You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This guide will walk you through creating and executing a job that will demonstrate Nomad's job anti-affinity rules and, in clusters with memory limited Nomad clients, filtering based resource exhaustion.
Sample Environment
One Nomad Server Node
Three Nomad Client Nodes
768 MB RAM total (providing 761 MB RAM in nomad node-status -self)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Pomerium is a potential implementation of a BeyondCorp architecture that is similar to ORY OathKeeper or GCP IAP. This architecture is a newer security model than traditional VPNs and allows you to guard your internal services while still having them be directly internet facing. This makes both your individual machine story much easier as well as your BYOD story.
Pomerium has several limitations that may make it unsuitable for your network.
In order to work with a consul service mesh you are limited to forward-auth mode. This has only limited upstream support and can be fiddly to get working due to questionable documentation surrounding it both with proxy implementations and with Pomerium itself.
Even though Pomerium isn't proxying the traffic, the policy that you can create is limited by what Envoy (which is vendored into Pomerium as a binary artifact...) is capable of matching. This is why Pomerium has a static port attached to its consul service registratio