search

hashicorp / nomad

Nomad is an easy-to-use, flexible, and performant workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. Nomad is easy to operate and scale and has native Consul and Vault integrations.
https://www.nomadproject.io/
Other
14.78k stars 1.94k forks source link

Allow explicit re-render of template #17520

Open nvanthao opened 1 year ago

nvanthao commented 1 year ago

Proposal

Add new parameter render_on_task_restart for template block. When this boolean flag is set to true, the template will be re-rendered when a task is restarted.

The flag can be added to the check here.

https://github.com/hashicorp/nomad/blob/b30f76e7d72114f9d06a4ee2c34c7242a1f5572c/client/allocrunner/taskrunner/template_hook.go#L98-L101

Use-cases

For template retrieving secrets from Vault, due to lack of blocking query in Vault, the template will only re-render when getting closer to the lease duration. This is not ideal when Vault secret is no longer relevant, e.g. lease get revoked.

Having this parameter will enable template to be re-rendered explicitly when the task is restarted.

Attempted Solutions

The current workaround is to modify jobspec with some unique meta so that new alloc will be created, which means template will be re-rendered.

I can help with the PR if the feature request is accepted.

jrasell commented 1 year ago

Hi @nvanthao and thanks for raising this feature request and I think it makes sense and would be a useful addition.

nvanthao commented 1 year ago

Thanks @jrasell,

I have submitted a PR adding the new flag at task block level.

Please let me know how it goes.