-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
consul: support for admin partitions #13139
Comments
(EDIT: @davidfleming's reply below spells out some issues with my suggestion below) Wanted to comment on the current state of things for anybody interested. Currently, Nomad doesn’t “know” about Admin Partitions, but it still works with them. There’s nothing that should break using the two together assuming you split up nodes and workloads properly. The question is, how do you split that up? The rough steps would be something like:
Notes:
More official support for admin partitions is something that we've looked at briefly, but not explored in depth. If you have a use case where Nomad having first-class knowledge of admin partitions would be helpful, please let us know. A common use case where splitting by datacenter, cluster, or node_class is not sufficient would help us make the case for this internally. |
Hi @mikenomitch First thank you for commenting on this. We have been looking forward to seeing progress on this and a discussion on the direction this will potentially take would be appreciated. Our use case: First class support for Admin Partitions would be very useful for what we are trying to accomplish. Particularly we are looking to separate workload by jobspec and bin pack on a cluster of clients. What that looks like for us is a breakdown of "production" vs "non-production" clients. The "non-production" workloads will consist of N environments (Think dev, staging, test, PR-123, etc). Ideally we would like to easily be able to spin up and down environments by bin packing them into existing clusters. The pattern you mentioned would require us to spin up new consul clients for each environment. While we could hack this together with namespaces it would become cumbersome and ideally it would not provide the same level of isolation we are looking for(ie the environments should not gossip or talk to each other). We did start down this route already as an interim step but already hit some roadblocks in implementing it. Some technical problems with the steps you listed:
Thanks, |
Hey @davidfleming, we were looking into this on the Nomad engineering team, and unfortunately to "do it right" it'll take more effort than we have time for in the near future. We do plan to get to it, but not in the next month or two. In the meantime, I noticed that there's a CONSUL_PARTITION env var you can set. Nomad itself isn't setting "default" so I think if you set that wherever you run the Consul client, that should fix the first problem you noted. I think this should solve problem 2 as well, but to be honest I'm not sure. Sorry about the delay on all of this, but hope that workaround works 🤞 |
Here's our plan for implementing Admin Partitions support in Nomad. I'll break this down into three sections. FingerprintingA Consul Enterprise agent can belong to exactly one partition. We require that each Nomad agent has its own agent (if you're using Consul). So the partition becomes an easy target for us to fingerprint. You then immediately get two options for allocating Nomad workloads to Consul partitions:
The partition is exposed in Consul's existing The fingerprinting work turns out to be trivial, so I've got a draft PR up for that here #19485 fingerprinting outputConsul CE agent (no partitions):
Consul Enterprise agent with non-default partition:
JobspecNext, we can add a If Enterprise ConsiderationsConsul admin partitions are a Consul Enterprise feature, so at first glance it would make sense to restrict this option to Nomad Enterprise as well. But we currently allow users to set a Consul namespace for their Nomad CE cluster, and this feature maps rather directly to that. Once the fingerprinting is added, adding the constraint is trivial for any user, so restricting just the jobspec portion of this to ENT wouldn't make sense either. So this feature will be fully implemented in Nomad Community Edition. |
Consul Enterprise agents all belong to an admin partition. Fingerprint this attribute when available. When a Consul agent is not explicitly configured with "default" it is in the default partition but will not report this in its `/v1/agent/self` endpoint. Fallback to "default" when missing only for Consul Enterprise. This feature provides users the ability to add constraints for jobs to land on Nomad nodes that have a Consul in that partition. Or it can allow cluster administrators to pair Consul partitions 1:1 with Nomad node pools. We'll also have the option to implement a future `partition` field in the jobspec's `consul` block to create an implicit constraint. Ref: #13139 (comment)
Consul Enterprise agents all belong to an admin partition. Fingerprint this attribute when available. When a Consul agent is not explicitly configured with "default" it is in the default partition but will not report this in its `/v1/agent/self` endpoint. Fallback to "default" when missing only for Consul Enterprise. This feature provides users the ability to add constraints for jobs to land on Nomad nodes that have a Consul in that partition. Or it can allow cluster administrators to pair Consul partitions 1:1 with Nomad node pools. We'll also have the option to implement a future `partition` field in the jobspec's `consul` block to create an implicit constraint. Ref: #13139 (comment)
Consul Enterprise agents all belong to an admin partition. Fingerprint this attribute when available. When a Consul agent is not explicitly configured with "default" it is in the default partition but will not report this in its `/v1/agent/self` endpoint. Fallback to "default" when missing only for Consul Enterprise. This feature provides users the ability to add constraints for jobs to land on Nomad nodes that have a Consul in that partition. Or it can allow cluster administrators to pair Consul partitions 1:1 with Nomad node pools. We'll also have the option to implement a future `partition` field in the jobspec's `consul` block to create an implicit constraint. Ref: #13139 (comment)
Consul Enterprise agents all belong to an admin partition. Fingerprint this attribute when available. When a Consul agent is not explicitly configured with "default" it is in the default partition but will not report this in its `/v1/agent/self` endpoint. Fallback to "default" when missing only for Consul Enterprise. This feature provides users the ability to add constraints for jobs to land on Nomad nodes that have a Consul in that partition. Or it can allow cluster administrators to pair Consul partitions 1:1 with Nomad node pools. We'll also have the option to implement a future `partition` field in the jobspec's `consul` block to create an implicit constraint. Ref: #13139 (comment)
Fingerprinting has been merged and will ship in the next regular 1.7.x release of Nomad (most likely 1.7.3). |
Add support for Consul Enterprise admin partitions. We added fingerprinting in #19485. This PR adds a `consul.partition` field. The expectation is that most users will create a mapping of Nomad node pool to Consul admin partition. But we'll also create an implicit constraint for the fingerprinted value. Fixes: #13139
Add support for Consul Enterprise admin partitions. We added fingerprinting in #19485. This PR adds a `consul.partition` field. The expectation is that most users will create a mapping of Nomad node pool to Consul admin partition. But we'll also create an implicit constraint for the fingerprinted value. Fixes: #13139
Add support for Consul Enterprise admin partitions. We added fingerprinting in #19485. This PR adds a `consul.partition` field. The expectation is that most users will create a mapping of Nomad node pool to Consul admin partition. But we'll also create an implicit constraint for the fingerprinted value. Fixes: #13139
Consul Enterprise agents all belong to an admin partition. Fingerprint this attribute when available. When a Consul agent is not explicitly configured with "default" it is in the default partition but will not report this in its `/v1/agent/self` endpoint. Fallback to "default" when missing only for Consul Enterprise. This feature provides users the ability to add constraints for jobs to land on Nomad nodes that have a Consul in that partition. Or it can allow cluster administrators to pair Consul partitions 1:1 with Nomad node pools. We'll also have the option to implement a future `partition` field in the jobspec's `consul` block to create an implicit constraint. Ref: hashicorp#13139 (comment)
Add support for Consul Enterprise admin partitions. We added fingerprinting in hashicorp#19485. This PR adds a `consul.partition` field. The expectation is that most users will create a mapping of Nomad node pool to Consul admin partition. But we'll also create an implicit constraint for the fingerprinted value. Fixes: hashicorp#13139
Consul Enterprise agents all belong to an admin partition. Fingerprint this attribute when available. When a Consul agent is not explicitly configured with "default" it is in the default partition but will not report this in its `/v1/agent/self` endpoint. Fallback to "default" when missing only for Consul Enterprise. This feature provides users the ability to add constraints for jobs to land on Nomad nodes that have a Consul in that partition. Or it can allow cluster administrators to pair Consul partitions 1:1 with Nomad node pools. We'll also have the option to implement a future `partition` field in the jobspec's `consul` block to create an implicit constraint. Ref: hashicorp#13139 (comment)
Add support for Consul Enterprise admin partitions. We added fingerprinting in hashicorp#19485. This PR adds a `consul.partition` field. The expectation is that most users will create a mapping of Nomad node pool to Consul admin partition. But we'll also create an implicit constraint for the fingerprinted value. Fixes: hashicorp#13139
Consul 1.11 added support for admin partitions.
Similar to the work done for adding support for Consul namespaces, Nomad should also add support for Consul admin partitions.
The text was updated successfully, but these errors were encountered: