The nomad team has been working hard to make sure that running Nomad is as easy as possible. For that they have introduced native service discovery and secret management and the ecosystem is picking up speed and tools like Traefik and Prometheus now support it out of the box. With the introduction of nomad-pack and the community registry it is now easier than ever to start nomad jobs. During this talk we ll discuss how to plumb all these together and why running Nomad has never been easier.

1. Uncomplicated Nomad
Bram Vogelaar
@attachmentgenie

2. Observability (o11y) Stack

3. l Open-Source tool for dynamic workload scheduling
l Batch, containerized, and non-containerized applications.
l Has native service discovery (Consul) and secret management (Vault) integrations.
l Has token based access system.
l Jobs written in (H)ashiCorp (C)onfiguration (L)anguage
https://www.nomadproject.io/
Nomad

4. Introducing the Setup
Scheduler Service
Discovery
Secrets Ingress Metrics

5. Production Ready Setup
Total: 16-21 nodes!?!

6. UX Pyramid

7. service {
name = "grafana"
provider = "nomad"
port = "grafana_ui"
check {
type = "http"
path = "/api/health"
interval = "10s"
timeout. = "2s"
}
tags = [
"traefik.enable=true",
]
}
Native Service Discovery

8. template {
data = <<EOH
server {
listen *:80;
server_name grafana.teambla.com;
location / {
{{ range nomadService ”grafana" }}
proxy_pass http://{{ .Address }}:{{ .Port }};
{{ end }}
….
}
EOH
destination = "local/nginx.conf"
}
Native Service Discovery

9. $ nomad alloc checks f6683eb8
Status of 1 Nomad Service Checks
ID = e47351cef1c81ca56bf70be6b48ae44a
Name = service: "grafana" check
Group = grafana.grafana[0]
Task = grafana
Service = grafana
Status = success
StatusCode = 200
Mode = healthiness
Timestamp = 2022-10-03T12:43:48Z
Output = nomad: http ok
Service Checks

10. Service Overview

11. (secure) Variables

12. Secrets
task "grafana" {
driver = "docker"
config {
image = "grafana/grafana:9.1.6"
ports = ["grafana_ui"]
}
env {
{{- with nomadVar "nomad/jobs/grafana" -}}
GF_SECURITY_ADMIN_USER = {{. GF_SECURITY_ADMIN_USER}}
GF_SECURITY_ADMIN_PASSWORD = {{. GF_SECURITY_ADMIN_PASSWORD}}
{{- end -}}
}

13. $ cat grafana.nomad
service {
name = "grafana"
provider = "nomad"
port = "grafana_ui"
tags = [
"traefik.enable=true",
]
}
Ingress / Traefik
$ cat traefik.yaml
providers:
nomad:
address: http://${attr.unique.network.ip-address}:4646”
exposedByDefault: false

14. Metrics / Prometheus
scrape_configs:
- job_name: 'nomad_sd'
nomad_sd_configs:
- server: 'http://{{ env "attr.unique.network.ip-address" }}:4646'
relabel_configs:
- source_labels: ['__meta_nomad_tags']
regex: '(.*),metrics,(.*)'
action: keep
- source_labels: [__meta_nomad_service]
target_label: job
https://prometheus.io

15. • Levant
• Templating and packaging tool
• Easily deploy popular applications to Nomad
• Re-use common patterns across internal applications
• Find and share job specifications with the Nomad community
Nomad Pack
https://github.com/hashicorp/nomad-pack

16. • nomad-pack registry list
• nomad-pack registry add https://github.com/attachmentgenie/nomad-pack-lgtm-registry
• nomad-pack run grafana --var namespace=dashboard
• nomad-pack run packs/grafana -f vars/grafana.hcl
Pack Registries
https://github.com/attachmentgenie/nomad-pack-lgtm-registry

17. $ cat packs/grafana/templates/grafana.nomad.tpl
job [[ template "job_name" . ]] {
[[ template "region" . ]]
[[ template "namespace" . ]]
datacenters = [[ .grafana.datacenters | toStringList ]]
$ cat packs/grafana/templates/_helpers.tpl
[[- define "job_name" -]]
[[- if eq .grafana.job_name "" -]]
[[- .nomad_pack.pack.name | quote -]]
[[- else -]]
[[- .grafana.job_name | quote -]]
[[- end -]]
[[- end -]]
Pack Registries
https://github.com/hashicorp/nomad-pack-community-registry

18. Uncomplicated Setup Q.E.D
bram@attachmentgenie.com
@attachmentgenie
https://www.slideshare.net/attachmentgenie