I have setup CNI, but whilst is working the behaviour is not the intended.
The containers runs on the IP belonging to the CNI (a private range IP, like as 192.168.xxx), but:
- the container jobs is registered in consul against the IP address of the Agent, but I want the communication to happen inside the CNI, using the private IP addresses.
- I don’t want the container to open a socket on the Agent. It should be listen only in the docker interface. Otherwise why do I need a CNI?
- if I need to reach the container, I setup a load balancer that will connect to the IPs in the CNI, or I use Consul Connect, or VPN
Is there an option for the CNI, or the nomad agent that I could use?
This is the config of the CNI:
[quote=“maxadamo, post:1, topic:52682, full:true”]
I have setup CNI, but whilst is working the behaviour is not the intended.
The containers run on the IP belonging to the CNI (usually a private range, 192.168.xxx), but:
- the container jobs is registered in consul against the IP address of the Agent, but I want the communication to happen inside the CNI, using the private IP addresses.
- I don’t want the container to open a socket on the Agent. It should be listen only in the docker interface. Otherwise why I have setup CNI?
- if I need to reach the container, I setup a load balancer that will connect to the IPs in the CNI.
Is there an option for the CNI, or the nomad agent that I could use?
{
"cniVersion": "1.0.0",
"name": "timemap",
"plugins": [
{
"type": "loopback"
},
{
"type": "macvlan",
"master": "vxbr8365519",
"isDefaultGateway": false,
"forceAddress": false,
"ipMasq": true,
"ipam": {
"type": "host-local",
"ranges": [
[
{
"subnet": "192.168.1.0/24",
"rangeStart": "192.168.1.27",
"rangeEnd": "192.168.1.50",
"gateway": "192.168.1.26"
}
]
],
"routes": [
{
"dst": "0.0.0.0/0",
"gw": "192.168.1.26"
}
],
"dataDir": "/run/cni/ipam-state"
}
},
{
"type": "firewall",
"backend": "iptables",
"iptablesAdminChainName": "NOMAD-ADMIN"
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
},
"snat": true
}
]
}```