Running in prod since 2020 --- # Agenda - Intro - My Setup - Demo - Questions --- ## About Me René Moser (resmo) - System Engineer (Owner moser-systems.com) - **Ansible** (consulting, training, OSS) - IaaS / PaaS **Clouds** (private/public integration) --- ## My Mantra - **Simple** (cost effective, maintenance, architecture) - **Scalable** (in and out) - **Mature** (development, license, support) --- # What is Nomad? --- Clustered Job Scheduler ---  --- ## Project Nomad --- - Released September 2015 - By HashiCorp (IBM 04.2024) - Written in Golang - Release 1.10 - License ... --- ## Users - Roblox (100 mio players 2020) - Cloudflare - Trivago - CircleCI - SAP - PagerDuty - ... https://developer.hashicorp.com/nomad/docs/who-uses-nomad --- ## Modus Operandi ---  --- ## Raft https://raft.github.io/ ---  --- ## Job Drivers --- - **Docker** - Exec2 - Podman - Virt - Systemd-nspawn (Community) - Firecracker MicroVMs (Community) - ... --- ## Job Types --- - Service - Batch - System - SysBatch --- ``` job "adminer" { datacenters = ["dc1"] type = "service" group "adminer" {} } ``` --- ``` group "adminer" { count = 1 network { port "http" { to = 8080 } } task "web" { driver = "docker" config { image = "adminer:4.8.1" ports = [ "http", ] } resources { cpu = 200 memory = 256 } service { name = "adminer" port = "http" check { name = "alive" type = "tcp" interval = "10s" timeout = "2s" } } ``` --- ## What else --- - UI / API / CLI - Namespace - ACL (optional) - Nomad Variables (or Hashi Vault) - Nomad Service Discovery (or Consul) - OIDC Auth (since 1.5) - CNI / CSI (optional) - ... --- ## Want more? --- - **Rolling** updates - **Canary** updates - Auto **revert** - Auto **promote** --- **Single** binary! (140M) --- ## Enterpri$e (LTS) - Dynamic Application Sizing - Multiregion Deployments - Resource Quota - ... --- Ngine Workload Platform ---  --- ## Ingress Router traefik!  - Reads Consul Catalog for treafik labels - 443 TCP Proxy for https - 80 Reverse Proxy for http --- ## Projects - namespaces: name-tier e.g. mosersystems-prod - TLS per project --- ## Caddy  --- Caddy - Reverse web proxy - LetsEncrypt / ZeroSSL - Consul Storage plugin - Allocation count >1 - OIDC with caddy-security plugin - uses consul DNS to route to services --- ## Monitoring Stack - Prometheus - Grafana - Promtail (System task) - Loki - cAdvisor / Node / Nomad / Consul exporters - Alertmanager --- ## Auto Update / Scale - Watchtower - Autoscaler - Ngine Chaotic --- ## Infra - Debian 12 / Rocky Linux 9 - 5 (~) Nodes (ARM/x86) - 20 GB RAM - 10 Cores - 69 Allocs (70%) - Price: ~ €30 /month (incl. CSI Volumes 4 x 10 GB) --- ## Deployment - GitLab CI - Ansible (github.com/ngine-io/) --- ## vs. Kubernetes k8s: "v1.31 support to **5,000 nodes** and **300,000 total containers**" --- ## Nomad "proven to scale to cluster sizes **that exceed 10,000 nodes** in real-world production environments" --- ## Nomad "deployed across **multiple** availability zones, regions, and data centers with a **single** or **multiple clusters**" --- ## Nomad "**has performed** a benchmark on scalability with **2 million container challenge in 2020** --- # Pros / Cons --- ## Pro Nomad - Single binary, easy to install and operate - Mature - Does **one thing**, does it **damn well** - Support possible (Enterprise) --- ## Contra Nomad - Not open source (source available though), MPL < 2023 < BUSL --- ## Contra Nomad Organizations providing **competitive offerings** to HashiCorp will **no longer be permitted** to use the community edition product **free of charge** under our BUSL license. --- # Demo --- # Questions? Links: Ansible Hashi Collection: gh/ngine-io/ansible-collection-hashi Ansible Hcloud Role: gh/ngine-io/ansible-role-hcloud --- Thanks! https://www.renemoser.net  ---