Open kingindanord opened 2 years ago
Hi @kingindanord! Can you help us clarify what you're looking for - recommended jobspec files/templates for installing the Waypoint server & runner, or do you mean supplying a jobspec (for the server, static runner, and ODR) to the waypoint install
command?
Hi @paladin-devops! a tutorial or more documentation on deploying Waypoint in a production environment with the assumption that all other related compononts have TLS and ACLs enabled would be great for sure.
Regarding the installation, I am not using waypoint install
anymore. I switched to creating the waypoint server with a Nomad Job, bootstraping the server then deploying a remote Waypoint runner also with a Nomad Job. This part works fine.
However, my current pain point is to customize ODR and make it work at all. So what I am doing now is that I am creating a new Docker/OCI image extended from hashicorp/waypoint-odr
and add my workarounds there. For example, changing the DNS resolver configuration or else the ODR containers can not communicate with the server. For this in Dockerfile
I add ENTRYPOINT ["/etc/run.sh"]
and the /etc/run.sh looks like this
#!/bin/ash
cat <<EOF > /etc/resolv.conf
search eu-west-1.compute.internal
nameserver 172.17.0.1
options edns0
EOF
/kaniko/waypoint "$@"
I thought this one could be changed within the -plugin-config
when creating a runner profile, somewhere within the nomad_plugin.json
file bellow, but I did not have luck with that.
cat <<EOF > nomad_plugin.json
{
"datacenter": "brain",
"namespace": "default",
"nomad_host": "https://nomad.service.brain.consul:4646",
"region": "global",
"resources_cpu": "1200",
"resources_memory": "1200"
}
EOF
waypoint runner profile set -app=app -project=test -name=nomad -oci-url=local-docker-registry.service.brain.consul:5000/waypoint-odr-vault:v0.1.1 \
-plugin-type=nomad -plugin-config=nomad_plugin.json -default \
-env-var='WAYPOINT_SERVER_ADDR=waypoint-server.service.consul:9701' \
-env-var='WAYPOINT_SERVER_TLS=true' \
-env-var='WAYPOINT_SERVER_TLS_SKIP_VERIFY=true'
So my idea is, why not to allow to supply a complete nomad jobspec in -plugin-config
or a new option when creating a runner profile.
I hope this helps and give more clarity.
I would also like to see a more production like tutorial for Nomad. I'm trying Waypoint out in my home-lab, and have spent hours trying to get it working with my TLS+ACL'd Nomad cluster.
Some non-obvious things that should be included in a Nomad tutorial:
# Runner can't spawn jobs on ACL nomad without:
waypoint config set -runner -scope=global NOMAD_TOKEN=22d...
# Kaniko doesn't think it is in a container without:
waypoint config set -runner -scope=global container=docker
It would really be helpful to set the DNS for waypoint in some way. Currently it's defaulting to 8.8.8.8 and it can't resolve local dns addresses provided by consul.
How to set programmatically in waypoint.hcl the nomad url?
app "app-frontend-waypoint" {
#
labels = {
}
#
build {
#use "pack" {}
use "docker" {}
registry {
# so now we can create the correct image for production
use "docker" {
}
}
}
#
deploy {
use "nomad-jobspec" {
}
}
Just to summarize the work items from this ticket:
I think that the 1st item in this list could be accomplished with a Nomad Pack for Waypoint, where variables could be templated into the pack for custom values, not unlike how there is a Helm chart for installing Waypoint to Kubernetes.
And @Allan-Nava, to set the Nomad URL, there are a couple of options. The plugin configuration for the Nomad task launcher has the nomad_host
configuration. This is the address which will be used to launch on-demand runners in Nomad. You can also set the NOMAD_ADDR
environment variable for runner configuration via this command: waypoint config set -runner -scope=global NOMAD_ADDR=http://localhost:4646
.
And @Allan-Nava, to set the Nomad URL, there are a couple of options. The plugin configuration for the Nomad task launcher has the
nomad_host
configuration. This is the address which will be used to launch on-demand runners in Nomad. You can also set theNOMAD_ADDR
environment variable for runner configuration via this command:waypoint config set -runner -scope=global NOMAD_ADDR=http://localhost:46461
.
I wanna use waypoint in production to CI for my applications
But in "nomad-jobspec" is it possible to force the nomad_host ?
And is there any CI like Circle CI to implement the testing code?
But in "nomad-jobspec" is it possible to force the nomad_host ?
If you're using a local runner (meaning if when you run Waypoint operations such as waypoint build
, you use the flag -local=true
), simply exporting the environment variable NOMAD_ADDR=
If you're using remote runners, then I recommend using the other method I mentioned, waypoint config set -runner -scope=global NOMAD_ADDR=http://localhost:4646
. The runner system will use this configuration to inform the Nomad plugin of what Nomad endpoint to communicate with for deploying your job. 😃
And is there any CI like Circle CI to implement the testing code?
There is no "test" phase of the Waypoint lifecycle. However, with the recent release of custom pipelines, you can absolutely run tests in a pipeline!
But in "nomad-jobspec" is it possible to force the nomad_host ?
If you're using a local runner (meaning if when you run Waypoint operations such as
waypoint build
, you use the flag-local=true
), simply exporting the environment variable NOMAD_ADDR=should be sufficient. If you're using remote runners, then I recommend using the other method I mentioned,
waypoint config set -runner -scope=global NOMAD_ADDR=http://localhost:4646
. The runner system will use this configuration to inform the Nomad plugin of what Nomad endpoint to communicate with for deploying your job. 😃And is there any CI like Circle CI to implement the testing code?
There is no "test" phase of the Waypoint lifecycle. However, with the recent release of custom pipelines, you can absolutely run tests in a pipeline!
Ok perfect! thanks for the explanation
How can I implement the custom pipelines?
@Allan-Nava our latest and greatest documentation on pipelines is here on our docs site! Let us know if you have any feedback. 😄
@Allan-Nava our latest and greatest documentation on pipelines is here on our docs site! Let us know if you have any feedback. 😄
I will try
Is your feature request related to a problem? Please describe.
there are many pieces missing when working with Waypoint on Nomad Platform
for example:
Describe the solution you'd like
Be able to provide a complete Nomad Job Specification when creating Waypoint cluster and runners. In this case, we will be able to provide all the needed secrets and artifiacts at the run time and have the possibility to render them from Vault, in addition to having more control over other aspects of the job like network stanza.
Describe alternatives you've considered
I couldn't make the official guidelines work for my setup yet. My last try will be to hard code all of missing configuration on a custom ODR image and use it, which is far away of being a good practice.
Explain any additional use-cases
It will be very helpful if we could specify in the runner profile which Nomad Job Specification template On-demand runners should use.
something like this:
odr-template.hcl