search

hashicorp / nomad

Nomad is an easy-to-use, flexible, and performant workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. Nomad is easy to operate and scale and has native Consul and Vault integrations.
https://www.nomadproject.io/
Other
14.56k stars 1.92k forks source link

Feature: Pull in host Docker configuration in Development mode #23419

Open taiidani opened 1 week ago

taiidani commented 1 week ago

Proposal

When nomad agent -dev runs in development mode, it makes a number of choices to simplify the development experience for the person running it. This helps establish a baseline set of behaviors for developing & testing against.

In order to improve the developer experience, this issue proposes that an attempt is made to surface the docker driver registry configuration & auth with the configuration found in the running user's ~/.docker/config.json file so that no manual configuration is required.

Use-cases

For some developers, it can be a common occurrence to develop or test with the docker driver using Docker images that are from a private registry. This requires that the developer configure Nomad further than the -dev argument by providing their own configuration file -- potentially including plaintext secrets on their developer workstation in order to do so.

Were Nomad able to draw in the registry auth (including any registry helpers) from the user's Docker Engine configuration, the developer would be able to pull images from the private registry without performing additional manual action.

Attempted Solutions

I do not know of a way that this can be automated as proposed. When testing against my private registry I had to set it up manually:

  1. Read my existing ~/.docker/config.json file
  2. Migrate the configuration found into Nomad's configuration format

My ~/docker/config.json file, on a macOS machine:

{
        "auths": {
                "docker.artifactory.xxx.engineering": {}
        },
        "credsStore": "desktop",
        "currentContext": "desktop-linux",
        "plugins": {
                "-x-cli-hints": {
                        "enabled": "true"
                },
                "debug": {
                        "hooks": "exec"
                },
                "scout": {
                        "hooks": "pull,buildx build"
                }
        },
        "features": {
                "hooks": "true"
        }
}

As the file notes, I use Docker Desktop's credstore helper. After migrating it to Nomad's HCL I ended up with this snippet:

plugin "docker" {
  config {
    auth {
      helper = "desktop"
    }
  }
}
tgross commented 1 week ago

Hi @taiidani! I really like this idea! There's a few platform-specific design issues to figure out:

I'm going to mark this issue for further discussion and roadmapping.