Automatically populate CONSUL_HTTP_ADDR for connect native tasks in…

… host networking mode. Fixes hashicorp#10239

CHANGELOG.md

@@ -14,6 +14,7 @@ BUG FIXES:
 IMPROVEMENTS:
  * cli: Update defaults for `nomad operator debug` flags `-interval` and `-server-id` to match common usage. [[GH-10121](https://github.com/hashicorp/nomad/issues/10121)]
  * consul/connect: Enable setting `local_bind_address` field on connect upstreams [[GH-6248](https://github.com/hashicorp/nomad/issues/6248)]
+ * consul/connect: Automatically populate `CONSUL_HTTP_ADDR` for connect native tasks in host networking mode. [[GH-10239](https://github.com/hashicorp/nomad/issues/10239)]
  * csi: Added support for jobs to request a unique volume ID per allocation. [[GH-10136](https://github.com/hashicorp/nomad/issues/10136)]
  * driver/docker: Added support for optional extra container labels. [[GH-9885](https://github.com/hashicorp/nomad/issues/9885)]
  * driver/docker: Added support for configuring default logger behavior in the client configuration. [[GH-10156](https://github.com/hashicorp/nomad/issues/10156)]

client/allocrunner/taskrunner/connect_native_hook.go

@@ -115,6 +115,7 @@ func (h *connectNativeHook) Prestart(
 	}
 
 	merge(environment, h.bridgeEnv(request.TaskEnv.EnvMap))
+	merge(environment, h.hostEnv(request.TaskEnv.EnvMap))
 
 	// tls/acl setup for native task done
 	response.Done = true
@@ -225,6 +226,25 @@ func (h *connectNativeHook) bridgeEnv(env map[string]string) map[string]string {
 	return nil
 }
 
+// hostEnv creates a set of additional environment variables to be used when launching
+// the connect native task. This will enable the task to communicate with Consul
+// if the task is running in host network mode.
+//
+// Sets CONSUL_HTTP_ADDR if not already set.
+func (h *connectNativeHook) hostEnv(env map[string]string) map[string]string {
+	if h.alloc.AllocatedResources.Shared.Networks[0].Mode != "host" {
+		return nil
+	}
+
+	if _, exists := env["CONSUL_HTTP_ADDR"]; !exists {
+		return map[string]string{
+			"CONSUL_HTTP_ADDR": h.consulConfig.HTTPAddr,
+		}
+	}
+
+	return nil
+}
+
 // maybeSetSITokenEnv will set the CONSUL_HTTP_TOKEN environment variable in
 // the given env map, if the token is found to exist in the task's secrets
 // directory AND the CONSUL_HTTP_TOKEN environment variable is not already set.

client/allocrunner/taskrunner/connect_native_hook_test.go

@@ -202,6 +202,48 @@ func TestConnectNativeHook_bridgeEnv_host(t *testing.T) {
 	})
 }
 
+func TestConnectNativeHook_hostEnv_host(t *testing.T) {
+	t.Parallel()
+
+	hook := new(connectNativeHook)
+	hook.alloc = mock.ConnectNativeAlloc("host")
+	hook.consulConfig.HTTPAddr = "http://1.2.3.4:9999"
+
+	t.Run("consul address env not preconfigured", func(t *testing.T) {
+		result := hook.hostEnv(nil)
+		require.Equal(t, map[string]string{
+			"CONSUL_HTTP_ADDR": "http://1.2.3.4:9999",
+		}, result)
+	})
+
+	t.Run("consul address env is preconfigured", func(t *testing.T) {
+		result := hook.hostEnv(map[string]string{
+			"CONSUL_HTTP_ADDR": "10.1.1.1",
+		})
+		require.Empty(t, result)
+	})
+}
+
+func TestConnectNativeHook_hostEnv_bridge(t *testing.T) {
+	t.Parallel()
+
+	hook := new(connectNativeHook)
+	hook.alloc = mock.ConnectNativeAlloc("bridge")
+	hook.consulConfig.HTTPAddr = "http://1.2.3.4:9999"
+
+	t.Run("consul address env not preconfigured", func(t *testing.T) {
+		result := hook.hostEnv(nil)
+		require.Empty(t, result)
+	})
+
+	t.Run("consul address env is preconfigured", func(t *testing.T) {
+		result := hook.hostEnv(map[string]string{
+			"CONSUL_HTTP_ADDR": "10.1.1.1",
+		})
+		require.Empty(t, result)
+	})
+}
+
 func TestTaskRunner_ConnectNativeHook_Noop(t *testing.T) {
 	t.Parallel()
 	logger := testlog.HCLogger(t)