Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Copyright © 2020 HashiCorp
Governance for
Multiple Teams
Sharing a Nomad
Cluster
Roger Berlind
Technology Specialist
Hashi...
Copyright © 2020 HashiCorp
Brief overview of Nomad
Key Nomad multitenancy features that allow teams to
share clusters
D...
Copyright © 2020 HashiCorp
Nomad Overview
Copyright © 2020 HashiCorp
Nomad is an easy-to-use and flexible
Workload Orchestrator that enables
organizations to automa...
Copyright © 2020 HashiCorp
A Single Workflow Across Multiple Clouds
Copyright © 2020 HashiCorp
Simple Deployment with a Single Binary
Copyright © 2020 HashiCorp
Nomad Increases Density and Reduces Costs
Copyright © 2020 HashiCorp
▪ Ease of Use
– Easy for Developers to run Apps and Operators to manage
▪ Workload Flexibility
...
Copyright © 2020 HashiCorp
A Nomad Case Study
Copyright © 2020 HashiCorp
Key Nomad
MultiTenancy
Features
Copyright © 2020 HashiCorp
• Token-based
authentication
• Capability-based
authorization
• Centrally managed
policies
• Po...
Copyright © 2020 HashiCorp
▪ Namespaces allow a single multi-region Nomad deployment to
be shared by many teams without co...
Copyright © 2020 HashiCorp
▪ Resource Quotas restrict the aggregate resources that each
namespace can use.
▪ They prevent ...
Copyright © 2020 HashiCorp
 Sentinel expresses Policy as Code.
 In Nomad, Sentinel can restrict jobs and the drivers the...
Copyright © 2020 HashiCorp
Demo
Copyright © 2020 HashiCorp
▪ We have 1 Nomad Server with 3 Nomad Clients in GCP.
▪ We have 2 Teams: dev and qa.
– Each tea...
Copyright © 2020 HashiCorp
▪ The demo is implemented in a public Instruqt track:
– https://play.instruqt.com/hashicorp/tra...
Copyright © 2020 HashiCorp
Some Links and
Q & A
Copyright © 2020 HashiCorp
▪ A blog post about the demo that will have the webinar
recording is here:
– Governance for Mul...
Copyright © 2020 HashiCorp
▪ If you would like to learn more about Nomad, please
register for the Nomad Hands-On Workshop ...
Upcoming SlideShare
Loading in …5
×
Upcoming SlideShare
What to Upload to SlideShare
Next
Download to read offline and view in fullscreen.

0

Share

Download to read offline

Governance for Multiple Teams Sharing a Nomad Cluster

Download to read offline

HashiCorp Nomad is an easy-to-use and flexible workload orchestrator that enables organizations to automate the deployment of any applications on any infrastructure at any scale across multiple clouds. While Kubernetes gets a lot of attention, Nomad is an attractive alternative that is easy to use, more flexible, and natively integrated with HashiCorp Vault and Consul. In addition to running Docker containers, Nomad can also run non-containerized, legacy applications on both Linux and Windows servers.

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

Governance for Multiple Teams Sharing a Nomad Cluster

  1. 1. Copyright © 2020 HashiCorp Governance for Multiple Teams Sharing a Nomad Cluster Roger Berlind Technology Specialist HashiCorp
  2. 2. Copyright © 2020 HashiCorp Brief overview of Nomad Key Nomad multitenancy features that allow teams to share clusters Demo of public, hands-on Instruqt track that you can run yourself Information about a hands-on "Introduction to Nomad" workshop we're delivering on May 20, 2020 Q & A Agenda
  3. 3. Copyright © 2020 HashiCorp Nomad Overview
  4. 4. Copyright © 2020 HashiCorp Nomad is an easy-to-use and flexible Workload Orchestrator that enables organizations to automate the deployment of containerized and non- containerized applications in private and public clouds. What is Nomad?
  5. 5. Copyright © 2020 HashiCorp A Single Workflow Across Multiple Clouds
  6. 6. Copyright © 2020 HashiCorp Simple Deployment with a Single Binary
  7. 7. Copyright © 2020 HashiCorp Nomad Increases Density and Reduces Costs
  8. 8. Copyright © 2020 HashiCorp ▪ Ease of Use – Easy for Developers to run Apps and Operators to manage ▪ Workload Flexibility – Supports Docker and Legacy Apps on Linux & Windows ▪ Scalability – Federation of Clusters Across Multiple Regions and Clouds ▪ Synergy with Other HashiCorp Solutions – Integration with Vault for Secrets – Integration with Consul for Service Discovery & Configuration Why Do Companies Use Nomad?
  9. 9. Copyright © 2020 HashiCorp A Nomad Case Study
  10. 10. Copyright © 2020 HashiCorp Key Nomad MultiTenancy Features
  11. 11. Copyright © 2020 HashiCorp • Token-based authentication • Capability-based authorization • Centrally managed policies • Policies and global tokens are replicated across clusters Nomad ACL System 11
  12. 12. Copyright © 2020 HashiCorp ▪ Namespaces allow a single multi-region Nomad deployment to be shared by many teams without conflict. ▪ Jobs in different namespaces can have the same name. ▪ ACL policies restrict which users can run jobs in namespaces. ▪ Namespaces are automatically replicated across federated clusters. Nomad Namespaces
  13. 13. Copyright © 2020 HashiCorp ▪ Resource Quotas restrict the aggregate resources that each namespace can use. ▪ They prevent one team or user from adversely impacting other teams and users. ▪ ACL policies restrict who can change resource quotas. ▪ Resource quotas can be defined for each region or applied globally. Nomad Resource Quotas
  14. 14. Copyright © 2020 HashiCorp  Sentinel expresses Policy as Code.  In Nomad, Sentinel can restrict jobs and the drivers they use.  Sentinel policies are applied to submitted/updated jobs after the ACL system determines that a user is allowed to submit them.  Sentinel policies are automatically replicated across clusters. Nomad Sentinel Policies 14
  15. 15. Copyright © 2020 HashiCorp Demo
  16. 16. Copyright © 2020 HashiCorp ▪ We have 1 Nomad Server with 3 Nomad Clients in GCP. ▪ We have 2 Teams: dev and qa. – Each team has its own namespace and resource quota. – Alice is a developer on the dev team with an ACL token. – Bob is an engineer on the qa team with an ACL token. – Charlie is an infrastructure manager allowed to override violations of soft-mandatory Sentinel policies in all namespaces. ▪ We have 3 Sentinel policies that restrict jobs. ▪ We will see what happens when the Alice, Bob, and Charlie try to run different jobs in different namespaces. Demo Overview
  17. 17. Copyright © 2020 HashiCorp ▪ The demo is implemented in a public Instruqt track: – https://play.instruqt.com/hashicorp/tracks/nomad-governance ▪ You can run this track yourself to see how Nomad Enterprise would allow your teams to safely share Nomad clusters. ▪ Full Demo Flow: 1. Configure Nomad namespaces and resource quotas. 2. Create Nomad ACL policies and tokens. 3. Create Sentinel policies. 4. Run Nomad jobs restricted by ACLs and Sentinel policies. 5. Run Nomad jobs restricted by resource quotas. ▪ We'll give a shorter version today, starting at step 4. Demo Implementation
  18. 18. Copyright © 2020 HashiCorp Some Links and Q & A
  19. 19. Copyright © 2020 HashiCorp ▪ A blog post about the demo that will have the webinar recording is here: – Governance for Multiple Teams Sharing a Nomad Cluster ▪ Instruqt track that let's you run this demo yourself: – https://play.instruqt.com/hashicorp/tracks/nomad-governance ▪ Other Nomad Instruqt Tracks can be found here: https://play.instruqt.com/hashicorp/topics/nomad-workshops Some Links
  20. 20. Copyright © 2020 HashiCorp ▪ If you would like to learn more about Nomad, please register for the Nomad Hands-On Workshop that we will be delivering on May 20, 2020. ▪ Workshop Topics: – Nomad Concepts and Architecture – Interacting with Nomad – Nomad Jobs and Drivers – Running Nomad Clusters and Jobs – Monitoring Nomad Jobs ▪ You'll find a registration link here: – https://events.hashicorp.com/workshops/nomad-may20 Nomad Hands-On Workshop

HashiCorp Nomad is an easy-to-use and flexible workload orchestrator that enables organizations to automate the deployment of any applications on any infrastructure at any scale across multiple clouds. While Kubernetes gets a lot of attention, Nomad is an attractive alternative that is easy to use, more flexible, and natively integrated with HashiCorp Vault and Consul. In addition to running Docker containers, Nomad can also run non-containerized, legacy applications on both Linux and Windows servers.

Views

Total views

445

On Slideshare

0

From embeds

0

Number of embeds

409

Actions

Downloads

2

Shares

0

Comments

0

Likes

0

×