Presentation

Portable CD pipelines for Nomad with Vault and Dagger

Continuous delivery pipelines for Nomad jobs are a relatively solved problem thanks to how easy it is to operate the Nomad API. A lot of teams that own these kinds of pipelines will find that they can only run their pipeline on the CI platform they were written for, and often times that pipeline will be defined by some platform specific yaml that only a few team members understand. I'll show how anyone can write a CD pipeline for Nomad using Dagger and Vault. With these tools, the CD pipeline can run anywhere, including locally, and it can be written in any language the team is comfortable with. In this demo, I'll write a CD pipeline from scratch in Go. The pipeline will use Vault as it's secret engine to build and push an OCI image and update a Nomad job to run the new image. To demonstrate the portability, this will run locally, in GitHub actions, and in CircleCI without any modification needed between each platform.

Continuous delivery pipelines for Nomad jobs are a relatively solved problem thanks to how easy it is to operate the Nomad API. A lot of teams that own these kinds of pipelines will find that they can only run their pipeline on the CI platform they were written for, and often times that pipeline will be defined by some platform specific yaml that only a few team members understand.

I'll show how anyone can write a CD pipeline for Nomad using Dagger and Vault. With these tools, the CD pipeline can run anywhere, including locally, and it can be written in any language the team is comfortable with.

In this demo, I'll write a CD pipeline from scratch in Go. The pipeline will use Vault as it's secret engine to build and push an OCI image and update a Nomad job to run the new image. To demonstrate the portability, this will run locally, in GitHub actions, and in CircleCI without any modification needed between each platform.

More resources like this one

Vault identity diagram
  • 12/28/2023
  • FAQ

Why should we use identity-based or "identity-first" security as we adopt cloud infrastructure?

  • 3/14/2023
  • Article

5 best practices for secrets management

  • 2/3/2023
  • Case Study

Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones

  • 1/20/2023
  • Case Study

Adopting GitOps and the Cloud in a Regulated Industry