Nomad 0.10 Keynote Announcement

Transcript

That concludes the features that we have announced for Consul. So with that, Consul is now a completely full-featured service mesh solution. It's also the first service mesh to support these multi-cloud, multi-region, multi-platform deployments in a completely automated fashion.

We've been discussing the challenges of service networking, and I'd like to continue that with a few features that we have for Nomad as well.

Network namespace support

The first feature is that we're introducing network namespace support into Nomad. Network namespaces enable us to have an isolated network for every task group within Nomad. What this ends up looking like is that for your group—say in your app—you can now define a network, such as a bridge network, and this creates a private network namespace for all the tasks within that group. You could set up port forwarding so that you could define an HTTP port. In this case, Nomad will create a dynamic port—such as 1, 2, 3, 4—and when that's reached on the host machine, we'll route it over to port 8080. This enables a much better way to deploy applications in a secure fashion, and it also enabled us to build features such as native Connect integration.

Native Consul Connect integration

With the next release of Nomad, we also now have native Connect integration. What that looks like is: say we have a service for Redis, and we want Redis to accept connections over Connect. We just define the one stanza below that says, "Connect and sidecar service," they're empty, but the existence of them says, "We want to use Connect and we want you to set up the sidecar automatically for us. We don't want to manually deploy the sidecar. We can't talk to protocol natively."

So, having these two things, Nomad will automatically deploy that sidecar. Then, on the side that wants to connect to the application, we have something similar, but in this case we also have to say what we want to talk to. So we're saying, "We want to talk to the Redis server and when we talk to port 6379, please route it to the service named redis cache using Connect."

Visually, what this looks like is that we have two task groups, the API group and the Redis group. With the Redis side, we've automatically injected a proxy to accept connections, and with the API side, we've automatically accepted a proxy in order to establish connections to upstream services.

At the bottom of this, this is all just base Connect. So you still get the same encryption, intention enforcement, etc. If you were using Nomad with other systems, such as EC2 or Kubernetes, then this would work between those services as well. So, the native Connect integration utilizes the new network namespace feature that's available, and the intentions are still managed directly in Consul.

While you could define whether you want to receive connections and who you want to talk to, whether you're actually allowed to do that is still enforced directly within Consul. You create your intentions, say "web can talk to DB," etc.

Other new Nomad 0.10 features

Other features that are not networking related that we're really excited for in Nomad are host volume and a new file explorer in the UI.

Host volume

Host volumes enable volume-sharing between multiple groups using files that are already on the host. So in this case we're mounting some Serfs that we had directly into a task group that we provisioned directly under the host. You could imagine that these Serfs, they're sensitive information, they're secret, they got provisioned onto the machine out of band and in some other way, so we could still make them available to our Nomad task. In a future version of Nomad, we're also going to enable all of the network storage plugins so we can have additional volumes as well.

File explorer

For the file explorer, Nomad has a great UI, and we've shipped the ability to browse the files of any allocation in Nomad directly in the UI, so you could browse it just like a file system. When you see a file which is a text file, you could read it directly in the browser. If it's something like a log file that's continuously updating, you could also tail it in a browser and see it live update without refreshing the page. When you look at media, it renders it directly there, so you don't have to download anything. It shows up directly in the UI.

Using this functionality, you could click around all your applications and if you have permission, you could see any of the files in there: log files, debug information, data, etc. All of these features, from network native spaces to native Connect integration, host volume, and the new file explorer UI, are open source and available in Nomad 0.10, which will be coming soon.

Other talks to check out at HashiConf 2019

These are some exciting new features in both Nomad and Consul. We also have a lot of updates for Vault and Terraform, but so that you could have some coffee and have some break, I will point you to other talks for those. For Vault, if you're interested in Vault, please see Jeff Mitchell's talk tomorrow. He will be giving a Vault update about recent features, as well as some new stuff that we've been working on.

If you're interested in Terraform, we have multiple talks for you. The opening keynote tomorrow is from Paul Hinze, who's our senior director of Terraform, and he'll be talking pretty much about all the various things that Terraform has been up to, which is a lot. Then, today if you're interested in Terraform, we have two talks: one by Kristen, who's an excellent Core Engineer on Terraform, worked a lot of Terraform 0.12, and so she will be giving a talk on Terraform 0.12, and that's today at 11:30. There's also a talk by Chris, who is the Lead in charge of our Sentinel project. Sentinel's our way to do policy enforcements on all our projects, but he'll be talking about Sentinel focused on Terraform, and that's also today. Please, look at these talks if you want to hear updates for other projects, and have a great day.

Thank you very much.