SE Hangout

Governance for Multiple Teams Sharing a Nomad Cluster

This demo walks through an example use case where multiple teams in a large enterprise need to use a centrally managed Nomad cluster for workload orchestration across a hybrid infrastructure.

Speakers

  • Roger Berlind
    Roger BerlindSenior Solutions Engineer, HashiCorp

HashiCorp Nomad is an easy-to-use and flexible workload orchestrator that enables organizations to automate the deployment of any applications on any infrastructure at any scale across multiple clouds. While Kubernetes gets a lot of attention, Nomad is an attractive alternative that is easy to use, more flexible, and natively integrated with HashiCorp Vault and Consul. In addition to running Docker containers, Nomad can also run non-containerized, legacy applications on both Linux and Windows servers.

Nomad Enterprise is a massively scalable scheduler with several features that allow IT departments to centralize server fleet resource management. The "guardrail" features of Nomad Enterprise that enable a more modern self-service deployment workflow by all of these teams include:

  • ACLs (Access Control Lists): Control who is allowed to deploy resources, and the types and numbers of resources they are allowed to deploy.
  • Namespaces: Prevent scheduling conflicts with other teams and allow separated team management and rules within the same cluster.
  • Resource quotas: Restrict the aggregate resources that each namespace can use in each region.
  • Policy code: Use HashiCorp's policy as code language, Sentinel, to make more granular, logic-based restrictions on resource deployment such as:
    • The types of jobs or drivers individuals can use
    • Some very specific situations they are allowed to deploy in
    • And much more

What You'll Learn

In this updated version of a previous webinar, Supporting Multiple Teams on a Single Nomad Cluster, you'll see HashiCorp Solutions Engineer Roger Berlind walk through a new Instruqt online sandbox tutorial of this demo showcasing how to use ACLs, Namespaces, Resource Quotas, and Sentinel policies to allow multiple Nomad teams to share Nomad clusters without interfering with each other.

Outline

0:00 — Introduction to Nomad

7:52 — Nomad multitenancy

12:26 — Instruqt Demo: Using ACLs, namespaces, resource quotas, and Sentinel policies to manage multiple teams on a single Nomad cluster

41:41 — Q&A

Resources

Slides

More resources like this one