20160615 4 HashiStack
20160615_4_HashiStack
- 0 - Overview
- 1 - Stack
- 2 - Demo
- 2.0 - Initial State
- 2.1 - Vault config
- 2.2 - Nomad
- 2.3 - Fabio
- 3 - Scale / Update
- 4 - FAQ
- 4.1 - k8s / Nomad
- 4.2 -
0 - Overview
https://www.hashiconf.eu/talks/hyperscale-computing-with-grpc-and-the-hashiStack.html
How to build an “hyperscale” applications from the ground up using the HashiStack
* Nomad,
* Vault,
* and Consul
1 - Stack
1 Server:
- Consul
- Nomad
- Vault
4 Clients
- Consul
- Nomad
- DNSMasq local to get
.consulresolution
2 - Demo
2.0 - Initial State
- Consul UI, everything is OK
- 3 Consul
- 3 Nomad
- 1 Vault
Vaultcan auto-register to Nomad / Consul since0.6.0
$ nomad status No job is running
2.1 - Vault config
Policy
- Secrets for the App: Read, list
- Secrets for MySQL: Read, list
- Token: DONT forget to add an “update” policy for renew
It is the responsability of the App to renew Token when needed
2.2 - Nomad
Job: HashiApp
Job names Update // For deployment Group // For Clustering Task "HashiApp" - Driver = exec - Env with VAULT tokens - Artifact Resources // For Nomad Scheduler - CPU - Memory - Network Service // For Consul registering - Name - Tags - Checks - ...
Job: Consul
A SYSTEM job definition to have a Consul agent running on EVERY Nomad workers
Nomad scheduling
$ nomad plan job/consul.job $ nomad run job/consul.job
2.3 - Fabio
Fabio desc:
* A loadbalancer / router
* Integrated with Consul
- Use services
- Tags
- …
Fabio usage:
* Nomad SYSTEM job
* Binded to local consul
=> Every Fabio instances see the same things
3 - Scale / Update
- Update Job
$ nomad plan$ nomad run
What happens:
- Nomad:
+ Services are started
+ Registered in Consul
- Consul
+ Do Health checks
+ check pass greens
+ Services are in Consul catalog
- Fabio
+ list Services
4 - FAQ
4.1 - k8s / Nomad
HashiTools are good pieces
k8s is a platform manager
=> We are looking to integrate Vault + Nomad (Scheduling) into k8s