-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for multiple network stanzas #11085
Comments
Hi @th0m and thanks so much for the information provided. I have been unable to find a workaround during my investigations and therefore will accept this as an enhancement to be roadmapped. Interestingly, the network block within the Nomad API is a list which means this example jobfile is valid and registers correctly with Nomad. Example Job
When creating the network, however, the first element is only ever interrogated which results in only vlan1 being added to the container network. For future readers the two following CNI configuration files can be placed within vlan1.conflist
vlan2.conflist
|
Thank you @jrasell. |
Just a note here that the multi-interface in a pod can be done in Kubernetes by using Multus CNI that is essentially a meta-plugin calling other CNI plugins. Anyway, I do believe the right place and way to implement support in Nomad is what @jrasell described in their comment. |
Hi @jrasell, I just noticed this was removed from "Needs Roadmapping", does this mean this will not be worked on internally? |
Hi @th0m! The issue was moved to our internal "unified backlog" (which unfortunately isn't public), but just FYI it's not on our highest priority queue for near-term work. |
Hi @tgross, sounds good, thanks for the quick response! |
Hi, just wondering if this is something that will be supported upstream at some point? We have an internal patch for it that is not really upstreamable and we'd love to replace it with an upstream solution. |
Hello @th0m , I also need a container in nomad with 2 interfaces on different networks. In my case I am using ipvlan and not vlan. Here is the workaround I am working on, first, instead of having multiple network stanzas in my nomad job definition, I have multiple interfaces defined in my /opt/cni/somefile.confist :
Now it turns out that the 'type' in this definition is directly mapped to /opt/cni/bin/ The contents of /opt/cni/bin/ipvlan are an elf binary I downloaded during setup. The contents of ipvlan1 are the following :
Turns out Nomad actually handles multiple interfaces, except it always sends 'eth0' as the CNI_IFNAME when invoking the CNI scripts. So I added this intermediate that overrides it and sets it to eth1 instead. With this, I was able to successfully start in Nomad 2 interfaces :
In my test lab, it works in that I see both interfaces. I have not tested any traffic yet. You'll notice that they have the same MAC, I assume this is because they are on the same bridge in my setup. Can you give this work around a try and see if it works for your case? David // failed to setup alloc: pre-run hook "network" failed: failed to configure networking for alloc: failed to configure network: plugin type="ipvlan" failed (add): failed to rename ipvlan to "eth0": file exists |
Hi all 👋 I don't have any updates on this, but just want to note that this feature request has also been proposed in #13824. |
This seems like one of the cleaner solutions to the problems I raised in #13824 @lgfa29; where jobs could be launched into the default network when a group is first using nomad, and then later more advanced network solutions could be enabled and gradually adopted. Other solutions seem to involve a flag day or other big-bang cutover, and having run those at several companies now they're pretty painful. |
Good point! It's a useful feature on it's on, but it can also be helpful on progressive adoption of new network configs, which, as you mentioned, is always nicer than having to do it all at once. |
Hello, I am one of the contained/cni maintainers. I have started work on executing multiple cni network configurations in go-cni and containerd (cri plugin). This might be of use for Nomad. |
@MikeZappa87 is there a repository with some piece of code ? |
Any updates on this feature request? |
Hi @jbilbro 👋 No updates yet, we will let you all know in case there are updates. If you haven't already, I would suggest giving this issue a 👍 to help us gauge interest. Thank you! |
Proposal
Sorry if I missed an existing issue for this, I have looked but couldn't find any.
I'd like to be able to define more than one network in my Nomad job file.
This could look like the following:
manynetworks.hcl
Use-cases
I have software that listens on multiple interfaces in different vlans.
I am using CNI to set up those interfaces but currently I am limited to a single interface.
/etc/cni/net.d/vlan1.conflist
/etc/cni/net.d/vlan2.conflist
The end result I am looking for in the container is
Attempted Solutions
I have tried to solve this on CNI end by adding more than one plugin to my network.
/etc/cni/net.d/vlan1and2.conflist
But this does not work because the resulting
ifName
interface name iseth0
for both and the second interface therefore fails to create.This is due to the fact the index following
CNIInterfacePrefix
is per CNI network, not per plugin.https://github.com/hashicorp/nomad/blob/main/client/config/config.go#L242-L243
Alternatively I can use the
macvlan
CNI plugin and defer creating the vlan interfaces inside the container but that requiresCAP_NET_ADMIN
privileges which I'd rather drop.Also alternatively I could spin up as many tasks as I need vlans but I'd rather keep everything in one as it makes everything simpler.
Let me know if you are planning on supporting multiple network stanzas at some point or if you can think of another way to solve this.
Thank you!
The text was updated successfully, but these errors were encountered: