SlideShare a Scribd company logo

Easy Cloud Native Transformation with Nomad

Bram Vogelaar
Bram Vogelaar

HashiCorp Nomad is a flexible and straightforward scheduler and orchestrator to deploy and manage containers and non-containerized applications across on-prem and clouds at scale. Nomad can be seen as: - an alternative to Kubernetes to deploy and scale containers without complexity - a supplement to Kubernetes to implement a multi-orchestrator platform On the other hand, this session will present how to ease the Cloud Native Transformation using Nomad.

Technology
1 of 34
Download to read offline
Easy Cloud Native Transformation with HashiCorp Nomad Bram Vogelaar @attachmentgenie
• Used to be a Molecular Biologist • Then became a Dev, now an Ops • Currently Cloud Engineer @ The Factory • Amsterdam HUG organizer • Almost author => Workload Orchestration Made Easy With Nomad $ whoami
Moving it all to the cloud
Vertical scaling
And than stuff got complicated….
l Open-source tool for dynamic workload scheduling l Batch, containerized, and non-containerized applications. l Has native Consul and Vault integrations. l Has token based access setup. l Jobs written in (H)ashiCorp (C)onfiguration (L)anguage https://www.nomadproject.io/ Nomad
Deploy the blog job "blog" { group ”hugo" { network { port "http" { to = ”80” } } service { name = ”attachmentgeniedotcom" port. = ”http" } task ”nginx" { driver = "docker" config { image = "${PRIVATE}.dkr.ecr.us-east-1.amazonaws.com/blog:19” ports = ["http"] } } }
1 == None job "blog" { datacenters = ["aws"] type = "service" group "hugo" { count = 2
Force onto different hardware job "blog" { datacenters = ["aws"] type = "service" group "hugo" { count = 2 constraint { operator = "distinct_hosts" value = "true" }
Suggest onto different hardware job "blog" { datacenters = ["aws"] type = "service" group "hugo" { count = 2 Spread { attribute = "${node.datacenter}" }
Based on custom meta-data /etc/nomad.d/config.hcl Client { Enabled = true Meta { "rack" = "his" } } blog.nomad job "blog" { group "hugo" { Spread { attribute = "${meta.rack}" target "his" { percent = 50 } target "her" { percent = 50 } }
service { name = "grafana" provider = "nomad" port = "grafana_ui" check { type = "http" path = "/api/health" interval = "10s" timeout. = "2s" } tags = [ "traefik.enable=true", ] } Native Service Discovery ( > 1.3)
template { data = <<EOH server { listen *:80; server_name grafana.teambla.com; location / { {{ range nomadService ”grafana" }} proxy_pass http://{{ .Address }}:{{ .Port }}; {{ end }} …. } EOH destination = "local/nginx.conf" } Native Service Discovery ( > 1.3)
$ nomad alloc checks f6683eb8 Status of 1 Nomad Service Checks ID = e47351cef1c81ca56bf70be6b48ae44a Name = service: "grafana" check Group = grafana.grafana[0] Task = grafana Service = grafana Status = success StatusCode = 200 Mode = healthiness Timestamp = 2022-10-03T12:43:48Z Output = nomad: http ok Service Checks
Service Overview
$ cat grafana.nomad service { name = "grafana" provider = "nomad" port = "grafana_ui" tags = [ "traefik.enable=true", ] } Ingress / Traefik $ cat traefik.yaml providers: nomad: address: http://${attr.unique.network.ip-address}:4646” exposedByDefault: false https://traefik.io <- 2.8.0
Metrics / Prometheus https://prometheus.io <- 2.37.0 $ cat grafana.nomad service { name = "grafana" provider = "nomad" port = "grafana_ui" tags = [ "metrics", ] } $ cat prometheus.yaml scrape_configs: - job_name: 'nomad_sd' nomad_sd_configs: - server: 'http://{{ env "attr.unique.network.ip-address" }}:4646' relabel_configs: - source_labels: ['__meta_nomad_tags'] regex: '(.*),metrics,(.*)' action: keep - source_labels: [__meta_nomad_service] target_label: job
l Open-Source Service Discovery Tool l Build-in KV store l Service Mesh tool l Uses watchers to have near instant feedback loops https://www.consul.io/ Consul
• Levant • Templating and packaging tool • Easily deploy popular applications to Nomad • Re-use common patterns across internal applications • Find and share job definitions with the Nomad community • Jobs written in (H)ashiCorp (C)onfiguration (L)anguage • Templates are written using Go Template Syntax. • Nightlies only right now! Nomad Pack https://github.com/hashicorp/nomad-pack
variable "datacenters" { description = "A list of datacenters in the region which are eligible for task placement" type = list(string) default = [“dc1”] } Variable “resources” { description = “The resource to assign to the blog service task” type = object({ cpu = number memory = number }) default = { cpu = 200, memory = 256 } } variables.hcl
$ cat packs/blog/templates/blog.nomad.tpl …. datacenters = [[ .my.datacenters | toStringList ]] … resources { cpu = [[ .my.blog_resources.cpu ]] memory = [[ .my.blog_resources.memory ]] } … Pack Templates
• nomad-pack registry list • nomad-pack registry add https://github.com/attachmentgenie/hashitalks-registry • nomad-pack run blog --var namespace=dashboard • nomad-pack run packs/blog -f vars/blog.hcl Pack Registries https://github.com/hashicorp/nomad-pack-community-registry
Nomad UI (> 1.4.3)
(secure) Variables (> 1.4)
Secrets task "grafana" { driver = "docker" config { image = "grafana/grafana:9.2.3" ports = ["grafana_ui"] } env { {{- with nomadVar "nomad/jobs/grafana" -}} GF_SECURITY_ADMIN_USER = {{. GF_SECURITY_ADMIN_USER}} GF_SECURITY_ADMIN_PASSWORD = {{. GF_SECURITY_ADMIN_PASSWORD}} {{- end -}} }
l Open-Source tool to do secrets management l Secure, store and tightly control access to tokens, passwords, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API. l Certificate management l Password rotation (e.g. SSH, MySQL) https://www.vaultproject.io/ Vault
Nomad autoscaler Introduced in/with Nomad 0.11 (Currently) independently release cycle Gaining new functionality every release Build in Functionality for horizontal and vertical scaling But extendable by your own (community) plugins
● Makes decisions based on a checks ● Checks are a combination of • Data queried from an APM • Defined STRATEGY • Attempt to approach TARGET value ● Multiple Checks can be combined • Answer with the most resources will win! • ScaleOut and ScaleIn => ScaleOut • ScaleOut and ScaleNone => ScaleOut • ScaleIn and ScaleNone => ScaleNone • ScaleOut(10) and ScaleOut(9) => ScaleOut(10) • ScaleIn(3) and ScaleIn(4) => ScaleIn(4) Auto-scaling TLDR
/etc/nomad.d/config.hcl nomad { address = "http://{{env "attr.unique.network.ip-address" }}:4646" } apm "prometheus" { driver = "prometheus" config = { address = "http://prometheus.service.consul:9090" } } strategy "target-value" { driver = "target-value" } Config for the autoscaler
job "blog" { datacenters = ["aws"] type = "service" group "hugo" { count = 3 scaling { enabled = true min = 1 max = 20 policy { cooldown = “20s” check “avg_instance_sessions” { source = “prometheus” query = “scalar(avg(traefik_service_open_connections{service=”blog@consulcatalog”}))” strategy “target-value” { target = 5 } Enable autoscaling for the blog
Observe Load
Correlate events with metrics
Moving it all to the cloud - QED
Questions ? The Floor is yours… bram@attachmentgenie.com @attachmentgenie https://www.slideshare.net/attachmentgenie

