Containers in the same network namespace issue

Hi,
I hope this is the correct place to ask the question about an issue I have with nomad, please let me know if it is not.

I wanted to ask if the following scenario is supported in nomad.
I created a docker network on a VM, lets name the network “ben-network”.
I created a nomad job that contains a task group with a constraint to be deployed on my VM.
The task group contains two tasks where I want both tasks to use “ben-network” and share the same network namespace.

How can I do that with nomad?

According to the documentation I read, if I want to use a specific docker network, for example “ben-network”, I need to do this through the network configuration of the underlying task and not in the group’s configuration.
When I do this, I can’t make the tasks in the group share net namespace, as in order to do that one task need to use network of “container_name” which is not known in advance as nomad is the one determining the container name during deployment.

I would appreciate any advice on the matter,
Thanks in advance!
Ben Agai

1 Like

Are there workarounds or alternative approaches to achieve network namespace sharing among tasks using Nomad and Docker?

@zesismark that is what I ask.
I’m not sure if your expecting me to answer you or if your also joining my question.

Hi @BenAgai,

Welcome to the HashiCorp Forums!

I got some ideas from an old mailing list thread and tried the following approach, which is working for me.

The trick is to add a task with a lifecycle block (to prestart and of type sidecar) and then use this task’s name with the allocation ID to attach to its network namespace. I am not sure whether there is a better way or if there are any caveats. Please try this and let me know if works for you.

job "example" {

  group "cache" {
    network {
      port "db" {
        to = 6379
      }
    }
    task "init" {
      lifecycle {
        hook    = "prestart"
        sidecar = true
      }
      driver = "docker"

      config {
        image        = "gcr.io/google_containers/pause-arm64:3.1"
        network_mode = "hello" # this is my user-network

      }
    }

    task "redis" {
      driver = "docker"

      config {
        image          = "redis:7"
        ports          = ["db"]
        auth_soft_fail = true
        network_mode = "container:init-${NOMAD_ALLOC_ID}"
      }

      identity {
        env  = true
        file = true
      }

      resources {
        cpu    = 500
        memory = 256
      }
    }
  }
}

Hi @Ranjandas ,
I didn’t get a chance yet to test this, but once I’ll get there I will let you know.

Thanks!