Podman driver, reading container IP

sbaildon · February 25, 2024, 11:58am

I have podman based job specs that register services with consul using address_mode = driver, meaning the IP/port pair registered with consul is the container IP and port — no problems here, that’s exactly what I want.

Can I get nomad to expose the same IP/port pair into the container? I’m looking for easy access to the allocated container IP from my pool of 172.25.0.0/16.

With this configuration, NOMAD_IP_<label> points to 127.0.0.1 — that doesn’t work for my use case.

job "example" {
  type        = "service"

  group "webserver" {
    network {
      port "https" {
        to = 443
      }
    }

    task "caddy" {
      driver = "podman"

      config {
        image = "docker://docker.io/library/caddy"
        ports = ["https"]
      }

      service {
          provider     = "consul"
          port         = "https"
          address_mode = "driver"
      }
    }
  }
}

rtwolfe · February 25, 2024, 8:37pm

No, Nomad does not natively expose the container IP/port pair directly to the container when using the Podman driver with address_mode = driver. Instead, you can use a template stanza in your Nomad job specification to query the Nomad API and inject the container’s IP into a file or an environment variable that your application can read at runtime. This approach requires custom logic within your application to read this information after the container starts.

sbaildon · February 25, 2024, 10:54pm

as far as i know, an allocation’s container IP isn’t available through Nomad’s API

rtwolfe · February 25, 2024, 11:05pm

Nomad’s API does provide ways to access an allocation’s container IP address, albeit indirectly. When you query an allocation’s details through the Nomad API, it returns a comprehensive JSON structure that includes the state of each task within the allocation. Within this structure, there’s information about the networking setup for each task, including the allocated IP addresses.

To find a container’s IP address, you would typically:

Query the specific allocation using the /v1/allocation/{alloc_id} endpoint, where {alloc_id} is replaced with your allocation’s unique identifier.
In the returned allocation detail, look into the TaskStates for the task of interest.
Within the TaskStates, navigate to the Networks section, where you will find details about the network interfaces assigned to the task, including IP addresses.

This process will give you access to the IP addresses allocated to the task’s network interfaces, which can be used for various operational and networking purposes within your Nomad ecosystem.

sbaildon · February 25, 2024, 11:30pm

today I learned — unfortunately that API still only returns 127.0.0.1

from different keys in the response

{
  "Label": "https",
  "Value": 26428,
  "To": 443,
  "HostIP": "127.0.0.1"
 }

and

"Networks": [
  {
    "IP": "127.0.0.1",
    ...
  }
}