Exciting Updates in HashiCorp Nomad 1.10: A Comprehensive Overview
HashiCorp’s Nomad, a widely-used orchestrator for deploying and managing both containerized and non-containerized applications across various environments, has just released its latest version, Nomad 1.10. This update comes with several significant features aimed at enhancing storage management, security, and user experience. Organizations like BT Group and Epic Games have already integrated Nomad into their operations, proving its effectiveness in real-world applications.
New Features in Nomad 1.10
Nomad 1.10 introduces several noteworthy capabilities:
- Dynamic Host Volumes and Governance
- Extended OIDC Support
- Improved CLI to UI Transition
- Expanded Upgrade Testing
Dynamic Host Volumes
The introduction of dynamic host volumes in Nomad 1.10 represents a major improvement in storage management. This new feature allows more flexible storage provisioning across Nomad client infrastructures compared to traditional host volumes or Container Storage Interface (CSI) plugins.
Dynamic host volumes enable users to create volumes on demand through the Command Line Interface (CLI) or Application Programming Interface (API). This eliminates the need to define volumes within the Nomad client configuration and restart the client agent when adding new volumes. Users can provision volumes using a customizable plugin specification, which allows for different storage options based on parameters set during volume creation.
Additionally, dynamic host volumes can be created with specific characteristics, such as minimum and maximum capacities, capabilities, and custom provisioning parameters. These features allow storage administrators to define size and tiering functionalities within the host volume plugin more effectively.
Whether using local NVMe storage managed with Logical Volume Manager (LVM) or Zettabyte File System (ZFS), or remote SAN/NAS storage, the flexibility provided by the dynamic host volume plugin specification is invaluable. It prepares the volume mount path on the client node, ensuring jobs mounting the volume can operate seamlessly.
Dynamic host volumes are particularly useful in scenarios where users want to control the provisioning process on specific client nodes, allowing jobs to be reliably scheduled next to the provisioned volumes. For workloads requiring portability across client hosts, deploying CSI plugins with Nomad might be a more suitable option compared to dynamic host volumes, which are more closely tied to specific clients once created.
For a detailed comparison of different persistent storage options within Nomad, users can visit the storage comparison section on the Nomad documentation site.
Stateful Deployments
Nomad 1.10 has improved stateful deployments, especially when using host local storage. By enabling sticky volumes in the job specification, the same volume can be claimed on the same client when a task group is rescheduled, ensuring persistence throughout the task group’s lifecycle. Sticky volumes can be enabled when mounting volumes in job specifications.
An alternative workflow is possible with dynamic host volumes across shared storage accessible from different client nodes. By creating volumes with the same name across clients and using a simple host volume plugin, users can allow more flexible workload portability. This approach is suitable when using dynamic host volumes with NFS, EFS, or CephFS filesystems.
Dynamic Host Volume Governance (Nomad Enterprise)
In Nomad Enterprise, dynamic host volume governance provides important guardrails during storage provisioning across a shared Nomad cluster. Several capabilities are introduced to ensure proper governance when provisioning host volumes.
Sentinel Integration
Sentinel policies can evaluate the details within the dynamic host volume specification during volume creation. These policies enforce specific patterns, such as reserving more expensive NVMe storage for specific workloads. This feature provides storage operators with various ways to enforce storage patterns while allowing platform consumers flexibility in self-service volume provisioning.
Quota Support
Nomad’s resource quota system now includes host volume capacity limits that can be applied to provisioned storage within a specific namespace. This allows operators to control storage consumption based on defined maximum capacities.
Namespace and Node Pool Validation
Dynamic host volumes are created within the context of a specific namespace. When provisioning volumes targeting a specific node pool, the namespace node pool configuration is evaluated to ensure volume creation aligns with job placement rules for node pools.
Dynamic Host Volume Examples
Several host volume plugin reference examples are available to help users implement custom host volume plugins. Users can explore the Host volume plugins page and the dynamic host volume tutorial for an in-depth walkthrough of the new host volume workflow.
Extended OIDC Support
Nomad 1.10 enhances its OpenID Connect (OIDC) client Single Sign-On (SSO) support with signed client assertions and Proof Key Code Exchange (PKCE), as recommended by Financial-grade API (FAPI) and OAuth 2.1 specifications. These enhancements improve security for OIDC clients, especially in industries with higher security requirements like finance and government.
Client Assertions
Nomad now supports the private_key_jwt client assertion workflow with asymmetric key signatures. This workflow serves as an alternative to using a shared client_secret for authenticating Nomad users, reducing the risk of authentication secret exposure. The client assertion capability can be enabled via the internal Nomad keyring with JSON Web Key Sets (JWKS) or externally provided certificates.
Proof Key Code Exchange (PKCE)
Nomad 1.10 supports PKCE for additional security when configuring new OIDC authentication methods. This layer of defense prevents attackers from intercepting sensitive tokens during authentication. Existing auth method configurations will not retroactively enable PKCE; users must update their configurations to explicitly enable it.
Improved CLI to UI Transition
Nomad 1.10 introduces a new UI URL hints capability within the CLI output, allowing users to transition quickly to the web UI view with the same information. This feature enhances the user experience by providing richer data visualization.
Expanded Upgrade Testing
As the second Long-Term Support (LTS) release for Nomad, version 1.10 focuses on upgrade stability between supported LTS releases. This commitment ensures a seamless upgrade experience, allowing organizations to embrace new features while maintaining stability.
Getting Started with Nomad 1.10
With its variety of new features and enhancements, Nomad 1.10 offers exciting opportunities for users to explore. The improvements in storage management, security, user experience, and upgrade stability make it a valuable update for organizations relying on Nomad for their orchestration needs. Users are encouraged to try out these new capabilities to fully appreciate the advancements in Nomad 1.10.
For more information, visit the HashiCorp Nomad website to access detailed documentation and resources.
For more Information, Refer to this article.
