Hello, we are evaluating Nomad, and reading the documentation it looks like it is strongly strongly suggested to have an independent deployment of consul and vault, and have the nomad servers/clients connect to that infrastructure.
we would much rather prefer if we could use the built-in consul and vault within nomad, andn ot having to setup a parallel infra for them.
this being in a production environment, so with company-wide critical jobs that require resiliance and reliability of the nomad+consul+vault trio.
Is this even a possible architecture we can use? if so, is there any reference we can look at on how to setup 3/5 server nodes, and N client nodes in this fashion?
thanks!
Hi @sandrotosi,
Could you expand on what you mean by the following statement?
built-in consul and vault within nomad
While Nomad integrates with Consul and Vault, you will still need to run the respective application binaries.
The main typical question is whether to run the Consul and Vault server agents on the same hosts as the Nomad server agents. There are a number of factors to consider when making this choice, which include:
-
Cost: 3 machines each running a server agent (Nomad, Consul, Vault) vs. 9 machines running a single application server agent
-
Fault Tolerance: Colocated applications means a single machine failure impacts Nomad, Consul, and Vault
-
Maintenance: Similar to fault tolerance, if you need to perform machine maintenance, colocated applications means an impact to Nomad, Consul, and Vault
-
Resource Management: Each server agent process performs critical and resource intensive actions. When colocating applications, there could be resource contention whereby busy applications can impact each other and result in cascading performance degradation and failure
is there any reference we can look at
I would suggest starting with the reference architecture Learn guide. There may also be other Learn guides useful to learning how to correctly run Nomad within a production environment, as well as Vault and Consul guides on the topic.
Thanks,
jrasell and the Nomad team
Could you expand on what you mean by the following statement?
built-in consul and vault within nomad
sure, what i meant is: when running nomad -dev, IIUIC, that setup a “self-contained” service that doesnt require and external consul or vault instance, but has all the necessary components to do service discovery (consul) and secret sharing (vault) within a single running program.
we would like, if possible, to use something similar where we dont need to spin up, configure, maintain, monitor (the whole lifecycle dance) independent (from nomad) services for consul and vault.
While Nomad integrates with Consul and Vault, you will still need to run the respective application binaries.
this seems to suggest that’s not possible, can you confirm that?
Hi @sandrotosi,
running nomad -dev , IIUIC, that setup a “self-contained” service that doesnt require and external consul or vault instance
The main purpose of the “dev” agent is that it runs Nomad in both server and client mode within the single application. While it doesn’t require Consul or Vault, they can still be used in the same manner as a production environment.
all the necessary components to do service discovery (consul) and secret sharing (vault)
Nomad offers basic native service discovery and variables sharing which can be used if they meet your requirements. They are not as fully featured as what Consul or Vault offer.
Thanks,
jrasell and the Nomad team
hi @jrasell ,
all the necessary components to do service discovery (consul) and secret sharing (vault)
Nomad offers basic native service discovery and variables sharing which can be used if they meet your requirements. They are not as fully featured as what Consul or Vault offer.
apologies, i may have conflated into “consul” the whole concept of service discovery. Indeed in our tests, we’re using the service provider nomad and that’s what we’d like to keep using (as we just need service discovery, no mesh and no dns)
as also highlighted in this article What is the difference between Nomad services and consul services? - #2 by mnomitch lots of works has been put into the nomad provider, so im wondering if there’s any downside in using it (instead of consul) for a 3/5 servers nodes setup (with a still unspecified number of client nodes).
Thanks for helping me getting my thoughts clearer 
1 Like