Hi guys,
My hashistack works as expected and this is a very good point ! 
But I am looking for a solution to update tags without redeploying the nomad job.
This is an extract of one of my nomad job :
...
"Services": [
{
"Name": "wwwdomaincom",
"TaskName": "",
"PortLabel": "caddy",
"AddressMode": "auto",
"Address": "",
"EnableTagOverride": false,
"Tags": [
"traefik.enable=true",
"traefik.http.routers.wwwdomaincom.tls=true",
"traefik.http.routers.wwwdomaincom.tls.certresolver=myresolver",
"traefik.http.routers.wwwdomaincom.tls.options=mintls12@file",
"traefik.http.routers.wwwdomaincom.entrypoints=https",
"traefik.http.routers.wwwdomaincom.rule=Host(`www.domain.com`)",
"traefik.http.middlewares.wwwdomaincom.redirectscheme.scheme=https",
"traefik.http.middlewares.wwwdomaincom.redirectscheme.permanent=true",
"traefik.http.middlewares.wwwdomaincom-whistelist.ipwhitelist.sourcerange=a.b.c.d",
"traefik.http.routers.wwwdomaincom.middlewares=wwwdomaincom-whistelist@consulcatalog",
],
...
As you can see, I use traefik as a reverse proxy for my containers infrastructure.
Tags are scrapped by traefik from consul and my service is working.
But every time I wish to add or whitelist a new IP address, I need to redeploy my nomad job. Job is restarting, deployment happens, unavailabilty happens, etc.
I am looking for a solution to update tags without redeploying the nomad job.
I tried it in a different way:
- I removed tags from my nomad job
- I use a curl (it was an ansible module btw, community.general.consul) command to submit a new service with the same name:
wwwdomaincom
This solution works but I need to submit a service address and a service port. These values are dynamically provided by nomad, so it’s finally more complicated, even worst…
Note: this job is a single one, no blue/green or canary deployment.
I hope you understand my needs 
How do you manage this situation ?
Do you use all the magic from nomad and consul ?
Do you set up tags in a different way ?
Thanks