kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-04 17:35:43 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
65c7f34f2d4c92ffbb51646aacc264f8db33cc06
nomad/website/content/docs/other-specifications/namespace.mdx
Aimee Ukasick 53b083b8c5 Docs: Nomad IA (#26063) 
* Move commands from docs to its own root-level directory

* temporarily use modified dev-portal branch with nomad ia changes

* explicitly clone nomad ia exp branch

* retrigger build, fixed dev-portal broken build

* architecture, concepts and get started individual pages

* fix get started section destinations

* reference section

* update repo comment in website-build.sh to show branch

* docs nav file update capitalization

* update capitalization to force deploy

* remove nomad-vs-kubernetes dir; move content to what is nomad pg

* job section

* Nomad operations category, deploy section

* operations category, govern section

* operations - manage

* operations/scale; concepts scheduling fix

* networking

* monitor

* secure section

* remote auth-methods folder and move up pages to sso; linkcheck

* Fix install2deploy redirects

* fix architecture redirects

* Job section: Add missing section index pages

* Add section index pages so breadcrumbs build correctly

* concepts/index fix front matter indentation

* move task driver plugin config to new deploy section

* Finish adding full URL to tutorials links in nav

* change SSO to Authentication in nav and file system

* Docs NomadIA: Move tutorials into NomadIA branch (#26132)

* Move governance and policy from tutorials to docs

* Move tutorials content to job-declare section

* run jobs section

* stateful workloads

* advanced job scheduling

* deploy section

* manage section

* monitor section

* secure/acl and secure/authorization

* fix example that contains an unseal key in real format

* remove images from sso-vault

* secure/traffic

* secure/workload-identities

* vault-acl change unseal key and root token in command output sample

* remove lines from sample output

* fix front matter

* move nomad pack tutorials to tools

* search/replace /nomad/tutorials links

* update acl overview with content from deleted architecture/acl

* fix spelling mistake

* linkcheck - fix broken links

* fix link to Nomad variables tutorial

* fix link to Prometheus tutorial

* move who uses Nomad to use cases page; move spec/config shortcuts

add dividers

* Move Consul out of Integrations; move namespaces to govern

* move integrations/vault to secure/vault; delete integrations

* move ref arch to docs; rename Deploy Nomad back to Install Nomad

* address feedback

* linkcheck fixes

* Fixed raw_exec redirect

* add info from /nomad/tutorials/manage-jobs/jobs

* update page content with newer tutorial

* link updates for architecture sub-folders

* Add redirects for removed section index pages. Fix links.

