-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Task container port mapping #320
Comments
Is that server running on Docker as well? If so, what about creating a docker network for that http server and using the |
The server is running on k8s. I have the docker socket mounted inside to have access to docker API. |
And you can't access the service through its service endpoint? |
No, that would required a k8s service account which is too much of a risk we don't want to do that. |
I misinterpreted your reply. I can not access the service through the service endpoint because the container IP address is blocked by the cluster. |
I'm thinking we could go for this:
hc := container.HostConfig{
PublishAllPorts: true,
Mounts: mounts,
Resources: resources,
ExtraHosts: t.ExtraHosts,
} Task definition: name: Example
tasks:
- name: Example
extra_hosts:
- host.docker.internal:host-gateway
run: |
apk add curl
curl host.docker.internal:8080 > $TORK_OUTPUT
image: alpine:3.18.3 |
@runabol hi, any update on this? Maybe there is a quick fix to unblock on my end 🤔 |
I guess I still fail to understand why an (internal) service endpoint can't be used to solve your problem. Allowing tasks to interact with the host machine directly will potentially compromise the isolation of tasks and introduce security risks. |
mainly because I'm using tork in embedded mode. Worker has |
Have you considered implementing this using a middleware? |
Yeah, I made it work using middleware, letting the coordinator handle this and then pass results back to the task through ENVs. Thanks. |
Hi, I'm having a need for one of my tasks to connect to a http server running on the worker node (for my usecase, task containers are spawned from the worker dockerd deamon). To do this, I have thought of several ways:
-p 8080:8080
)host.docker.internal
hostname (--add-host=host.docker.internal:host-gateway
)--net=host
). This isn't a viable option for me due to security reason.I think port mapping could be the easiest to implement
The text was updated successfully, but these errors were encountered: