Nomad sidecar_task image doesn't work

Luke_b · August 18, 2023, 1:28pm

Hello,

im trying to deploy an app with a sidecar proxy pulled from private registry. I found out that there is a way to configure sidecar_task in config stanza to point to specific docker image.

connect {
        sidecar_service {}
        sidecar_task {
        config {
           image = "..../envoy"
        }
}

After this configuration nomad was still trying to pull the image of that envoy from the default registry. Then i found there is an another option to set client meta stanza on client agents to define default connect.sidecar.image:

client {
  meta {
    "connect.sidecar_image" = "xxxxxxx/library/envoy"
    "connect.gateway_image" = "xxxxxxxx/library/envoy"
  }
}

But even after this change, nomad was still trying to pull that envoy image from the public default docker registry, which is blocked in corp. network.

Is there any solution for this strange behavior?

Thank you

Luke_b · August 25, 2023, 12:30pm

It was my fault, both options works as expected. I just didn’t know about the fact, that placeholder pause_amd container is being pulled in a situation where bridge network between tasks is configured. So our strict network settings was blocking this connection, not an envoy image. This was easily solved by configuring infra_image option on client agents.

Topic		Replies	Views
Is it possible to set envoy as default proxy for Consul sidecars? Consul connect , consul-nomad	2	594	November 11, 2021
Consul Connect Envoy without Docker Nomad	8	2639	May 2, 2022
Failed to start task, unable to pull image docker.io/envoyproxy/envoy:v1.21.1 Nomad connect	1	455	November 13, 2022
Consul agent unable to talk to sidecar after firewalld restart Nomad	3	530	January 7, 2022
Bind envoy sidecar task to a non public interface Nomad connect , consul	0	257	December 7, 2022

Nomad sidecar_task image doesn't work

Related topics