Recommended

Uncomplicated Nomad
Uncomplicated NomadUncomplicated Nomad
Uncomplicated Nomad
Bram Vogelaar
 
Introduction to Kong API Gateway
Introduction to Kong API GatewayIntroduction to Kong API Gateway
Introduction to Kong API Gateway
Yohann Ciurlik
 
Traffic Control with Envoy Proxy
Traffic Control with Envoy ProxyTraffic Control with Envoy Proxy
Traffic Control with Envoy Proxy
Mark McBride
 
Microservices & API Gateways
Microservices & API Gateways Microservices & API Gateways
Microservices & API Gateways
Kong Inc.
 
OSMC 2022 | The Power of Metrics, Logs & Traces with Open Source by Emil-Andr...
OSMC 2022 | The Power of Metrics, Logs & Traces with Open Source by Emil-Andr...OSMC 2022 | The Power of Metrics, Logs & Traces with Open Source by Emil-Andr...
OSMC 2022 | The Power of Metrics, Logs & Traces with Open Source by Emil-Andr...
NETWAYS
 
How to Lock Down Apache Kafka and Keep Your Streams Safe
How to Lock Down Apache Kafka and Keep Your Streams SafeHow to Lock Down Apache Kafka and Keep Your Streams Safe
How to Lock Down Apache Kafka and Keep Your Streams Safe
confluent
 
Consul
ConsulConsul
Consul
Ariel Moskovich
 
Hashicorp Vault ppt
Hashicorp Vault pptHashicorp Vault ppt
Hashicorp Vault ppt
Shrey Agarwal
 

Recommended

Uncomplicated Nomad
Uncomplicated NomadUncomplicated Nomad
Uncomplicated Nomad
Bram Vogelaar
 
Introduction to Kong API Gateway
Introduction to Kong API GatewayIntroduction to Kong API Gateway
Introduction to Kong API Gateway
Yohann Ciurlik
 
Traffic Control with Envoy Proxy
Traffic Control with Envoy ProxyTraffic Control with Envoy Proxy
Traffic Control with Envoy Proxy
Mark McBride
 
Microservices & API Gateways
Microservices & API Gateways Microservices & API Gateways
Microservices & API Gateways
Kong Inc.
 
OSMC 2022 | The Power of Metrics, Logs & Traces with Open Source by Emil-Andr...
OSMC 2022 | The Power of Metrics, Logs & Traces with Open Source by Emil-Andr...OSMC 2022 | The Power of Metrics, Logs & Traces with Open Source by Emil-Andr...
OSMC 2022 | The Power of Metrics, Logs & Traces with Open Source by Emil-Andr...
NETWAYS
 
How to Lock Down Apache Kafka and Keep Your Streams Safe
How to Lock Down Apache Kafka and Keep Your Streams SafeHow to Lock Down Apache Kafka and Keep Your Streams Safe
How to Lock Down Apache Kafka and Keep Your Streams Safe
confluent
 
Consul
ConsulConsul
Consul
Ariel Moskovich
 
Hashicorp Vault ppt
Hashicorp Vault pptHashicorp Vault ppt
Hashicorp Vault ppt
Shrey Agarwal
 
Distributed tracing using open tracing &amp; jaeger 2
Distributed tracing using open tracing &amp; jaeger 2Distributed tracing using open tracing &amp; jaeger 2
Distributed tracing using open tracing &amp; jaeger 2
Chandresh Pancholi
 
API Security in a Microservice Architecture
API Security in a Microservice ArchitectureAPI Security in a Microservice Architecture
API Security in a Microservice Architecture
Matt McLarty
 
EKS에서 Opentelemetry로 코드실행 모니터링하기 - 신재현 (인덴트코퍼레이션) :: AWS Community Day Online...
EKS에서 Opentelemetry로 코드실행 모니터링하기 - 신재현 (인덴트코퍼레이션) :: AWS Community Day Online...EKS에서 Opentelemetry로 코드실행 모니터링하기 - 신재현 (인덴트코퍼레이션) :: AWS Community Day Online...
EKS에서 Opentelemetry로 코드실행 모니터링하기 - 신재현 (인덴트코퍼레이션) :: AWS Community Day Online...
AWSKRUG - AWS한국사용자모임
 
CICD using jenkins and Nomad
CICD using jenkins and NomadCICD using jenkins and Nomad
CICD using jenkins and Nomad
Bram Vogelaar
 
Kong API Gateway
Kong API Gateway Kong API Gateway
Kong API Gateway
Chris Mague
 
OSMC 2022 | OpenTelemetry 101 by Dotan Horovit s.pdf
OSMC 2022 | OpenTelemetry 101 by Dotan Horovit s.pdfOSMC 2022 | OpenTelemetry 101 by Dotan Horovit s.pdf
OSMC 2022 | OpenTelemetry 101 by Dotan Horovit s.pdf
NETWAYS
 
Running Kafka as a Native Binary Using GraalVM with Ozan Günalp
Running Kafka as a Native Binary Using GraalVM with Ozan GünalpRunning Kafka as a Native Binary Using GraalVM with Ozan Günalp
Running Kafka as a Native Binary Using GraalVM with Ozan Günalp
HostedbyConfluent
 
OpenStack API's and WSGI
OpenStack API's and WSGIOpenStack API's and WSGI
OpenStack API's and WSGI
Mike Pittaro
 
Introducing Kafka's Streams API
Introducing Kafka's Streams APIIntroducing Kafka's Streams API
Introducing Kafka's Streams API
confluent
 
Terraform
TerraformTerraform
Terraform
Phil Wilkins
 
Developing Microservices with Apache Camel
Developing Microservices with Apache CamelDeveloping Microservices with Apache Camel
Developing Microservices with Apache Camel
Claus Ibsen
 
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Outlyer
 
Deep dive into highly available open stack architecture openstack summit va...
Deep dive into highly available open stack architecture openstack summit va...Deep dive into highly available open stack architecture openstack summit va...
Deep dive into highly available open stack architecture openstack summit va...
Arthur Berezin
 
API Gateway report
API Gateway reportAPI Gateway report
API Gateway report
Gleicon Moraes
 
KSQL Performance Tuning for Fun and Profit ( Nick Dearden, Confluent) Kafka S...
KSQL Performance Tuning for Fun and Profit ( Nick Dearden, Confluent) Kafka S...KSQL Performance Tuning for Fun and Profit ( Nick Dearden, Confluent) Kafka S...
KSQL Performance Tuning for Fun and Profit ( Nick Dearden, Confluent) Kafka S...
confluent
 
Kong
KongKong
Kong
Troublemaker Khunpech
 
Introduction to burp suite
Introduction to burp suiteIntroduction to burp suite
Introduction to burp suite
Utkarsh Bhargava
 
Understand your system like never before with OpenTelemetry, Grafana, and Pro...
Understand your system like never before with OpenTelemetry, Grafana, and Pro...Understand your system like never before with OpenTelemetry, Grafana, and Pro...
Understand your system like never before with OpenTelemetry, Grafana, and Pro...
LibbySchulze
 
How Zillow Unlocked Kafka to 50 Teams in 8 months | Shahar Cizer Kobrinsky, Z...
How Zillow Unlocked Kafka to 50 Teams in 8 months | Shahar Cizer Kobrinsky, Z...How Zillow Unlocked Kafka to 50 Teams in 8 months | Shahar Cizer Kobrinsky, Z...
How Zillow Unlocked Kafka to 50 Teams in 8 months | Shahar Cizer Kobrinsky, Z...
HostedbyConfluent
 
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
Flink Forward
 
Easy Cloud Native Transformation using HashiCorp Nomad
Easy Cloud Native Transformation using HashiCorp NomadEasy Cloud Native Transformation using HashiCorp Nomad
Easy Cloud Native Transformation using HashiCorp Nomad
Bram Vogelaar
 
Docker remote-api
Docker remote-apiDocker remote-api
Docker remote-api
Eric Ahn
 

More Related Content

What's hot

OSMC 2022 | OpenTelemetry 101 by Dotan Horovit s.pdf
OSMC 2022 | OpenTelemetry 101 by Dotan Horovit s.pdfOSMC 2022 | OpenTelemetry 101 by Dotan Horovit s.pdf
OSMC 2022 | OpenTelemetry 101 by Dotan Horovit s.pdf
NETWAYS
 
Running Kafka as a Native Binary Using GraalVM with Ozan Günalp
Running Kafka as a Native Binary Using GraalVM with Ozan GünalpRunning Kafka as a Native Binary Using GraalVM with Ozan Günalp
Running Kafka as a Native Binary Using GraalVM with Ozan Günalp
HostedbyConfluent
 
Introducing Kafka's Streams API
Introducing Kafka's Streams APIIntroducing Kafka's Streams API
Introducing Kafka's Streams API
confluent
 
Deep dive into highly available open stack architecture openstack summit va...
Deep dive into highly available open stack architecture openstack summit va...Deep dive into highly available open stack architecture openstack summit va...
Deep dive into highly available open stack architecture openstack summit va...
Arthur Berezin
 
How Zillow Unlocked Kafka to 50 Teams in 8 months | Shahar Cizer Kobrinsky, Z...
How Zillow Unlocked Kafka to 50 Teams in 8 months | Shahar Cizer Kobrinsky, Z...How Zillow Unlocked Kafka to 50 Teams in 8 months | Shahar Cizer Kobrinsky, Z...
How Zillow Unlocked Kafka to 50 Teams in 8 months | Shahar Cizer Kobrinsky, Z...
HostedbyConfluent
 
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
Flink Forward
 

What's hot (20)

Distributed tracing using open tracing &amp; jaeger 2
Distributed tracing using open tracing &amp; jaeger 2Distributed tracing using open tracing &amp; jaeger 2
Distributed tracing using open tracing &amp; jaeger 2
 
API Security in a Microservice Architecture
API Security in a Microservice ArchitectureAPI Security in a Microservice Architecture
API Security in a Microservice Architecture
 
EKS에서 Opentelemetry로 코드실행 모니터링하기 - 신재현 (인덴트코퍼레이션) :: AWS Community Day Online...
EKS에서 Opentelemetry로 코드실행 모니터링하기 - 신재현 (인덴트코퍼레이션) :: AWS Community Day Online...EKS에서 Opentelemetry로 코드실행 모니터링하기 - 신재현 (인덴트코퍼레이션) :: AWS Community Day Online...
EKS에서 Opentelemetry로 코드실행 모니터링하기 - 신재현 (인덴트코퍼레이션) :: AWS Community Day Online...
 
CICD using jenkins and Nomad
CICD using jenkins and NomadCICD using jenkins and Nomad
CICD using jenkins and Nomad
 
Kong API Gateway
Kong API Gateway Kong API Gateway
Kong API Gateway
 
OSMC 2022 | OpenTelemetry 101 by Dotan Horovit s.pdf
OSMC 2022 | OpenTelemetry 101 by Dotan Horovit s.pdfOSMC 2022 | OpenTelemetry 101 by Dotan Horovit s.pdf
OSMC 2022 | OpenTelemetry 101 by Dotan Horovit s.pdf
 
Running Kafka as a Native Binary Using GraalVM with Ozan Günalp
Running Kafka as a Native Binary Using GraalVM with Ozan GünalpRunning Kafka as a Native Binary Using GraalVM with Ozan Günalp
Running Kafka as a Native Binary Using GraalVM with Ozan Günalp
 
OpenStack API's and WSGI
OpenStack API's and WSGIOpenStack API's and WSGI
OpenStack API's and WSGI
 
Introducing Kafka's Streams API
Introducing Kafka's Streams APIIntroducing Kafka's Streams API
Introducing Kafka's Streams API
 
Terraform
TerraformTerraform
Terraform
 
Developing Microservices with Apache Camel
Developing Microservices with Apache CamelDeveloping Microservices with Apache Camel
Developing Microservices with Apache Camel
 
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
 
Deep dive into highly available open stack architecture openstack summit va...
Deep dive into highly available open stack architecture openstack summit va...Deep dive into highly available open stack architecture openstack summit va...
Deep dive into highly available open stack architecture openstack summit va...
 
API Gateway report
API Gateway reportAPI Gateway report
API Gateway report
 
KSQL Performance Tuning for Fun and Profit ( Nick Dearden, Confluent) Kafka S...
KSQL Performance Tuning for Fun and Profit ( Nick Dearden, Confluent) Kafka S...KSQL Performance Tuning for Fun and Profit ( Nick Dearden, Confluent) Kafka S...
KSQL Performance Tuning for Fun and Profit ( Nick Dearden, Confluent) Kafka S...
 
Kong
KongKong
Kong
 
Introduction to burp suite
Introduction to burp suiteIntroduction to burp suite
Introduction to burp suite
 
Understand your system like never before with OpenTelemetry, Grafana, and Pro...
Understand your system like never before with OpenTelemetry, Grafana, and Pro...Understand your system like never before with OpenTelemetry, Grafana, and Pro...
Understand your system like never before with OpenTelemetry, Grafana, and Pro...
 
How Zillow Unlocked Kafka to 50 Teams in 8 months | Shahar Cizer Kobrinsky, Z...
How Zillow Unlocked Kafka to 50 Teams in 8 months | Shahar Cizer Kobrinsky, Z...How Zillow Unlocked Kafka to 50 Teams in 8 months | Shahar Cizer Kobrinsky, Z...
How Zillow Unlocked Kafka to 50 Teams in 8 months | Shahar Cizer Kobrinsky, Z...
 
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
Squirreling Away $640 Billion: How Stripe Leverages Flink for Change Data Cap...
 

Similar to Easy Cloud Native Transformation with Nomad

Securing Prometheus exporters using HashiCorp Vault
Securing Prometheus exporters using HashiCorp VaultSecuring Prometheus exporters using HashiCorp Vault
Securing Prometheus exporters using HashiCorp Vault
Bram Vogelaar
 
Railsconf2011 deployment tips_for_slideshare
Railsconf2011 deployment tips_for_slideshareRailsconf2011 deployment tips_for_slideshare
Railsconf2011 deployment tips_for_slideshare
tomcopeland
 
Burn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websitesBurn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websites
Lindsay Holmwood
 

Similar to Easy Cloud Native Transformation with Nomad (20)

Easy Cloud Native Transformation using HashiCorp Nomad
Easy Cloud Native Transformation using HashiCorp NomadEasy Cloud Native Transformation using HashiCorp Nomad
Easy Cloud Native Transformation using HashiCorp Nomad
 
Docker remote-api
Docker remote-apiDocker remote-api
Docker remote-api
 
Delivering Go.CD with Terraform and Docker
Delivering Go.CD with Terraform and DockerDelivering Go.CD with Terraform and Docker
Delivering Go.CD with Terraform and Docker
 
Puppet and the HashiStack
Puppet and the HashiStackPuppet and the HashiStack
Puppet and the HashiStack
 
Bootstrapping multidc observability stack
Bootstrapping multidc observability stackBootstrapping multidc observability stack
Bootstrapping multidc observability stack
 
New Docker Features for Orchestration and Containers
New Docker Features for Orchestration and ContainersNew Docker Features for Orchestration and Containers
New Docker Features for Orchestration and Containers
 
Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...
Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...
Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...
 
Docker Security workshop slides
Docker Security workshop slidesDocker Security workshop slides
Docker Security workshop slides
 
Securing Prometheus exporters using HashiCorp Vault
Securing Prometheus exporters using HashiCorp VaultSecuring Prometheus exporters using HashiCorp Vault
Securing Prometheus exporters using HashiCorp Vault
 
Railsconf2011 deployment tips_for_slideshare
Railsconf2011 deployment tips_for_slideshareRailsconf2011 deployment tips_for_slideshare
Railsconf2011 deployment tips_for_slideshare
 
10 things i learned building nomad-packs
10 things i learned building nomad-packs10 things i learned building nomad-packs
10 things i learned building nomad-packs
 
Cutting through the fog of cloud
Cutting through the fog of cloudCutting through the fog of cloud
Cutting through the fog of cloud
 
Burn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websitesBurn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websites
 
