Hi,
we are currently setting up our Nomad Cluster.
We had the whole cluster running fine in testing mode (no tls, no acl) now we wanted to switch to the production env with tls and acl enabled.
We have “short lived“ batch jobs as workload.
Each individual job is only run once and for each “work request” a new job is created by using the Nomad REST api /jobs endpoint.
The jobs (template render engine) needs a way to access variables from the Nomad variable store.
Without acl we created the following paths in the variables space:
- /dev/*
- /test/*
- /prod/*
Which path to use is set in the job template before posting it to the /jobs api endpoint.
With acl enabled this fails now because there is no policy available to grant the job access to the above paths.
Since each job is created “on the fly“ via the REST api using the “nomad acl policy apply“ command is not really a solution.
Is there a way to setup a policy that just allows all jobs “global“ access to the paths above or any other solution to work around ?