Nomad
IPv6 support in Nomad
Nomad supports IPv6 as long as the underlying networks, host machines, and operating systems running it support IPv6.
This guide illustrates the different configuration settings you need for different connection contexts.
Advertise
Advertise Nomad server and client addresses to specify what address other servers, clients, or external systems should use to make connections back to the agent.
You can use go-sockaddr templating to dynamically select a public IPv6 address. In this example, for each protocol, fetch one IPv6 address from public interfaces and assign it as the protocol's address.
advertise {
http = "{{ GetPublicInterfaces | include \"type\" \"IPv6\" \
| limit 1 | attr \"address\" }}"
rpc = "{{ GetPublicInterfaces | include \"type\" \"IPv6\" \
| limit 1 | attr \"address\" }}"
serf = "{{ GetPublicInterfaces | include \"type\" \"IPv6\" \
| limit 1 | attr \"address\" }}"
}
Nomad to Nomad
Nomad agent processes connect to one another to make RPC calls for cluster operations.
We recommend using IPv6 on Nomad with DNS that resolves to IPv6 or by using cloud auto-join. The following server-to-server and client-to-server examples use IPv6 addresses explicitly.
Server to server
Use the server_join
block to link servers together.
server {
enabled = true
server_join {
retry_join = ["[2001:db8::1]", "[2001:db8::2]"]
}
}
Client to server
Use the servers
parameter or the server_join
parameter to
link clients.
client {
enabled = true
servers = ["[2001:db8::1]", "[2001:db8::2]", "[2001:db8::3]"]
}
server {
enabled = true
server_join {
retry_join = ["[2001:db8::1]", "[2001:db8::2]", "[2001:db8::3]"]
}
}
Nomad to external systems
Most connections between Nomad and other external systems occur via HTTP.
For example, when you set this NOMAD_ADDR
environment variable:
export NOMAD_ADDR='http://[2001:db8::1]:4646'
You can do the following:
Use the Nomad CLI, which makes Nomad API calls.
Open the Nomad web UI in a browser with the command
nomad ui
.Use Workload identity.
Nomad can reach Consul and Vault at IPv6 addresses, if they are listening, to register services or fetch secrets.
Configure Consul with the
nomad setup consul
command.nomad setup consul -y -jwks-url="$NOMAD_ADDR/.well-known/jwks.json"
Configure Vault with the
nomad setup vault
command.nomad setup vault -y -jwks-url="$NOMAD_ADDR/.well-known/jwks.json"
Various other third-party services that support OIDC connections should also be able to reach Nomad at an IPv6 address, so long as the third-party services support IPv6.
Workloads
Nomad supports arbitrary IPv6 network calls to and from tasks on client nodes.
With host networking, tasks use the same network as the host machine.
- Use these options to register services with an IPv6 address:
- Set the
preferred_address_family
client config to"ipv6"
. - Include a
service
block in your job specification with either the "nomad" or "consul" provider as usual.
- Set the
- Use
bridge_network_subnet_ipv6
to configure Nomad's bridge network mode for IPv6.
CNI plugins can work with IPv6 as well. Nomad's bridge network does this.
Some task drivers have their own IPv6 configuration options. If you have enabled IPv6 support in the Docker driver, you can configure IPv6 in your job specification. Refer to IPv6 Docker containers for details.