Governance for Multiple Teams Sharing a Nomad Cluster
Download as PPTX, PDF0 likes899 views
The document provides an overview of HashiCorp's Nomad, a workload orchestrator that enables efficient deployment of applications across clouds with features like multitenancy, resource quotas, and integration with other HashiCorp tools. It discusses key multitenancy features, including namespaces for shared deployments, token-based authentication, and Sentinel policies for job restrictions. Additionally, it mentions a demo track and an upcoming hands-on workshop to further explore Nomad's capabilities.
Governance for Multiple Teams Sharing a Nomad Cluster
- 1. Copyright © 2020 HashiCorp Governance for Multiple Teams Sharing a Nomad Cluster Roger Berlind Technology Specialist HashiCorp
- 2. Copyright © 2020 HashiCorp ï§Brief overview of Nomad ï§Key Nomad multitenancy features that allow teams to share clusters ï§Demo of public, hands-on Instruqt track that you can run yourself ï§Information about a hands-on "Introduction to Nomad" workshop we're delivering on May 20, 2020 ï§Q & A Agenda
- 3. Copyright © 2020 HashiCorp Nomad Overview
- 4. Copyright © 2020 HashiCorp Nomad is an easy-to-use and flexible Workload Orchestrator that enables organizations to automate the deployment of containerized and non- containerized applications in private and public clouds. What is Nomad?
- 5. Copyright © 2020 HashiCorp A Single Workflow Across Multiple Clouds
- 6. Copyright © 2020 HashiCorp Simple Deployment with a Single Binary
- 7. Copyright © 2020 HashiCorp Nomad Increases Density and Reduces Costs
- 8. Copyright © 2020 HashiCorp âȘ Ease of Use â Easy for Developers to run Apps and Operators to manage âȘ Workload Flexibility â Supports Docker and Legacy Apps on Linux & Windows âȘ Scalability â Federation of Clusters Across Multiple Regions and Clouds âȘ Synergy with Other HashiCorp Solutions â Integration with Vault for Secrets â Integration with Consul for Service Discovery & Configuration Why Do Companies Use Nomad?
- 9. Copyright © 2020 HashiCorp A Nomad Case Study
- 10. Copyright © 2020 HashiCorp Key Nomad MultiTenancy Features
- 11. Copyright © 2020 HashiCorp ⹠Token-based authentication ⹠Capability-based authorization ⹠Centrally managed policies ⹠Policies and global tokens are replicated across clusters Nomad ACL System 11
- 12. Copyright © 2020 HashiCorp âȘ Namespaces allow a single multi-region Nomad deployment to be shared by many teams without conflict. âȘ Jobs in different namespaces can have the same name. âȘ ACL policies restrict which users can run jobs in namespaces. âȘ Namespaces are automatically replicated across federated clusters. Nomad Namespaces
- 13. Copyright © 2020 HashiCorp âȘ Resource Quotas restrict the aggregate resources that each namespace can use. âȘ They prevent one team or user from adversely impacting other teams and users. âȘ ACL policies restrict who can change resource quotas. âȘ Resource quotas can be defined for each region or applied globally. Nomad Resource Quotas
- 14. Copyright © 2020 HashiCorp ï§ Sentinel expresses Policy as Code. ï§ In Nomad, Sentinel can restrict jobs and the drivers they use. ï§ Sentinel policies are applied to submitted/updated jobs after the ACL system determines that a user is allowed to submit them. ï§ Sentinel policies are automatically replicated across clusters. Nomad Sentinel Policies 14
- 15. Copyright © 2020 HashiCorp Demo
- 16. Copyright © 2020 HashiCorp âȘ We have 1 Nomad Server with 3 Nomad Clients in GCP. âȘ We have 2 Teams: dev and qa. â Each team has its own namespace and resource quota. â Alice is a developer on the dev team with an ACL token. â Bob is an engineer on the qa team with an ACL token. â Charlie is an infrastructure manager allowed to override violations of soft-mandatory Sentinel policies in all namespaces. âȘ We have 3 Sentinel policies that restrict jobs. âȘ We will see what happens when the Alice, Bob, and Charlie try to run different jobs in different namespaces. Demo Overview
- 17. Copyright © 2020 HashiCorp âȘ The demo is implemented in a public Instruqt track: â https://play.instruqt.com/hashicorp/tracks/nomad-governance âȘ You can run this track yourself to see how Nomad Enterprise would allow your teams to safely share Nomad clusters. âȘ Full Demo Flow: 1. Configure Nomad namespaces and resource quotas. 2. Create Nomad ACL policies and tokens. 3. Create Sentinel policies. 4. Run Nomad jobs restricted by ACLs and Sentinel policies. 5. Run Nomad jobs restricted by resource quotas. âȘ We'll give a shorter version today, starting at step 4. Demo Implementation
- 18. Copyright © 2020 HashiCorp Some Links and Q & A
- 19. Copyright © 2020 HashiCorp âȘ A blog post about the demo that will have the webinar recording is here: â Governance for Multiple Teams Sharing a Nomad Cluster âȘ Instruqt track that let's you run this demo yourself: â https://play.instruqt.com/hashicorp/tracks/nomad-governance âȘ Other Nomad Instruqt Tracks can be found here: https://play.instruqt.com/hashicorp/topics/nomad-workshops Some Links
- 20. Copyright © 2020 HashiCorp âȘ If you would like to learn more about Nomad, please register for the Nomad Hands-On Workshop that we will be delivering on May 20, 2020. âȘ Workshop Topics: â Nomad Concepts and Architecture â Interacting with Nomad â Nomad Jobs and Drivers â Running Nomad Clusters and Jobs â Monitoring Nomad Jobs âȘ You'll find a registration link here: â https://events.hashicorp.com/workshops/nomad-may20 Nomad Hands-On Workshop