htwkmooc/poseidon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add cni/secure-bridge to isolate host network

Browse Source
This commit is contained in:
Sebastian Serth
2022-09-09 00:35:37 +02:00
parent 1df9701a74
commit d372e37d1a
7 changed files with 191 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
internal/environment/nomad_environment.go
View File

@ -177,7 +177,7 @@ func (n *NomadEnvironment) SetNetworkAccess(allow bool, exposedPorts []uint16) {
}
// Prefer "bridge" network over "host" to have an isolated network namespace with bridged interface
// instead of joining the host network namespace.
networkResource.Mode = "bridge"
networkResource.Mode = "cni/secure-bridge"
for _, portNumber := range exposedPorts {
port := nomadApi.Port{
Label: strconv.FormatUint(uint64(portNumber), portNumberBase),

4
internal/environment/nomad_environment_test.go
View File

@ -32,7 +32,7 @@ func TestConfigureNetworkDoesNotCreateNewNetworkWhenNetworkExists(t *testing.T)
defaultTaskGroup := nomad.FindAndValidateDefaultTaskGroup(job)
environment := &NomadEnvironment{nil, "", job, nil}
networkResource := &nomadApi.NetworkResource{Mode: "bridge"}
networkResource := &nomadApi.NetworkResource{Mode: "cni/secure-bridge"}
defaultTaskGroup.Networks = []*nomadApi.NetworkResource{networkResource}
if assert.Equal(t, 1, len(defaultTaskGroup.Networks)) {
@ -80,7 +80,7 @@ func TestConfigureNetworkSetsCorrectValues(t *testing.T) {
require.Equal(t, 1, len(testTaskGroup.Networks))
networkResource := testTaskGroup.Networks[0]
assert.Equal(t, "bridge", networkResource.Mode)
assert.Equal(t, "cni/secure-bridge", networkResource.Mode)
require.Equal(t, len(ports), len(networkResource.DynamicPorts))
assertExpectedPorts(t, ports, networkResource)