Comments (11)
Is that server running on Docker as well? If so, what about creating a docker network for that http server and using the networks
property on the task (https://www.tork.run/rest-api)?
from tork.
The server is running on k8s. I have the docker socket mounted inside to have access to docker API.
from tork.
And you can't access the service through its service endpoint?
from tork.
No, that would required a k8s service account which is too much of a risk we don't want to do that.
from tork.
And you can't access the service through its service endpoint?
I misinterpreted your reply. I can not access the service through the service endpoint because the container IP address is blocked by the cluster.
from tork.
I'm thinking we could go for this:
- Add support for extra host config for tasks
- Add extra host if provided to
hostConfig
here https://github.com/runabol/tork/blob/main/runtime/docker/docker.go#L247
hc := container.HostConfig{
PublishAllPorts: true,
Mounts: mounts,
Resources: resources,
ExtraHosts: t.ExtraHosts,
}
Task definition:
name: Example
tasks:
- name: Example
extra_hosts:
- host.docker.internal:host-gateway
run: |
apk add curl
curl host.docker.internal:8080 > $TORK_OUTPUT
image: alpine:3.18.3
from tork.
@runabol hi, any update on this? Maybe there is a quick fix to unblock on my end 🤔
from tork.
I guess I still fail to understand why an (internal) service endpoint can't be used to solve your problem.
Allowing tasks to interact with the host machine directly will potentially compromise the isolation of tasks and introduce security risks.
from tork.
I guess I still fail to understand why an (internal) service endpoint can't be used to solve your problem.
Allowing tasks to interact with the host machine directly will potentially compromise the isolation of tasks and introduce security risks.
mainly because I'm using tork in embedded mode. Worker has /var/run/docker.sock
mounted inside, both coordinator & worker are deployed on a k8s cluster (same cluster with the internal service). This cluster only accept connections from the cluster IP range. In order for one of my worker node to reach this internal service, the cluster firewall rules need to be updated to allow new IP range, which is something I don't want to mess with.
from tork.
Have you considered implementing this using a middleware?
from tork.
Have you considered implementing this using a middleware?
Yeah, I made it work using middleware, letting the coordinator handle this and then pass results back to the task through ENVs. Thanks.
from tork.
Related Issues (20)
- [bug] entrypoint can't find script inside HOT 1
- RUNNING state change not shown on middleware HOT 1
- Pre/Post task evaluate issue when used with job middleware HOT 3
- Feature Request: support allowing custom headers in webhooks HOT 1
- feature request: Download all logs for a job HOT 6
- Option to delete old jobs HOT 2
- quality of life: when duplicate a job, don't redact environment variables in task if it inherit from input HOT 3
- Like how simple this application is. How to contribute? HOT 3
- Support of recurring jobs
- Passing in JSON through task output HOT 1
- request: make get log max page size configurable HOT 2
- request: disable logging HOT 11
- Tork worker inside script doesn't see host env vars HOT 8
- Setting task working dirs
- Kicking jobs off with arbitrary data HOT 2
- Setting job failed state in Job HandlerFunc HOT 2
- Jobs with Parallel, Each, and SubJobs HOT 1
- Custom Mounter for docker HOT 5
- Question: tork-coordinator behaviour HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tork.