nomad cluster UI is open to the internet. Is that safe enough?
tomiles
commented
4 months ago Security wise I would not advise opening up the nomad server api ports. The added step to start an ssh tunnel isn't too much overhead during development. If the use case is automatic testing that can be managed by running a self-hosted runner since those only do outgoing long-poll requests over https and no incoming ports need to be opened.
abhi18av
commented
4 months ago Ah good point - then perhaps we can just
vnet and make use of policies to control the accessibility. vnet and remove the public access for unknown IPsIn case that's not secure or useful then please feel free to disagree and suggest what you feel is the best option, happy to go along with that 👍
The baseline idea is to have as less of a friction in dev-time iterations as possible :)
If you provide the
--secureargument when creating the local cluster the script will initialize it using ACLThe management token will be showed by console. You need to provide this token (i.e. NOMAD_TOKEN env) to run the pipeline