network: expose network namespace configured IP to task env #11340
Assignees
Labels
stage/accepted
Confirmed, and intend to work on. No timeline committment though.
theme/networking
type/enhancement
Projects
Comments
jrasell
added
type/enhancement
theme/networking
stage/accepted
jrasell
moved this from Needs Triage
to Needs Roadmapping
in Nomad - Community Issues Triage
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When utilising the Nomad network stanza and specifically
mode = bridge, Nomad will create a network namespace and have CNI configure the namespace with a private IP address according to the configuration within networking_bridge_linux. This IP is the only address, alongside the loopback which is configured in the network namespace.Applications that cluster together, such as Vault utilising Raft storage require exposing an IP that other members can connect to for RPC. Due to its nature, this IP must be routable from outside the container.
Nomad does not expose the configured IP to the task and therefore it is up to the task to figure out what IP address it must configure for binding and exposure. This is possible if the application utilises go-sockaddr, but this is a specific requirement that not even Vault can realise currently (Vault pr hashicorp/vault#9109).
Nomad should be enhanced so that any configured CNI address is exposed to the task as an environment variable in the same manner that
NOMAD_HOST_,NOMAD_ADDR_, andNOMAD_IP_variables are exposed. This would then allow tasks to read this variable in using Nomad interpolation or template stanzas.The text was updated successfully, but these errors were encountered: