mirror of
https://github.com/kemko/nomad.git
synced 2026-01-06 02:15:43 +03:00
fe4ff5be2a
Add `identity` jobspec block to expose workload identity tokens to tasks. --------- Co-authored-by: Anders <mail@anars.dk> Co-authored-by: Tim Gross <tgross@hashicorp.com> Co-authored-by: Michael Schurter <mschurter@hashicorp.com>
34 lines
594 B
HCL
34 lines
594 B
HCL
job "nobodyid" {
|
|
datacenters = ["dc1"]
|
|
type = "batch"
|
|
|
|
constraint {
|
|
attribute = "${attr.kernel.name}"
|
|
value = "linux"
|
|
}
|
|
|
|
group "nobodyid" {
|
|
|
|
# nobody task should have a file owned by nobody with -rw------- perms
|
|
task "nobody" {
|
|
user = "nobody"
|
|
|
|
identity {
|
|
file = true
|
|
}
|
|
|
|
driver = "docker"
|
|
|
|
config {
|
|
image = "bash:5"
|
|
args = ["-c", "stat -c 'perms=%#a username=%U' secrets/nomad_token; echo done"]
|
|
}
|
|
resources {
|
|
cpu = 16
|
|
memory = 32
|
|
disk = 64
|
|
}
|
|
}
|
|
}
|
|
}
|