From f41bc468eb3e8871eb3b90c7d7368e0034c8a006 Mon Sep 17 00:00:00 2001 From: Tim Gross Date: Fri, 3 May 2024 11:30:33 -0400 Subject: [PATCH] consul: provide `CONSUL_HTTP_TOKEN` env var to tasks (#20519) When available, we provide an environment variable `CONSUL_TOKEN` to tasks, but this isn't the environment variable expected by the Consul CLI. Job specifications like deploying an API Gateway become noticeably nicer if we can instead provide the expected env var. --- .changelog/20519.txt | 3 ++ client/allocrunner/taskrunner/consul_hook.go | 3 +- website/content/partials/envvars.mdx | 52 +++++++++++--------- 3 files changed, 33 insertions(+), 25 deletions(-) create mode 100644 .changelog/20519.txt diff --git a/.changelog/20519.txt b/.changelog/20519.txt new file mode 100644 index 000000000..6d5e83dfa --- /dev/null +++ b/.changelog/20519.txt @@ -0,0 +1,3 @@ +```release-note:improvement +consul: provide tasks that have Consul tokens the CONSUL_HTTP_TOKEN environment variable +``` diff --git a/client/allocrunner/taskrunner/consul_hook.go b/client/allocrunner/taskrunner/consul_hook.go index bb8d541a3..a6ecbadfc 100644 --- a/client/allocrunner/taskrunner/consul_hook.go +++ b/client/allocrunner/taskrunner/consul_hook.go @@ -79,7 +79,8 @@ func (h *consulHook) Prestart(ctx context.Context, req *interfaces.TaskPrestartR } env := map[string]string{ - "CONSUL_TOKEN": token.SecretID, + "CONSUL_TOKEN": token.SecretID, + "CONSUL_HTTP_TOKEN": token.SecretID, } resp.Env = env diff --git a/website/content/partials/envvars.mdx b/website/content/partials/envvars.mdx index d79b69159..d5b10e607 100644 --- a/website/content/partials/envvars.mdx +++ b/website/content/partials/envvars.mdx @@ -1,29 +1,32 @@ ### Job-related variables -| Variable | Description | -|--------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `NOMAD_ALLOC_DIR` | The path to the shared `alloc/` directory. See the [Runtime Task Directories documentation][taskdirs] for more information. | -| `NOMAD_TASK_DIR` | The path to the task `local/` directory. See the [Runtime Task Directories documentation][taskdirs] for more information. | -| `NOMAD_SECRETS_DIR` | Path to the task's `secrets/` directory. See the [Runtime Task Directories documentation][taskdirs] for more information. | -| `NOMAD_MEMORY_LIMIT` | Memory limit in MB for the task | -| `NOMAD_MEMORY_MAX_LIMIT` | The maximum memory limit the task may use if client has excess memory capacity, in MB. Omitted if task isn't configured with memory oversubscription. | -| `NOMAD_CPU_LIMIT` | CPU limit in MHz for the task | -| `NOMAD_CPU_CORES` | The specific CPU cores reserved for the task in cpuset list notation. Omitted if the task does not request CPU cores. For example, `0-2,7,12-14` | -| `NOMAD_ALLOC_ID` | Allocation ID of the task | -| `NOMAD_SHORT_ALLOC_ID` | The first 8 characters of the allocation ID of the task | -| `NOMAD_ALLOC_NAME` | Allocation name of the task. This is derived from the job name, task group name, and allocation index. | -| `NOMAD_ALLOC_INDEX` | Allocation index; useful to distinguish instances of task groups. From 0 to (count - 1). For system jobs and sysbatch jobs, this value will always be 0. The index is unique within a given version of a job, but canaries or failed tasks in a deployment may reuse the index. | -| `NOMAD_TASK_NAME` | Task's name | -| `NOMAD_GROUP_NAME` | Group's name | -| `NOMAD_JOB_ID` | Job's ID, which is equal to the Job name when submitted through the command-line tool but can be different when using the API | -| `NOMAD_JOB_NAME` | Job's name | -| `NOMAD_JOB_PARENT_ID` | ID of the Job's parent if it has one | -| `NOMAD_DC` | Datacenter in which the allocation is running | -| `NOMAD_PARENT_CGROUP` | The parent cgroup used to contain task cgroups (Linux only) | -| `NOMAD_NAMESPACE` | Namespace in which the allocation is running | -| `NOMAD_REGION` | Region in which the allocation is running | -| `NOMAD_META_` | The metadata value given by `key` on the task's metadata. Any character in a key other than `[A-Za-z0-9_.]` will be converted to `_`.
**Note:** this is different from [`${meta.}`](/nomad/docs/runtime/interpolation#node-variables-) which are keys in the node's metadata. | -| `VAULT_TOKEN` | The task's Vault token. See the [Vault Integration][vault] documentation for more details | +| Variable | Description | +|--------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `NOMAD_ALLOC_DIR` | The path to the shared `alloc/` directory. See the [Runtime Task Directories documentation][taskdirs] for more information. | +| `NOMAD_TASK_DIR` | The path to the task `local/` directory. See the [Runtime Task Directories documentation][taskdirs] for more information. | +| `NOMAD_SECRETS_DIR` | Path to the task's `secrets/` directory. See the [Runtime Task Directories documentation][taskdirs] for more information. | +| `NOMAD_MEMORY_LIMIT` | Memory limit in MB for the task | +| `NOMAD_MEMORY_MAX_LIMIT` | The maximum memory limit the task may use if client has excess memory capacity, in MB. Omitted if task isn't configured with memory oversubscription. | +| `NOMAD_CPU_LIMIT` | CPU limit in MHz for the task | +| `NOMAD_CPU_CORES` | The specific CPU cores reserved for the task in cpuset list notation. Omitted if the task does not request CPU cores. For example, `0-2,7,12-14` | +| `NOMAD_ALLOC_ID` | Allocation ID of the task | +| `NOMAD_SHORT_ALLOC_ID` | The first 8 characters of the allocation ID of the task | +| `NOMAD_ALLOC_NAME` | Allocation name of the task. This is derived from the job name, task group name, and allocation index. | +| `NOMAD_ALLOC_INDEX` | Allocation index; useful to distinguish instances of task groups. From 0 to (count - 1). For system jobs and sysbatch jobs, this value will always be 0. The index is unique within a given version of a job, but canaries or failed tasks in a deployment may reuse the index. | +| `NOMAD_TASK_NAME` | Task's name | +| `NOMAD_GROUP_NAME` | Group's name | +| `NOMAD_JOB_ID` | Job's ID, which is equal to the Job name when submitted through the command-line tool but can be different when using the API | +| `NOMAD_JOB_NAME` | Job's name | +| `NOMAD_JOB_PARENT_ID` | ID of the Job's parent if it has one | +| `NOMAD_DC` | Datacenter in which the allocation is running | +| `NOMAD_PARENT_CGROUP` | The parent cgroup used to contain task cgroups (Linux only) | +| `NOMAD_NAMESPACE` | Namespace in which the allocation is running | +| `NOMAD_REGION` | Region in which the allocation is running | +| `NOMAD_META_` | The metadata value given by `key` on the task's metadata. Any character in a key other than `[A-Za-z0-9_.]` will be converted to `_`.
**Note:** this is different from [`${meta.}`](/nomad/docs/runtime/interpolation#node-variables-) which are keys in the node's metadata. | +| `CONSUL_HTTP_TOKEN` | The tasks' Consul token. See [Consul Integration][consul] documentation for more details. | +| `CONSUL_TOKEN` | The tasks' Consul token. See [Consul Integration][consul] documentation for more details. This variable is deprecated and exists only for backwards compatibility. | +| `VAULT_TOKEN` | The task's Vault token. See the [Vault Integration][vault] documentation for more details | + ### Network-related Variables @@ -66,3 +69,4 @@ names such as `NOMAD_ADDR__