diff --git a/drivers/docker/config.go b/drivers/docker/config.go index 6decc839b..7fc3c430c 100644 --- a/drivers/docker/config.go +++ b/drivers/docker/config.go @@ -216,6 +216,12 @@ var ( hclspec.NewAttr("nvidia_runtime", "string", false), hclspec.NewLiteral(`"nvidia"`), ), + + // image to use when creating a network namespace parent container + "infra_image": hclspec.NewDefault( + hclspec.NewAttr("infra_image", "string", false), + hclspec.NewLiteral(`"gcr.io/google_containers/pause-amd64:3.0"`), + ), }) // taskConfigSpec is the hcl specification for the driver config section of @@ -491,6 +497,7 @@ type DriverConfig struct { AllowPrivileged bool `codec:"allow_privileged"` AllowCaps []string `codec:"allow_caps"` GPURuntimeName string `codec:"nvidia_runtime"` + InfraImage string `codec:"infra_image"` } type AuthConfig struct { diff --git a/drivers/docker/network.go b/drivers/docker/network.go index e1be3d1a1..bbe69a513 100644 --- a/drivers/docker/network.go +++ b/drivers/docker/network.go @@ -7,9 +7,6 @@ import ( "github.com/hashicorp/nomad/plugins/drivers" ) -// infraContainerImage is the image used for the parent namespace container -const infraContainerImage = "gcr.io/google_containers/pause-amd64:3.0" - // dockerNetSpecLabelKey is used when creating a parent container for // shared networking. It is a label whos value identifies the container ID of // the parent container so tasks can configure their network mode accordingly @@ -22,15 +19,15 @@ func (d *Driver) CreateNetwork(allocID string) (*drivers.NetworkIsolationSpec, e return nil, fmt.Errorf("failed to connect to docker daemon: %s", err) } - repo, _ := parseDockerImage(infraContainerImage) + repo, _ := parseDockerImage(d.config.InfraImage) authOptions, err := firstValidAuth(repo, []authBackend{ authFromDockerConfig(d.config.Auth.Config), authFromHelper(d.config.Auth.Helper), }) if err != nil { - d.logger.Debug("auth failed for infra container image pull", "image", infraContainerImage, "error", err) + d.logger.Debug("auth failed for infra container image pull", "image", d.config.InfraImage, "error", err) } - _, err = d.coordinator.PullImage(infraContainerImage, authOptions, allocID, noopLogEventFn) + _, err = d.coordinator.PullImage(d.config.InfraImage, authOptions, allocID, noopLogEventFn) if err != nil { return nil, err } @@ -40,7 +37,7 @@ func (d *Driver) CreateNetwork(allocID string) (*drivers.NetworkIsolationSpec, e return nil, err } - container, err := d.createContainer(client, *config, infraContainerImage) + container, err := d.createContainer(client, *config, d.config.InfraImage) if err != nil { return nil, err } @@ -82,7 +79,7 @@ func (d *Driver) createSandboxContainerConfig(allocID string) (*docker.CreateCon return &docker.CreateContainerOptions{ Name: fmt.Sprintf("nomad_init_%s", allocID), Config: &docker.Config{ - Image: infraContainerImage, + Image: d.config.InfraImage, }, HostConfig: &docker.HostConfig{ // set the network mode to none which creates a network namespace with diff --git a/website/source/docs/drivers/docker.html.md b/website/source/docs/drivers/docker.html.md index 0ec301f87..2e5d38ab9 100644 --- a/website/source/docs/drivers/docker.html.md +++ b/website/source/docs/drivers/docker.html.md @@ -728,6 +728,10 @@ plugin "docker" { `docker.volumes.enabled` set to false, the labels will still be applied to the standard binds in the container. +* `infra_image` - This is the docker image to use when creating the parent + container necessary when sharing network namespaces between tasks. Defaults + to "gcr.io/google_containers/pause-amd64:3.0". + ## Client Configuration ~> Note: client configuration options will soon be deprecated. Please use