Skip to content

Nomad provider

About

The Nomad provider allows you watch tasks running using the Docker provider for registry updates.

Quick start

Here we'll go over basic deployment using a local Nomad cluster.

First, we'll deploy a Diun job:

job "diun" {
  type = "service"

  group "diun" {
    task "diun" {
      driver = "docker"

      config {
        image = "crazymax/diun:latest"
        args = ["serve"]
      }

      env = {
        "NOMAD_ADDR" = "http://${attr.unique.network.ip-address}:4646/",
        "DIUN_PROVIDERS_NOMAD" = true,
      }
    }
  }
}

Task based configuration can be passed through Service tags or meta attributes. These can be defined at the task or even the group level where it will apply to all tasks within the group.

The example below will show all methods, but you only need to use one.

job "whoami" {
  type = "service"

  group "whoami" {
    network {
      mode = "bridge"

      port "web" {
        to = 80
      }
    }

    // This
    meta {
      diun.enable = true
    }

    // Or this
    service {
      tags = [
        "diun.enable=true"
      ]
    }

    task "diun" {
      driver = "docker"

      config {
        image = "containous/whoami:latest"
      }

      // Or this
      meta {
        diun.enable = true
      }

      // Or this
      service {
        tags = [
          "diun.enable=true"
        ]
      }
    }
  }
}

Configuration

Hint

Environment variable DIUN_PROVIDERS_NOMAD=true can be used to enable this provider with default values.

Default values are assigned by the Nomad client. If not provided in your Diun configuration, the client will default to using the same config values as the nomad cli client.

Environment variables

  • NOMAD_ADDR
  • NOMAD_REGION
  • NOMAD_NAMESPACE
  • NOMAD_HTTP_AUTH
  • NOMAD_CACERT
  • NOMAD_CAPATH
  • NOMAD_CLIENT_CERT
  • NOMAD_CLIENT_KEY
  • NOMAD_TLS_SERVER_NAME
  • NOMAD_SKIP_VERIFY
  • NOMAD_TOKEN

address

The Nomad server address as URL.

File

providers:
  nomad:
    address: "http://localhost:4646"

Environment variables

  • DIUN_PROVIDERS_NOMAD_ENDPOINT

Nomad server endpoint as URL, which is only used when the behavior based on environment variables described below does not apply.

region

Nomad region to query from

File

providers:
  nomad:
    region: "region1"

Environment variables

  • DIUN_PROVIDERS_NOMAD_REGION

namespace

Nomad namespace to query from

File

providers:
  nomad:
    namespace: "namespace1"

Environment variables

  • DIUN_PROVIDERS_NOMAD_NAMESPACE

secretID

SecretID to connect to Nomad API. This token must have permission to query and view Nomad jobs.

File

providers:
  nomad:
    secretID: "secret"

Environment variables

  • DIUN_PROVIDERS_NOMAD_SECRETID

tlsInsecure

Controls whether client does not verify the server's certificate chain and hostname (default false).

File

providers:
  nomad:
    tlsInsecure: false

Environment variables

  • DIUN_PROVIDERS_NOMAD_TLSINSECURE

watchByDefault

Enable watch by default. If false, tasks that don't have diun.enable = true in their meta or service tags will be ignored (default false).

File

providers:
  nomad:
    watchByDefault: false

Environment variables

  • DIUN_PROVIDERS_NOMAD_WATCHBYDEFAULT

Nomad annotations

You can configure more finely the way to analyze the image of your tasks through Nomad meta attributes or service tags:

Name Default Description
diun.enable Set to true to enable image analysis of this task
diun.regopt Registry options name to use
diun.watch_repo false Watch all tags of this task image (be careful with this setting)
diun.notify_on new;update Semicolon separated list of status to be notified: new, update.
diun.sort_tags reverse Sort tags method if diun.watch_repo enabled. One of default, reverse, semver, lexicographical
diun.max_tags 0 Maximum number of tags to watch if diun.watch_repo enabled. 0 means all of them
diun.include_tags Semicolon separated list of regular expressions to include tags. Can be useful if you enable diun.watch_repo
diun.exclude_tags Semicolon separated list of regular expressions to exclude tags. Can be useful if you enable diun.watch_repo
diun.hub_link automatic Set registry hub link for this image
diun.platform automatic Platform to use (e.g. linux/amd64)
diun.metadata.* See below Additional metadata that can be used in notification template (e.g. diun.metadata.foo=bar)

Default metadata

Key Description
diun.metadata.job_id Job ID
diun.metadata.job_name Job name
diun.metadata.job_status Job status
diun.metadata.job_namespace Job namespace
diun.metadata.taskgroup_name Task group name
diun.metadata.task_name Task name
diun.metadata.task_driver Task driver
diun.metadata.task_user Task user
Last update: 2022-12-29 10:06:32
Created: 2022-12-26 06:29:08