kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-04 17:35:43 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
0c4d8fa4e2d89c027dec6afdb7df2cf6a540b302
nomad/website/content/docs/operations/ipv6-support.mdx
Daniel Bennett c32d9ed6f5 docs: ipv6: small fixes (#24368) 
* escaping newlines is not allowed in go-sockaddr template
* client{} block in client section
* tiny extra clarification that the NOMAD_ADDR is an example
2024-11-05 11:11:36 -06:00

143 lines
4.6 KiB
Plaintext
Raw Blame History

---
layout: docs
page_title: Support for IPv6
description: |-
Nomad support for IPv6
---
# IPv6 support in Nomad
Nomad supports IPv6 as long as the underlying networks, host machines,
and operating systems running it support IPv6.
This guide illustrates the different configuration settings you need for different connection contexts.
## Advertise
[Advertise][advertise] Nomad server and client addresses to specify what
address other servers, clients, or external systems should use to make
connections back to the agent.
You can use [go-sockaddr][] templating to dynamically select a public IPv6
address. In this example, for each protocol, fetch one IPv6 address from public
interfaces and assign it as the protocol's address.
```hcl
advertise {
http = "{{ GetPublicInterfaces | include `type` `IPv6` | limit 1 | attr `address` }}"
rpc = "{{ GetPublicInterfaces | include `type` `IPv6` | limit 1 | attr `address` }}"
serf = "{{ GetPublicInterfaces | include `type` `IPv6` | limit 1 | attr `address` }}"
}
```
## Nomad to Nomad
Nomad agent processes connect to one another to make RPC calls for cluster operations.
We recommend using IPv6 on Nomad with DNS that resolves to IPv6 or by
using cloud auto-join. The following server-to-server and client-to-server
examples use IPv6 addresses explicitly.
### Server to server
Use the [`server_join`][server_join] block to link servers together.
```hcl
server {
enabled = true
server_join {
retry_join = ["[2001:db8::1]", "[2001:db8::2]"]
}
}
```
### Client to server
Use the [`servers`][client.servers] parameter or the `server_join` parameter to
link clients.
```hcl
client {
enabled = true
servers = ["[2001:db8::1]", "[2001:db8::2]", "[2001:db8::3]"]
}
```
```hcl
client {
enabled = true
server_join {
retry_join = ["[2001:db8::1]", "[2001:db8::2]", "[2001:db8::3]"]
}
}
```
## Nomad to external systems
Most connections between Nomad and other external systems occur via HTTP.
For example, when you set a `NOMAD_ADDR` environment variable like this one:
```
export NOMAD_ADDR='http://[2001:db8::1]:4646'
```
You can do the following:
- Use the Nomad CLI, which makes Nomad API calls.
- Open the Nomad web UI in a browser with the command `nomad ui`.
- Use [Workload identity][workload-identity].
- Nomad can reach Consul and Vault at IPv6 addresses, if they are listening,
to register services or fetch secrets.
- Configure Consul with the [`nomad setup consul` command][setup-consul].
```
nomad setup consul -y -jwks-url="$NOMAD_ADDR/.well-known/jwks.json"
- Configure Vault with the [`nomad setup vault` command][setup-vault].
```
nomad setup vault -y -jwks-url="$NOMAD_ADDR/.well-known/jwks.json"
```
Various other third-party services that support OIDC connections should also be
able to reach Nomad at an IPv6 address, so long as the third-party services
support IPv6.
## Workloads
Nomad supports arbitrary IPv6 network calls to and from tasks on client nodes.
With host networking, tasks use the same network as the host machine.
- Use these options to register services with an IPv6 address:
- Set the [`preferred_address_family`][preferred_address_family-config]
client config to `"ipv6"`.
- Include a [`service`][service-block] block in your job specification with
either the "nomad" or "consul" provider as usual.
- Use [`bridge_network_subnet_ipv6`][bridge-network-subnet-ipv6] to configure
Nomad's [bridge network mode][bridge-network-mode] for IPv6.
[CNI][cni] plugins can work with IPv6 as well. Nomad's bridge network does this.
Some task drivers have their own IPv6 configuration options. If you have enabled
IPv6 support in the [Docker driver][docker-driver], you can configure IPv6 in
your job specification. Refer to [IPv6 Docker
containers][ipv6-docker-containers] for details.
[server_join]: /nomad/docs/configuration/server_join
[client.servers]: /nomad/docs/configuration/client#servers
[go-sockaddr]: https://pkg.go.dev/github.com/hashicorp/go-sockaddr/template
[advertise]: /nomad/docs/configuration#advertise
[workload-identity]: /nomad/docs/concepts/workload-identity
[service-block]: /nomad/docs/job-specification/service
[preferred_address_family-config]: /nomad/docs/configuration/client#preferred_address_family
[bridge-network-mode]: /nomad/docs/job-specification/network#network-modes
[bridge-network-subnet-ipv6]: /nomad/docs/configuration/client#bridge_network_subnet_ipv6
[cni]: /nomad/docs/networking/cni
[docker-driver]: /nomad/docs/drivers/docker
[ipv6-docker-containers]: /nomad/docs/job-specification/service#ipv6-docker-containers
[setup-consul]: /nomad/docs/commands/setup/consul
[setup-vault]: /nomad/docs/commands/setup/vault
Reference in New Issue View Git Blame Copy Permalink