From 3d395f0a3829615bf635b609af19bbe1f07601a5 Mon Sep 17 00:00:00 2001 From: sirkrypt0 <22522058+sirkrypt0@users.noreply.github.com> Date: Tue, 25 May 2021 12:38:12 +0200 Subject: [PATCH] Set network_mode to bridge to overwrite old setting Previously, the network_mode was only set when creating a job with network_access = false. This results in Nomad leaving this setting as is when updating the job to use network. Thus a job would have had the mapped ports in the Nomad UI, but the Docker network_mode would still be 'none'. --- environment/job.go | 13 ++++++++++--- environment/job_test.go | 3 ++- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/environment/job.go b/environment/job.go index d274669..c45659f 100644 --- a/environment/job.go +++ b/environment/job.go @@ -93,6 +93,10 @@ func configureNetwork(taskGroup *nomadApi.TaskGroup, networkAccess bool, exposed } task := taskGroup.Tasks[0] + if task.Config == nil { + task.Config = make(map[string]interface{}) + } + if networkAccess { var networkResource *nomadApi.NetworkResource if len(taskGroup.Networks) == 0 { @@ -111,12 +115,15 @@ func configureNetwork(taskGroup *nomadApi.TaskGroup, networkAccess bool, exposed } networkResource.DynamicPorts = append(networkResource.DynamicPorts, port) } + + // Explicitly set mode to override existing settings when updating job from without to with network. + // Don't use bridge as it collides with the bridge mode above. This results in Docker using 'bridge' + // mode, meaning all allocations will be attached to the `docker0` adapter and could reach other + // non-Nomad containers attached to it. This is avoided when using Nomads bridge network mode. + task.Config["network_mode"] = "" } else { // Somehow, we can't set the network mode to none in the NetworkResource on task group level. // See https://github.com/hashicorp/nomad/issues/10540 - if task.Config == nil { - task.Config = make(map[string]interface{}) - } task.Config["network_mode"] = "none" } } diff --git a/environment/job_test.go b/environment/job_test.go index 01f271f..35f2a67 100644 --- a/environment/job_test.go +++ b/environment/job_test.go @@ -192,7 +192,8 @@ func TestConfigureNetworkSetsCorrectValues(t *testing.T) { } mode, ok := testTask.Config["network_mode"] - assert.False(t, ok && mode == "none") + assert.True(t, ok) + assert.Equal(t, mode, "") } }) }