consul connect: allow "cni/*" network mode (#26449)

don't require "bridge" network mode when using connect{} we document this as "at your own risk" because CNI configuration is so flexible that we can't guarantee a user's network will work, but Nomad's "bridge" CNI config may be used as a reference.
2026-01-01 16:05:42 +03:00 · 2025-09-04 12:29:50 -04:00
parent 2944a34b58
commit 9682aa2724
16 changed files with 275 additions and 134 deletions
--- a/command/agent/consul/connect.go
+++ b/command/agent/consul/connect.go
@@ -264,7 +264,7 @@ func connectProxyConfig(cfg map[string]interface{}, port int, info structs.Alloc

 func connectProxyBindAddress(networks structs.Networks) string {
 	for _, n := range networks {
-		if n.Mode == "bridge" && n.IsIPv6() {
+		if n.IsIPv6() && (n.Mode == "bridge" || strings.HasPrefix(n.Mode, "cni/")) {
 			return "::"
 		}
 	}
--- a/command/asset/connect.nomad.hcl
+++ b/command/asset/connect.nomad.hcl
@@ -156,7 +156,7 @@ job "countdash" {
    #   config {
    #     image = "${meta.connect.sidecar_image}"
    #     args  = [
-    #      "-c", "${NOMAD_TASK_DIR}/bootstrap.json",
+    #      "-c", "${NOMAD_SECRETS_DIR}/envoy_bootstrap.json",
    #      "-l", "${meta.connect.log_level}"
    #     ]
    #   }