Things I've learned working with Docker Support
Things I've learned working with Docker SupportThings I've learned working with Docker Support
Things I've learned working with Docker Support
 
Zaragoza dev ops-activiti-khd-20181212
Zaragoza dev ops-activiti-khd-20181212Zaragoza dev ops-activiti-khd-20181212
Zaragoza dev ops-activiti-khd-20181212
 
Lights, Camera, Docker: Streaming Video at DramaFever
Lights, Camera, Docker: Streaming Video at DramaFeverLights, Camera, Docker: Streaming Video at DramaFever
Lights, Camera, Docker: Streaming Video at DramaFever
 
파이썬 개발환경 구성하기의 끝판왕 - Docker Compose
파이썬 개발환경 구성하기의 끝판왕 - Docker Compose파이썬 개발환경 구성하기의 끝판왕 - Docker Compose
파이썬 개발환경 구성하기의 끝판왕 - Docker Compose
 
HashiConf Digital 2020: HashiCorp Vault configuration as code via HashiCorp T...
HashiConf Digital 2020: HashiCorp Vault configuration as code via HashiCorp T...HashiConf Digital 2020: HashiCorp Vault configuration as code via HashiCorp T...
HashiConf Digital 2020: HashiCorp Vault configuration as code via HashiCorp T...
 
Django로 만든 웹 애플리케이션 도커라이징하기 + 도커 컴포즈로 개발 환경 구축하기
Django로 만든 웹 애플리케이션 도커라이징하기 + 도커 컴포즈로 개발 환경 구축하기Django로 만든 웹 애플리케이션 도커라이징하기 + 도커 컴포즈로 개발 환경 구축하기
Django로 만든 웹 애플리케이션 도커라이징하기 + 도커 컴포즈로 개발 환경 구축하기
 
Microservices blue-green-deployment-with-docker
Microservices blue-green-deployment-with-dockerMicroservices blue-green-deployment-with-docker
Microservices blue-green-deployment-with-docker
 

More from Bram Vogelaar

Cost reconciliation in a post CMDB world
Cost reconciliation in a post CMDB worldCost reconciliation in a post CMDB world
Cost reconciliation in a post CMDB world
Bram Vogelaar
 
Scraping metrics for fun and profit
Scraping metrics for fun and profitScraping metrics for fun and profit
Scraping metrics for fun and profit
Bram Vogelaar
 
Observability; a gentle introduction
Observability; a gentle introductionObservability; a gentle introduction
Observability; a gentle introduction
Bram Vogelaar
 
Running Trusted Payload with Nomad and Waypoint
Running Trusted Payload with Nomad and WaypointRunning Trusted Payload with Nomad and Waypoint
Running Trusted Payload with Nomad and Waypoint
Bram Vogelaar
 
Running trusted payloads with Nomad and Waypoint
Running trusted payloads with Nomad and WaypointRunning trusted payloads with Nomad and Waypoint
Running trusted payloads with Nomad and Waypoint
Bram Vogelaar
 
Gamification of Chaos Testing
Gamification of Chaos TestingGamification of Chaos Testing
Gamification of Chaos Testing
Bram Vogelaar
 
Autoscaling with hashi_corp_nomad
Autoscaling with hashi_corp_nomadAutoscaling with hashi_corp_nomad
Autoscaling with hashi_corp_nomad
Bram Vogelaar
 
Observability with Consul Connect
Observability with Consul ConnectObservability with Consul Connect
Observability with Consul Connect
Bram Vogelaar
 
High Available Drupal
High Available DrupalHigh Available Drupal
High Available Drupal
Bram Vogelaar
 

More from Bram Vogelaar (20)

Cost reconciliation in a post CMDB world
Cost reconciliation in a post CMDB worldCost reconciliation in a post CMDB world
Cost reconciliation in a post CMDB world
 
Self scaling Multi cloud nomad workloads
Self scaling Multi cloud nomad workloadsSelf scaling Multi cloud nomad workloads
Self scaling Multi cloud nomad workloads
 
Scraping metrics for fun and profit
Scraping metrics for fun and profitScraping metrics for fun and profit
Scraping metrics for fun and profit
 
10 things I learned building Nomad packs
10 things I learned building Nomad packs10 things I learned building Nomad packs
10 things I learned building Nomad packs
 
Observability; a gentle introduction
Observability; a gentle introductionObservability; a gentle introduction
Observability; a gentle introduction
 
Running Trusted Payload with Nomad and Waypoint
Running Trusted Payload with Nomad and WaypointRunning Trusted Payload with Nomad and Waypoint
Running Trusted Payload with Nomad and Waypoint
 
Running trusted payloads with Nomad and Waypoint
Running trusted payloads with Nomad and WaypointRunning trusted payloads with Nomad and Waypoint
Running trusted payloads with Nomad and Waypoint
 
