mirror of
https://github.com/kemko/nomad.git
synced 2026-01-06 10:25:42 +03:00
021692eccf
- Pulled common content from multiple pages into new partials - Refactored install/index to be OS-based so I could add linux-distro-based instructions to install-consul-cni-plugins.mdx partial. The tab groups on the install/index page do match and change focus as expected. - Moved CNI overview-type content to networking/index - Refactored networking/cni to include install CNI plugins and configuration content (from install/index). - Moved CNI plugins explanation in bridge mode configuration section into bullet points. They had been #### headings, which aren't rendered in the R page TOC. I tried to simplify and format the bullet point content to be easier to scan. Ref: https://hashicorp.atlassian.net/browse/CE-661 Fixes: https://github.com/hashicorp/nomad/issues/23229 Fixes: https://github.com/hashicorp/nomad/issues/23583
39 lines
1.5 KiB
Plaintext
39 lines
1.5 KiB
Plaintext
Nomad's task group networks integrate with Consul's service mesh using bridge
|
|
networking and iptables to send traffic between containers.
|
|
|
|
~> **Warning:** New Linux versions, such as Ubuntu 24.04, may not enable bridge
|
|
networking by default. Use `sudo modprobe bridge` to load the bridge module if
|
|
it is missing.
|
|
|
|
The Linux kernel bridge module has three tunable parameters that control whether
|
|
iptables processes traffic crossing the bridge. Some operating systems,
|
|
including RedHat, CentOS, and Fedora, might have iptables rules that are not
|
|
correctly configured for guest traffic because these tunable parameters are
|
|
optimized for VM workloads.
|
|
|
|
Ensure your Linux operating system distribution is configured to allow iptables
|
|
to route container traffic through the bridge network. Run the following
|
|
commands to set the tunable parameters to allow iptables processing for the
|
|
bridge network.
|
|
|
|
```shell-session
|
|
$ echo 1 > /proc/sys/net/bridge/bridge-nf-call-arptables
|
|
$ echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
|
|
$ echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
|
|
```
|
|
|
|
To preserve these settings on startup of a client node, add a file to
|
|
`/etc/sysctl.d/` or remove the file your Linux distribution puts in that
|
|
directory. The following example configures the tunable parameters for a client
|
|
node.
|
|
|
|
<CodeBlockConfig filename="/etc/sysctl.d/bridge.conf">
|
|
|
|
```ini
|
|
net.bridge.bridge-nf-call-arptables = 1
|
|
net.bridge.bridge-nf-call-ip6tables = 1
|
|
net.bridge.bridge-nf-call-iptables = 1
|
|
```
|
|
|
|
</CodeBlockConfig>
|