Merge pull request #23322 from hashicorp/david-yu-patch-1

docs: install `consul-cni` manually or via linux packaging
hashicorp · Jun 14, 2024 · 0cc2ab5 · 0cc2ab5
2 parents 3b9283a + 36f75c5
commit 0cc2ab5
Show file tree

Hide file tree

Showing 3 changed files with 71 additions and 3 deletions.
diff --git a/website/content/docs/install/index.mdx b/website/content/docs/install/index.mdx
@@ -198,13 +198,31 @@ Nomad uses CNI plugins to configure network namespaces when using the `bridge`
 network mode. All Linux Nomad client nodes using network namespaces must have
 CNI plugins installed.
 
+<h4>Install reference CNI plugins</h4>
+
 The following commands install the CNI reference plugins.
 
 ```shell-session
-$ curl -L -o cni-plugins.tgz "https://github.com/containernetworking/plugins/releases/download/v1.5.0/cni-plugins-linux-$( [ $(uname -m) = aarch64 ] && echo arm64 || echo amd64)"-v1.5.0.tgz && \
+$ export ARCH_CNI=$( [ $(uname -m) = aarch64 ] && echo arm64 || echo amd64)
+$ curl -L -o cni-plugins.tgz "https://github.com/containernetworking/plugins/releases/download/v1.5.0/cni-plugins-linux-${ARCH_CNI}"-v1.5.0.tgz && \
   sudo mkdir -p /opt/cni/bin && \
   sudo tar -C /opt/cni/bin -xzf cni-plugins.tgz
 ```
+
+<h4>Install consul-cni CNI plugin</h4>
+
+If the `transparent_proxy` block is used for Consul Service Mesh, then the 
+`consul-cni` CNI Plugin must be installed on each client node to redirect inbound 
+and outbound traffic for services to the Envoy proxy. The following commands
+assume that reference CNI plugins have already been installed. 
+
+```shell-session
+$ export ARCH_CNI=$( [ $(uname -m) = aarch64 ] && echo arm64 || echo amd64)
+$ curl -L -o consul-cni.zip "https://releases.hashicorp.com/consul-cni/1.5.0/consul-cni_1.5.0_linux_${ARCH_CNI}".zip && \
+  sudo unzip consul-cni.zip -d /opt/cni/bin -x LICENSE.txt
+```
+
+<h3>Configure bridge network to route traffic through iptables</h3>
 
 Ensure your Linux operating system distribution has been configured to allow
 container traffic through the bridge network to be routed via iptables. These
@@ -290,13 +308,63 @@ Nomad uses CNI plugins to configure network namespaces when using the `bridge`
 network mode. All Linux Nomad client nodes using network namespaces must have
 CNI plugins installed.
 
+<h4>Install reference CNI plugins</h4>
+
 The following commands install the CNI reference plugins.
 
 ```shell-session
 $ curl -L -o cni-plugins.tgz "https://github.com/containernetworking/plugins/releases/download/v1.0.0/cni-plugins-linux-$( [ $(uname -m) = aarch64 ] && echo arm64 || echo amd64)"-v1.0.0.tgz && \
   sudo mkdir -p /opt/cni/bin && \
   sudo tar -C /opt/cni/bin -xzf cni-plugins.tgz
 ```
+
+<h4>Install consul-cni CNI plugin</h4>
+
+If the `transparent_proxy` block is used for Consul Service Mesh, then the 
+`consul-cni` CNI Plugin must be installed on each client node to redirect inbound 
+and outbound traffic for services to the Envoy proxy. The following commands
+assume that the linux packages repositories have already been added using `apt` or 
+`yum` and that the reference CNI plugins have already been installed. 
+
+<Tabs>
+
+<Tab heading="CentOS/RHEL">
+
+Install the `consul-cni` plugin on each client node.  
+
+```shell-session
+$ sudo yum -y install consul-cni
+```
+</Tab>
+<Tab heading="Ubuntu/Debian">
+
+Install the `consul-cni` plugin on each client node.  
+
+```shell-session
+$ sudo apt-get install -y consul-cni
+```
+
+</Tab>
+<Tab heading="Fedora">
+
+Install the `consul-cni` plugin on each client node.  
+
+```shell-session
+$ sudo dnf -y install consul-cni
+```
+
+</Tab>
+<Tab heading="Amazon Linux">
+
+Install the `consul-cni` plugin on each client node.  
+
+```shell-session
+$ sudo yum -y install consul-cni
+```
+</Tab>
+</Tabs> 
+
+<h3>Configure bridge network to route traffic through iptables</h3>
 
 Ensure your Linux operating system distribution has been configured to allow
 container traffic through the bridge network to be routed via iptables. These

diff --git a/website/content/docs/integrations/consul/service-mesh.mdx b/website/content/docs/integrations/consul/service-mesh.mdx
@@ -188,7 +188,7 @@ Consul service mesh sidecar proxy. All Nomad client nodes using network namespac
 must have these CNI plugins [installed][cni_install].
 
 To use [`transparent_proxy`][] mode, Nomad client nodes will also need the
-[`consul-cni`][] plugin installed.
+[`consul-cni`][] plugin installed. See the Linux post-installation [steps](/nomad/docs/install#post-installation-steps) for more detail on how to install CNI plugins. 
 
 ## Run the Service Mesh-enabled Services
 

diff --git a/website/content/docs/release-notes/nomad/v1_8_x.mdx b/website/content/docs/release-notes/nomad/v1_8_x.mdx
@@ -92,7 +92,7 @@ We are pleased to announce the following Nomad updates.
   Driver](/nomad/plugins/drivers/community/lxc) is now deprecated. Official
   support will be removed and the repo will be archived when Nomad 1.9 is
   released. Users are encouraged to migrate their workloads to another task
-  driver such as the built-in Docker task driver[/nomad/docs/drivers/docker].
+  driver such as the built-in Docker task [driver](/nomad/docs/drivers/docker).
 
 - **ECS Task driver:** The remote [ECS Task
   Driver](https://developer.hashicorp.com/nomad/plugins/drivers/remote/ecs) is