Gamification of Chaos Testing
Gamification of Chaos TestingGamification of Chaos Testing
Gamification of Chaos Testing
 
Bootstrapping multidc observability stack
Bootstrapping multidc observability stackBootstrapping multidc observability stack
Bootstrapping multidc observability stack
 
Creating Reusable Puppet Profiles
Creating Reusable Puppet ProfilesCreating Reusable Puppet Profiles
Creating Reusable Puppet Profiles
 
Gamification of Chaos Testing
Gamification of Chaos TestingGamification of Chaos Testing
Gamification of Chaos Testing
 
Autoscaling with hashi_corp_nomad
Autoscaling with hashi_corp_nomadAutoscaling with hashi_corp_nomad
Autoscaling with hashi_corp_nomad
 
Observability with Consul Connect
Observability with Consul ConnectObservability with Consul Connect
Observability with Consul Connect
 
Testing your infrastructure with litmus
Testing your infrastructure with litmusTesting your infrastructure with litmus
Testing your infrastructure with litmus
 
Devops its not about the tooling
Devops its not about the toolingDevops its not about the tooling
Devops its not about the tooling
 
High Available Drupal
High Available DrupalHigh Available Drupal
High Available Drupal
 
Over engineering your personal website
Over engineering your personal websiteOver engineering your personal website
Over engineering your personal website
 
Integrating icinga2 and the HashiCorp suite
Integrating icinga2 and the HashiCorp suiteIntegrating icinga2 and the HashiCorp suite
Integrating icinga2 and the HashiCorp suite
 
Puppet and the HashiCorp Suite
Puppet and the HashiCorp SuitePuppet and the HashiCorp Suite
Puppet and the HashiCorp Suite
 
Integrating icinga2 and the HashiCorp suite
Integrating icinga2 and the HashiCorp suiteIntegrating icinga2 and the HashiCorp suite
Integrating icinga2 and the HashiCorp suite
 

Recently uploaded

Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
UXDXConf
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
UXDXConf
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Peter Udo Diehl
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
Femke de Vroome
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
David Michel
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
CzechDreamin
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
ScyllaDB
 

Recently uploaded (20)

ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
THE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreelTHE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreel
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 

