Fix Runner DNS resolution

by adding public nameservers to the CNI secure bridge configuration.

internal/environment/nomad_environment.go

@@ -8,6 +8,7 @@ import (
 	"github.com/google/uuid"
 	nomadApi "github.com/hashicorp/nomad/api"
 	"github.com/hashicorp/nomad/jobspec2"
+	"github.com/openHPI/poseidon/internal/config"
 	"github.com/openHPI/poseidon/internal/nomad"
 	"github.com/openHPI/poseidon/internal/runner"
 	"github.com/openHPI/poseidon/pkg/dto"
@@ -170,16 +171,7 @@ func (n *NomadEnvironment) SetNetworkAccess(allow bool, exposedPorts []uint16) {
 	}
 
 	if allow {
-		var networkResource *nomadApi.NetworkResource
-		if len(defaultTaskGroup.Networks) == 0 {
-			networkResource = &nomadApi.NetworkResource{}
-			defaultTaskGroup.Networks = []*nomadApi.NetworkResource{networkResource}
-		} else {
-			networkResource = defaultTaskGroup.Networks[0]
-		}
-		// Prefer "bridge" network over "host" to have an isolated network namespace with bridged interface
-		// instead of joining the host network namespace.
-		networkResource.Mode = "cni/secure-bridge"
+		networkResource := config.Config.Nomad.Network
 		for _, portNumber := range exposedPorts {
 			port := nomadApi.Port{
 				Label: strconv.FormatUint(uint64(portNumber), portNumberBase),
@@ -187,6 +179,11 @@ func (n *NomadEnvironment) SetNetworkAccess(allow bool, exposedPorts []uint16) {
 			}
 			networkResource.DynamicPorts = append(networkResource.DynamicPorts, port)
 		}
+		if len(defaultTaskGroup.Networks) == 0 {
+			defaultTaskGroup.Networks = []*nomadApi.NetworkResource{&networkResource}
+		} else {
+			defaultTaskGroup.Networks[0] = &networkResource
+		}
 
 		// Explicitly set mode to override existing settings when updating job from without to with network.
 		// Don't use bridge as it collides with the bridge mode above. This results in Docker using 'bridge'
@@ -332,12 +329,12 @@ func (n *NomadEnvironment) SetConfigFrom(environment runner.ExecutionEnvironment
 }
 
 func parseJob(jobHCL string) (*nomadApi.Job, error) {
-	config := jobspec2.ParseConfig{
+	jobConfig := jobspec2.ParseConfig{
 		Body:    []byte(jobHCL),
 		AllowFS: false,
 		Strict:  true,
 	}
-	job, err := jobspec2.ParseWithConfig(&config)
+	job, err := jobspec2.ParseWithConfig(&jobConfig)
 	if err != nil {
 		return job, fmt.Errorf("couldn't parse job HCL: %w", err)
 	}

internal/environment/nomad_environment_test.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	nomadApi "github.com/hashicorp/nomad/api"
+	"github.com/openHPI/poseidon/internal/config"
 	"github.com/openHPI/poseidon/internal/nomad"
 	"github.com/openHPI/poseidon/internal/runner"
 	"github.com/openHPI/poseidon/pkg/storage"
@@ -32,14 +33,14 @@ func (s *MainTestSuite) TestConfigureNetworkDoesNotCreateNewNetworkWhenNetworkEx
 	defaultTaskGroup := nomad.FindAndValidateDefaultTaskGroup(job)
 	environment := &NomadEnvironment{nil, "", job, nil, context.Background(), nil}
 
-	networkResource := &nomadApi.NetworkResource{Mode: "cni/secure-bridge"}
-	defaultTaskGroup.Networks = []*nomadApi.NetworkResource{networkResource}
+	networkResource := config.Config.Nomad.Network
+	defaultTaskGroup.Networks = []*nomadApi.NetworkResource{&networkResource}
 
 	if s.Equal(1, len(defaultTaskGroup.Networks)) {
 		environment.SetNetworkAccess(true, []uint16{})
 
 		s.Equal(1, len(defaultTaskGroup.Networks))
-		s.Equal(networkResource, defaultTaskGroup.Networks[0])
+		s.Equal(&networkResource, defaultTaskGroup.Networks[0])
 	}
 }
 
@@ -80,7 +81,7 @@ func (s *MainTestSuite) TestConfigureNetworkSetsCorrectValues() {
 			s.Require().Equal(1, len(testTaskGroup.Networks))
 
 			networkResource := testTaskGroup.Networks[0]
-			s.Equal("cni/secure-bridge", networkResource.Mode)
+			s.Equal(config.Config.Nomad.Network.Mode, networkResource.Mode)
 			s.Require().Equal(len(ports), len(networkResource.DynamicPorts))
 
 			assertExpectedPorts(s.T(), ports, networkResource)