kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-01 16:05:42 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d6be784e2d090861868d9603e6716df26b8e5f0d
nomad/website/content/docs/other-specifications/namespace.mdx

165 lines
6.5 KiB
Plaintext
Raw Blame History

---
layout: docs
page_title: Namespace Specification
description: Learn about Nomad's Namespace specification.
---
# Namespace Specification
<Tip>
Visit the <a href="https://developer.hashicorp.com/nomad/tutorials/manage-clusters/namespaces">
Nomad Namespaces tutorial
</a> for more information.
</Tip>
Nomad Namespaces may be specified as HCL files and submitted by the [`nomad
namespace apply`][cli_ns_apply] CLI command.
Unlike [Job specifications][jobspecs], Namespace specifications do *not*
support [HCL2][hcl2] features like functions.
In [federated][] clusters, all updates to namespaces are forwarded to the
[`authoritative_region`][] and replicated to non-authoritative regions. This
requires that ACLs have been bootstrapped in the authoritative region.
Example namespace specification:
```hcl
name = "prod-eng"
description = "Namespace for production workloads."
# Quotas are a Nomad Enterprise feature.
quota = "eng"
meta {
owner = "eng"
}
capabilities {
enabled_task_drivers = ["java", "docker"]
disabled_task_drivers = ["raw_exec"]
enabled_network_modes = ["bridge", "cni/custom"]
disabled_network_modes = ["host"]
}
# Node Pool configuration is a Nomad Enterprise feature.
node_pool_config {
default = "prod"
allowed = ["all", "default"]
}
# Vault configuration is a Nomad Enterprise feature.
vault {
default = "default"
allowed = ["default", "infra"]
}
# Consul configuration is a Nomad Enterprise feature.
consul {
default = "default"
allowed = ["all", "default"]
}
```
## Namespace Specification Parameters
- `name` `(string: <required>)` - Specifies the namespace to create or update.
- `description` `(string: "")` - Specifies an optional human-readable
description of the namespace.
- `quota` `(string: "")` <EnterpriseAlert inline /> - Specifies a quota to
attach to the namespace.
- `meta` `(object: null)` - Optional object with string keys and values of
metadata to attach to the namespace. Namespace metadata is not used by Nomad
and is intended for use by operators and third party tools.
- `capabilities` <code>([Capabilities](#capabilities-parameters): &lt;optional&gt;)</code> -
Specifies capabilities allowed in the namespace. These values are checked at
job submission.
- `node_pool_config` <code>([NodePoolConfiguration](#node_pool_config-parameters): &lt;optional&gt;)</code> <EnterpriseAlert inline /> -
Specifies node pool configurations. These values are checked at job
submission.
- `vault` <code>([Vault](#vault-parameters): &lt;optional&gt;)</code> <EnterpriseAlert inline /> -
Specifies which Vault clusters are allowed to be used from this
namespace. These values are checked at job submission.
- `consul` <code>([Consul](#consul-parameters): &lt;optional&gt;)</code> <EnterpriseAlert inline /> -
Specifies which Consul clusters are allowed to be used from this
namespace. These values are checked at job submission.
### `capabilities` Parameters
- `enabled_task_drivers` `(array<string>: [])` - List of task drivers allowed
in the namespace. If empty all task drivers are allowed.
- `disabled_task_drivers` `(array<string>: [])` - List of task drivers disabled
in the namespace.
- `enabled_network_modes` `(array<string>: [])` - List of network modes allowed
in the namespace. If empty all network modes are allowed.
- `disabled_network_modes` `(array<string>: [])` - List of network modes disabled
in the namespace.
### `node_pool_config` Parameters <EnterpriseAlert inline />
- `default` `(string: "default")` - Specifies the node pool to use for jobs in
this namespace that don't define a node pool in their specification.
- `allowed` `(array<string>: nil)` - Specifies the node pools that are allowed
to be used by jobs in this namespace. By default, all node pools are allowed.
If an empty list is provided only the namespace's default node pool is
allowed. This field supports wildcard globbing through the use of `*` for
multi-character matching. This field cannot be used with `denied`.
- `denied` `(array<string>: nil)` - Specifies the node pools that are not
allowed to be used by jobs in this namespace. This field supports wildcard
globbing through the use of `*` for multi-character matching. If specified,
any node pool is allowed to be used, except for those that match any of these
patterns. This field cannot be used with `allowed`.
### `vault` Parameters <EnterpriseAlert inline />
- `default` `(string: "default")` - Specifies the Vault cluster to use for jobs
in this namespace that don't define a Vault cluster in their specification.
- `allowed` `(array<string>: nil)` - Specifies the Vault clusters that are
allowed to be used by jobs in this namespace. By default, all Vault clusters
are allowed. If an empty list is provided only the namespace's default Vault
cluster is allowed. This field supports wildcard globbing through the use of
`*` for multi-character matching. This field cannot be used with `denied`.
- `denied` `(array<string>: nil)` - Specifies the Vault clusters that are not
allowed to be used by jobs in this namespace. This field supports wildcard
globbing through the use of `*` for multi-character matching. If specified,
any Vault cluster is allowed to be used, except for those that match any of
these patterns. This field cannot be used with `allowed`.
### `consul` Parameters <EnterpriseAlert inline />
- `default` `(string: "default")` - Specifies the Consul cluster to use for jobs
in this namespace that don't define a Consul cluster in their specification.
- `allowed` `(array<string>: nil)` - Specifies the Consul clusters that are
allowed to be used by jobs in this namespace. By default, all Consul clusters
are allowed. If an empty list is provided only the namespace's default Consul
cluster is allowed. This field supports wildcard globbing through the use of
`*` for multi-character matching. This field cannot be used with `denied`.
- `denied` `(array<string>: nil)` - Specifies the Consul clusters that are not
allowed to be used by jobs in this namespace. This field supports wildcard
globbing through the use of `*` for multi-character matching. If specified,
any Consul cluster is allowed to be used, except for those that match any of
these patterns. This field cannot be used with `allowed`.
[cli_ns_apply]: /nomad/docs/commands/namespace/apply
[hcl2]: /nomad/docs/job-specification/hcl2
[jobspecs]: /nomad/docs/job-specification
[federated]: /nomad/tutorials/manage-clusters/federation
[`authoritative_region`]: /nomad/docs/configuration/server#authoritative_region
Reference in New Issue View Git Blame Copy Permalink