Easy Cloud Native Transformation with Nomad

  • 1. Easy Cloud Native Transformation with HashiCorp Nomad Bram Vogelaar @attachmentgenie
  • 2. • Used to be a Molecular Biologist • Then became a Dev, now an Ops • Currently Cloud Engineer @ The Factory • Amsterdam HUG organizer • Almost author => Workload Orchestration Made Easy With Nomad $ whoami
  • 3. Moving it all to the cloud
  • 5. And than stuff got complicated….
  • 6. l Open-source tool for dynamic workload scheduling l Batch, containerized, and non-containerized applications. l Has native Consul and Vault integrations. l Has token based access setup. l Jobs written in (H)ashiCorp (C)onfiguration (L)anguage https://www.nomadproject.io/ Nomad
  • 7. Deploy the blog job "blog" { group ”hugo" { network { port "http" { to = ”80” } } service { name = ”attachmentgeniedotcom" port. = ”http" } task ”nginx" { driver = "docker" config { image = "${PRIVATE}.dkr.ecr.us-east-1.amazonaws.com/blog:19” ports = ["http"] } } }
  • 8. 1 == None job "blog" { datacenters = ["aws"] type = "service" group "hugo" { count = 2
  • 9. Force onto different hardware job "blog" { datacenters = ["aws"] type = "service" group "hugo" { count = 2 constraint { operator = "distinct_hosts" value = "true" }
  • 10. Suggest onto different hardware job "blog" { datacenters = ["aws"] type = "service" group "hugo" { count = 2 Spread { attribute = "${node.datacenter}" }
  • 11. Based on custom meta-data /etc/nomad.d/config.hcl Client { Enabled = true Meta { "rack" = "his" } } blog.nomad job "blog" { group "hugo" { Spread { attribute = "${meta.rack}" target "his" { percent = 50 } target "her" { percent = 50 } }
  • 12. service { name = "grafana" provider = "nomad" port = "grafana_ui" check { type = "http" path = "/api/health" interval = "10s" timeout. = "2s" } tags = [ "traefik.enable=true", ] } Native Service Discovery ( > 1.3)
  • 13. template { data = <<EOH server { listen *:80; server_name grafana.teambla.com; location / { {{ range nomadService ”grafana" }} proxy_pass http://{{ .Address }}:{{ .Port }}; {{ end }} …. } EOH destination = "local/nginx.conf" } Native Service Discovery ( > 1.3)
  • 14. $ nomad alloc checks f6683eb8 Status of 1 Nomad Service Checks ID = e47351cef1c81ca56bf70be6b48ae44a Name = service: "grafana" check Group = grafana.grafana[0] Task = grafana Service = grafana Status = success StatusCode = 200 Mode = healthiness Timestamp = 2022-10-03T12:43:48Z Output = nomad: http ok Service Checks
  • 16. $ cat grafana.nomad service { name = "grafana" provider = "nomad" port = "grafana_ui" tags = [ "traefik.enable=true", ] } Ingress / Traefik $ cat traefik.yaml providers: nomad: address: http://${attr.unique.network.ip-address}:4646” exposedByDefault: false https://traefik.io <- 2.8.0
  • 17. Metrics / Prometheus https://prometheus.io <- 2.37.0 $ cat grafana.nomad service { name = "grafana" provider = "nomad" port = "grafana_ui" tags = [ "metrics", ] } $ cat prometheus.yaml scrape_configs: - job_name: 'nomad_sd' nomad_sd_configs: - server: 'http://{{ env "attr.unique.network.ip-address" }}:4646' relabel_configs: - source_labels: ['__meta_nomad_tags'] regex: '(.*),metrics,(.*)' action: keep - source_labels: [__meta_nomad_service] target_label: job
  • 18. l Open-Source Service Discovery Tool l Build-in KV store l Service Mesh tool l Uses watchers to have near instant feedback loops https://www.consul.io/ Consul
  • 19. • Levant • Templating and packaging tool • Easily deploy popular applications to Nomad • Re-use common patterns across internal applications • Find and share job definitions with the Nomad community • Jobs written in (H)ashiCorp (C)onfiguration (L)anguage • Templates are written using Go Template Syntax. • Nightlies only right now! Nomad Pack https://github.com/hashicorp/nomad-pack
  • 20. variable "datacenters" { description = "A list of datacenters in the region which are eligible for task placement" type = list(string) default = [“dc1”] } Variable “resources” { description = “The resource to assign to the blog service task” type = object({ cpu = number memory = number }) default = { cpu = 200, memory = 256 } } variables.hcl
  • 21. $ cat packs/blog/templates/blog.nomad.tpl …. datacenters = [[ .my.datacenters | toStringList ]] … resources { cpu = [[ .my.blog_resources.cpu ]] memory = [[ .my.blog_resources.memory ]] } … Pack Templates
  • 22. • nomad-pack registry list • nomad-pack registry add https://github.com/attachmentgenie/hashitalks-registry • nomad-pack run blog --var namespace=dashboard • nomad-pack run packs/blog -f vars/blog.hcl Pack Registries https://github.com/hashicorp/nomad-pack-community-registry
  • 23. Nomad UI (> 1.4.3)
  • 25. Secrets task "grafana" { driver = "docker" config { image = "grafana/grafana:9.2.3" ports = ["grafana_ui"] } env { {{- with nomadVar "nomad/jobs/grafana" -}} GF_SECURITY_ADMIN_USER = {{. GF_SECURITY_ADMIN_USER}} GF_SECURITY_ADMIN_PASSWORD = {{. GF_SECURITY_ADMIN_PASSWORD}} {{- end -}} }
  • 26. l Open-Source tool to do secrets management l Secure, store and tightly control access to tokens, passwords, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API. l Certificate management l Password rotation (e.g. SSH, MySQL) https://www.vaultproject.io/ Vault
  • 27. Nomad autoscaler Introduced in/with Nomad 0.11 (Currently) independently release cycle Gaining new functionality every release Build in Functionality for horizontal and vertical scaling But extendable by your own (community) plugins
  • 28. ● Makes decisions based on a checks ● Checks are a combination of • Data queried from an APM • Defined STRATEGY • Attempt to approach TARGET value ● Multiple Checks can be combined • Answer with the most resources will win! • ScaleOut and ScaleIn => ScaleOut • ScaleOut and ScaleNone => ScaleOut • ScaleIn and ScaleNone => ScaleNone • ScaleOut(10) and ScaleOut(9) => ScaleOut(10) • ScaleIn(3) and ScaleIn(4) => ScaleIn(4) Auto-scaling TLDR
  • 29. /etc/nomad.d/config.hcl nomad { address = "http://{{env "attr.unique.network.ip-address" }}:4646" } apm "prometheus" { driver = "prometheus" config = { address = "http://prometheus.service.consul:9090" } } strategy "target-value" { driver = "target-value" } Config for the autoscaler
  • 30. job "blog" { datacenters = ["aws"] type = "service" group "hugo" { count = 3 scaling { enabled = true min = 1 max = 20 policy { cooldown = “20s” check “avg_instance_sessions” { source = “prometheus” query = “scalar(avg(traefik_service_open_connections{service=”blog@consulcatalog”}))” strategy “target-value” { target = 5 } Enable autoscaling for the blog
  • 33. Moving it all to the cloud - QED
  • 34. Questions ? The Floor is yours… bram@attachmentgenie.com @attachmentgenie https://www.slideshare.net/attachmentgenie