Skip to content

Latest commit

 

History

History
80 lines (61 loc) · 2.65 KB

volume_mount.mdx

File metadata and controls

80 lines (61 loc) · 2.65 KB
Raw
layout page_title description
docs
volume_mount Block - Job Specification
The "volume_mount" block allows the task to specify where a group "volume" should be mounted.

volume_mount Block

<Placement groups={['job', 'group', 'task', 'volume_mount']} />

The volume_mount block allows the task to specify how a group volume should be mounted into the task.

job "docs" {
  group "example" {
    volume "certs" {
      type = "host"
      read_only = true
      source = "ca-certificates"
    }

    task "example" {
      volume_mount {
        volume      = "certs"
        destination = "/etc/ssl/certs"
        propagation_mode = "private"
      }
    }
  }
}

The Nomad client will make the volumes available to tasks according to this configuration, and it will fail the allocation if the client configuration updates to remove a volume that it depends on.

volume_mount Parameters

  • volume (string: "") - Specifies the group volume that the mount is going to access.

  • destination (string: "") - Specifies where the volume should be mounted inside the task's allocation.

  • read_only (bool: false) - When a group volume is writeable, you may specify that it is read_only on a per mount level using the read_only option here.

  • propagation_mode (string: "private") - Specifies the mount propagation mode for nested volumes. Possible values are:

    • private - the task is not allowed to access nested mounts.

    • host-to-task - allows new mounts that have been created outside of the task to be visible inside the task.

    • bidirectional - allows the task to both access new mounts from the host and also create new mounts. This mode requires ReadWrite permission.

    ~> Warning: bidirectional propagation mode can be dangerous to use and cause problems in the host operating system if a task creates a mount but does not clean it up properly before exiting.

  • selinux_label``(string: "") - Specifies the SELinux label for the mount. This is only supported on Linux hosts and when supported by the task driver. Refer to the task driver documentation for more information. Possible values are:

    • Z - Specifies that the volume content is private and unshared between containers.
    • z - Specifies that the volume content is shared among containers.

For examples of how to use HCL2 interpolation for fine-grained control of volumes, see Volume Interpolation.