diff --git a/command/agent/agent.go b/command/agent/agent.go
index 45007fa5c..1e381b4fb 100644
--- a/command/agent/agent.go
+++ b/command/agent/agent.go
@@ -632,6 +632,7 @@ func convertClientConfig(agentConfig *Config) (*clientconfig.Config, error) {
// Setup networking configuration
conf.CNIPath = agentConfig.Client.CNIPath
+ conf.CNIConfigDir = agentConfig.Client.CNIConfigDir
conf.BridgeNetworkName = agentConfig.Client.BridgeNetworkName
conf.BridgeNetworkAllocSubnet = agentConfig.Client.BridgeNetworkSubnet
diff --git a/command/agent/config.go b/command/agent/config.go
index fae4e3a6e..eb1539bcb 100644
--- a/command/agent/config.go
+++ b/command/agent/config.go
@@ -277,6 +277,10 @@ type ClientConfig struct {
// specified colon delimited
CNIPath string `hcl:"cni_path"`
+ // CNIConfigDir is the directory where CNI network configuration is located. The
+ // client will use this path when fingerprinting CNI networks.
+ CNIConfigDir string `hcl:"cni_config_dir"`
+
// BridgeNetworkName is the name of the bridge to create when using the
// bridge network mode
BridgeNetworkName string `hcl:"bridge_network_name"`
@@ -1535,6 +1539,9 @@ func (a *ClientConfig) Merge(b *ClientConfig) *ClientConfig {
if b.CNIPath != "" {
result.CNIPath = b.CNIPath
}
+ if b.CNIConfigDir != "" {
+ result.CNIConfigDir = b.CNIConfigDir
+ }
if b.BridgeNetworkName != "" {
result.BridgeNetworkName = b.BridgeNetworkName
}
diff --git a/website/pages/api-docs/nodes.mdx b/website/pages/api-docs/nodes.mdx
index 3ff11dd0b..814687d99 100644
--- a/website/pages/api-docs/nodes.mdx
+++ b/website/pages/api-docs/nodes.mdx
@@ -320,6 +320,22 @@ $ curl \
"Mode": "",
"ReservedPorts": null
}
+ ],
+ "NodeNetworks": [
+ {
+ "Addresses": [
+ {
+ "Address": "127.0.0.1",
+ "Alias": "default",
+ "Family": "ipv4",
+ "Gateway": "",
+ "ReservedPorts": ""
+ }
+ ],
+ "Device": "lo",
+ "MacAddress": "00:00:00:00:00:00",
+ "Mode": "host",
+ }
]
},
"Reserved": {
diff --git a/website/pages/docs/configuration/client.mdx b/website/pages/docs/configuration/client.mdx
index aa81a1aef..64f693a45 100644
--- a/website/pages/docs/configuration/client.mdx
+++ b/website/pages/docs/configuration/client.mdx
@@ -137,6 +137,9 @@ driver) but will be removed in a future release.
CNI plugin discovery. Multiple paths can be searched using colon delimited
paths
+- `cni_config_dir` `(string: "/opt/cni/config")` - Sets the directory where CNI
+ network configuration is located. The client will use this path when fingerprinting CNI networks.
+
- `bridge_network name` `(string: "nomad")` - Sets the name of the bridge to be
created by nomad for allocations running with bridge networking mode on the
client.
@@ -151,6 +154,9 @@ driver) but will be removed in a future release.
- `host_volume` ([host_volume](#host_volume-stanza): nil) - Exposes
paths from the host as volumes that can be mounted into jobs.
+- `host_network` ([host_network](#host_network-stanza): nil) - Registers
+ additional host networks with the node that can be selected when port mapping.
+
### `chroot_env` Parameters
Drivers based on [isolated fork/exec](/docs/drivers/exec) implement file
@@ -372,6 +378,35 @@ client {
- `read_only` `(bool: false)` - Specifies whether the volume should only ever be
allowed to be mounted `read_only`, or if it should be writeable.
+### `host_network` Stanza
+
+The `host_network` stanza is used to register additional host networks with
+the node that can be used when port mapping.
+
+The key of the stanza corresponds to the name of the network used in the
+[`host_network`](/docs/job-specification/network#host-network).
+
+```hcl
+client {
+ host_network "public" {
+ cidr = "203.0.113.0/24"
+ reserved_ports = "22,80"
+ }
+}
+```
+
+#### `host_network` Parameters
+
+- `cidr` `(string: "")` - Specifies a cidr block of addresses to match against.
+ If an address is found on the node that is contained by this cidr block, the
+ host network will be registered with it.
+
+- `interface` `(string: "")` - Filters searching of addresses to a specific interface.
+
+- `reserved_ports` `(string: "")` - Specifies a comma-separated list of ports to
+ reserve on all fingerprinted network devices. Ranges can be specified by using
+ a hyphen separating the two inclusive ends.
+
## `client` Examples
### Common Setup
diff --git a/website/pages/docs/job-specification/network.mdx b/website/pages/docs/job-specification/network.mdx
index 373f379da..4a3723d17 100644
--- a/website/pages/docs/job-specification/network.mdx
+++ b/website/pages/docs/job-specification/network.mdx
@@ -14,7 +14,6 @@ description: |-
@@ -73,6 +72,8 @@ job "docs" {
drivers.
- `host` - Each task will join the host network namespace and a shared network
namespace is not created. This matches the current behavior in Nomad 0.9.
+ - `cni/` - Task group will have an isolated network namespace
+ with the network configured by CNI.
- `dns` ([DNSConfig](#dns-parameters): nil) - Sets the DNS configuration
for the allocations. By default all DNS configuration is inherited from the client host.
@@ -80,10 +81,16 @@ job "docs" {
### `port` Parameters
-- `static` `(int: nil)` - Specifies the static TCP/UDP port to allocate. If omitted, a dynamic port is chosen. We **do not recommend** using static ports, except
+- `static` `(int: nil)` - Specifies the static TCP/UDP port to allocate. If omitted, a
+ dynamic port is chosen. We **do not recommend** using static ports, except
for `system` or specialized jobs like load balancers.
- `to` `(string:nil)` - Applicable when using "bridge" mode to configure port
- to map to inside the task's network namespace. `-1` sets the mapped port equal to the dynamic port allocated by the scheduler. The `NOMAD_PORT_