* fix broken links from linkcheck

* Revert to use dev-portal main branch instead of nomadIA branch

* build workaround: add intro-nav-data.json with single entry

* fix content-check error

* add intro directory to get around Vercel build error

* workound for emtpry directory

* remove mdx from /intro/ to fix content-check and git snafu

* Add intro index.mdx so Vercel build should work

---------

Co-authored-by: Tu Nguyen <im2nguyen@gmail.com>
2025-07-08 19:24:52 -05:00

169 lines
6.7 KiB
Plaintext
Raw Blame History

---
layout: docs
page_title: Nomad namespace specification
description: |-
Learn about Nomad's namespace specification. Review namespace parameters. Configure capabilities, node pools, Vault, and Consul.
---
# Nomad namespace specification
A Nomad namespace is a way to segment jobs and their associated objects from
other jobs and other cluster users. Specify Nomad namespaces as HCL files and
submit them with the [`nomad namespace apply`][cli_ns_apply] CLI command.
Unlike [job specifications][jobspecs], namespace specifications do not support
[HCL2][hcl2] features like functions.
In [federated][] clusters, Nomad forwards all namespace updates to the
[`authoritative_region`][] and replicates the updates to non-authoritative
regions. This requires that you have bootstrapped ACLs in the authoritative
region.
Example namespace specification:
```hcl
name = "prod-eng"
description = "Namespace for production workloads."
# Quotas are a Nomad Enterprise feature.
quota = "eng"
meta {
owner = "eng"
}
capabilities {
enabled_task_drivers = ["java", "docker"]
disabled_task_drivers = ["raw_exec"]
enabled_network_modes = ["bridge", "cni/custom"]
disabled_network_modes = ["host"]
}
# Node Pool configuration is a Nomad Enterprise feature.
node_pool_config {
default = "prod"
allowed = ["all", "default"]
}
# Vault configuration is a Nomad Enterprise feature.
vault {
default = "default"
allowed = ["default", "infra"]
}
# Consul configuration is a Nomad Enterprise feature.
consul {
default = "default"
allowed = ["all", "default"]
}
```
## Parameters
- `name` `(string: <required>)` - Specifies the namespace to create or update.
- `description` `(string: "")` - Specifies an optional human-readable
description of the namespace.
- `quota` `(string: "")` <EnterpriseAlert inline /> - Specifies a quota to
attach to the namespace.
- `meta` `(object: null)` - Optional object with string keys and values of
metadata to attach to the namespace. Namespace metadata is not used by Nomad
and is intended for use by operators and third party tools.
- `capabilities` <code>([Capabilities](#capabilities-parameters): &lt;optional&gt;)</code> -
Specifies capabilities allowed in the namespace. These values are checked at
job submission.
- `node_pool_config` <code>([NodePoolConfiguration](#node_pool_config-parameters): &lt;optional&gt;)</code> <EnterpriseAlert inline /> -
Specifies node pool configurations. These values are checked at job
submission.
- `vault` <code>([Vault](#vault-parameters): &lt;optional&gt;)</code> <EnterpriseAlert inline /> -
Specifies which Vault clusters are allowed to be used from this
namespace. These values are checked at job submission.
- `consul` <code>([Consul](#consul-parameters): &lt;optional&gt;)</code> <EnterpriseAlert inline /> -
Specifies which Consul clusters are allowed to be used from this
namespace. These values are checked at job submission.
### `capabilities` parameters
- `enabled_task_drivers` `(array<string>: [])` - List of task drivers allowed
in the namespace. If empty all task drivers are allowed.
- `disabled_task_drivers` `(array<string>: [])` - List of task drivers disabled
in the namespace.
- `enabled_network_modes` `(array<string>: [])` - List of network modes allowed
in the namespace. If empty all network modes are allowed.
- `disabled_network_modes` `(array<string>: [])` - List of network modes disabled
in the namespace.
### `node_pool_config` parameters <EnterpriseAlert inline />
- `default` `(string: "default")` - Specifies the node pool to use for jobs or
dynamic host volumes in this namespace that don't define a node pool in their
specification.
- `allowed` `(array<string>: nil)` - Specifies the node pools that jobs or
dynamic host volumes in this namespace are allowed to use. By default, all
node pools are allowed. If an empty list is provided only the namespace's
default node pool is allowed. This field supports wildcard globbing through
the use of `*` for multi-character matching. This field cannot be used with
`denied`.
- `denied` `(array<string>: nil)` - Specifies the node pools that jobs or
dynamic host volumes in this namespace are not allowed to use. This field
supports wildcard globbing through the use of `*` for multi-character
matching. If specified, jobs and dynamic host volumes are allowed to use any
node pool, except for those that match any of these patterns. This field
cannot be used with `allowed`.
### `vault` parameters <EnterpriseAlert inline />
- `default` `(string: "default")` - Specifies the Vault cluster to use for jobs
in this namespace that don't define a Vault cluster in their specification.
- `allowed` `(array<string>: nil)` - Specifies the Vault clusters that are
allowed to be used by jobs in this namespace. By default, all Vault clusters
are allowed. If an empty list is provided only the namespace's default Vault
cluster is allowed. This field supports wildcard globbing through the use of
`*` for multi-character matching. This field cannot be used with `denied`.
- `denied` `(array<string>: nil)` - Specifies the Vault clusters that are not
allowed to be used by jobs in this namespace. This field supports wildcard
globbing through the use of `*` for multi-character matching. If specified,
any Vault cluster is allowed to be used, except for those that match any of
these patterns. This field cannot be used with `allowed`.
### `consul` parameters <EnterpriseAlert inline />
- `default` `(string: "default")` - Specifies the Consul cluster to use for jobs
in this namespace that don't define a Consul cluster in their specification.
- `allowed` `(array<string>: nil)` - Specifies the Consul clusters that are
allowed to be used by jobs in this namespace. By default, all Consul clusters
are allowed. If an empty list is provided only the namespace's default Consul
cluster is allowed. This field supports wildcard globbing through the use of
`*` for multi-character matching. This field cannot be used with `denied`.
- `denied` `(array<string>: nil)` - Specifies the Consul clusters that are not
allowed to be used by jobs in this namespace. This field supports wildcard
globbing through the use of `*` for multi-character matching. If specified,
any Consul cluster is allowed to be used, except for those that match any of
these patterns. This field cannot be used with `allowed`.
## Resources
Visit the [Nomad namespaces
tutorial](/nomad/docs/govern/namespaces) to learn how to create
and use Nomad namespaces
[cli_ns_apply]: /nomad/commands/namespace/apply
[hcl2]: /nomad/docs/reference/hcl2
[jobspecs]: /nomad/docs/job-specification
[federated]: //nomad/docs/deploy/clusters/federate-regions
[`authoritative_region`]: /nomad/docs/configuration/server#authoritative_region
Reference in New Issue View Git Blame Copy Permalink