You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently any services that require access to a node socket need a dedicated cardano node running along side it, such as db-sync & ogmios. It might be more efficient and also more fault tolerant to provide a consul connect service that exposes the socket of every node in the network at the same address.
It would look something like this:
node creates local unix socket
socat (or similar tool) sidecar exposes the socket on a local port
create a consul service to point at this port, all nodes use the same service name so they are pooled
set a consul connect sidecar to expose a load-balanced proxy to this service
any internal service that needs access to a socket (db-sync, etc) can read from this proxy to have HA access to the nodes in the network
So long as you don't expose the service to the outside world via traefik, it should be plenty secure and probably more robust, while also saving resource consumption of the additional companion nodes in the network.
There has also been some work in Nomad upstream to allow for a distinction between "liveness" and "readiness", so we could flesh this out further in the future by writing a "readiness" check for the node which ensures it isn't forked, etc before allowing it to be added to the Consul service pool.
The text was updated successfully, but these errors were encountered:
Currently any services that require access to a node socket need a dedicated cardano node running along side it, such as db-sync & ogmios. It might be more efficient and also more fault tolerant to provide a consul connect service that exposes the socket of every node in the network at the same address.
It would look something like this:
socat(or similar tool) sidecar exposes the socket on a local portSo long as you don't expose the service to the outside world via traefik, it should be plenty secure and probably more robust, while also saving resource consumption of the additional companion nodes in the network.
There has also been some work in Nomad upstream to allow for a distinction between "liveness" and "readiness", so we could flesh this out further in the future by writing a "readiness" check for the node which ensures it isn't forked, etc before allowing it to be added to the Consul service pool.
The text was updated successfully, but these errors were encountered: