Nomad: Authentication and Authorization

Hello, as we’re progressing with our evaluation of Nomad, we’d like to know how to setup authentication and authorization. So far we’ve been running nomad -dev which give full access, but we clearly would like to limit who can access Nonad to only a small group of users.

we have AD/LDAP from which we’re like to query for a specific group which will have access to nomad.

Is there a more granular authorization selection? like read-only users, along with full admins, etc?

thanks!

Hi @sandrotosi,

I believe Nomad’s security model documentation would be the best place for you to start. It details the mechanisms Nomad offers for secure deployments.

Thanks,
jrasell and the Nomad team

You can login with LDAP to HashiCorp vault. Then you can enable vault to generate auto-tokens for Nomad UI. Then you can map HashiCorp vault LDAP users or groups to specific Nomad tokens with specific Nomad role with specific policies with specific permissions, like read only.

See Using Vault as an OIDC provider for single sign-on | Nomad | HashiCorp Developer . See these examples Commands: acl binding-rule create | Nomad | HashiCorp Developer .

I find that there is way not enough documentation about it.