github.com/Ilhicas/nomad@v1.0.4-0.20210304152020-e86851182bc3/website/content/docs/autoscaling/plugins/target.mdx (about) 1 --- 2 layout: docs 3 page_title: Target 4 sidebar_title: Target 5 description: Target plugins determine where the resource to be autoscaled is located. 6 --- 7 8 # Target Plugins 9 10 Target Plugins determine where the resource to be autoscaled is located. All 11 target plugins support the `dry-run` policy config parameter which allows a policy 12 to be evaluated, but will noop any suggested changes. 13 14 Below is a list of plugins you can use with the Nomad Autoscaler: 15 16 - [Nomad Task Group][nomad_task_group_target] 17 - [Dynamic Application Sizing Nomad Task][das_task_target] 18 - [AWS AutoScaling Group][aws_asg_target] 19 - [Azure Virtual Machine Scale Set][azure_vmss_target] 20 - [Google Cloud Platform Managed Instance Groups][gcp_mig_target] 21 22 ## Nomad Task Group Target 23 24 The Nomad task group target indicates the scalable resource is a Nomad job 25 running on a Nomad cluster. 26 27 ### Agent Configuration Options 28 29 The Nomad target is automatically launched by the Nomad Autoscaler and so the 30 following setup is optional. 31 32 ```hcl 33 target "nomad" { 34 driver = "nomad" 35 } 36 ``` 37 38 ### Policy Configuration Options 39 40 If using the [Nomad job specification scaling stanza][nomad_scaling_stanza] to 41 configure the scaling policy, the following section can be omitted as Nomad will 42 populate them on job submission. 43 44 ```hcl 45 check "example-check" { 46 ... 47 target "nomad" { 48 Namespace = "default" 49 Job = "example" 50 Group = "cache" 51 } 52 ... 53 ``` 54 55 - `Namespace` `(string: "")` - The namespace in which the job resides as defined 56 by the [`namespace` parameter][nomad_namespace_parameter] within the job 57 specification. 58 59 - `Job` `(string: "")` - The job identifier which contains the task group to 60 scale as defined within the job specification [`job` stanza][nomad_job_stanza]. 61 62 - `Group` `(string: "")` - The name of the task group to scale as defined in the 63 job specification [`group` stanza][nomad_group_stanza]. 64 65 ## Dynamic Application Sizing Nomad Task Target 66 67 <EnterpriseAlert> 68 This functionality only exists in Nomad Autoscaler 69 Enterprise. This is not present in the open source version of Nomad Autoscaler. 70 </EnterpriseAlert> 71 72 The `app-sizing-nomad` target plugin reports on the current task resource value 73 as well as submits recommendations to Nomad via the [recommendations API endpoint][nomad_recommendations_api] 74 based on the result of the Dynamic Application Sizing strategy calculations. 75 76 ### Agent Configuration Options 77 78 The `app-sizing-nomad` plugin is automatically launched by Nomad Autoscaler 79 Enterprise and so the following setup is optional. 80 81 ```hcl 82 target "app-sizing-nomad" { 83 driver = "app-sizing-nomad" 84 } 85 ``` 86 87 ### Policy Configuration Options 88 89 If using the [Nomad job specification scaling stanza][nomad_scaling_stanza] to 90 configure the scaling policy for a task resource, the following section can be 91 omitted as Nomad will populate them on job submission. Please also refer to the 92 [Nomad Autoscaler policy documentation][nomad_autoscaler_policy] for additional 93 detail and guidance. 94 95 ```hcl 96 check "mem" { 97 ... 98 target "app-sizing-nomad" { 99 Namespace = "default" 100 Job = "example" 101 Group = "cache" 102 Task = "Redis" 103 Resource = "MemoryMB" 104 } 105 ... 106 ``` 107 108 - `Region` `(string: "")` - The region in which the job resides as defined 109 by the [`region` parameter][nomad_region_parameter] within the job specification. 110 111 - `Namespace` `(string: "")` - The namespace in which the job resides as defined 112 by the [`namespace` parameter][nomad_namespace_parameter] within the job 113 specification. 114 115 - `Job` `(string: "")` - The job identifier which contains the task group to 116 scale as defined within the job specification [`job` stanza][nomad_job_stanza]. 117 118 - `Group` `(string: "")` - The name of the task group to scale as defined in the 119 job specification [`group` stanza][nomad_group_stanza]. 120 121 - `Task` `(string: "")` - The name of the task to scale as defined in the job 122 specification [`task` stanza][nomad_task_stanza]. 123 124 - `Resource` `(string: "")` - The resource to scale as defined by the job 125 specification [`resource` stanza][nomad_resource_stanza]. Supports either `CPU` 126 or `MemoryMB`. 127 128 ## AWS AutoScaling Group Target 129 130 The AWS ASG target plugin allows for the scaling of the Nomad cluster clients 131 via manipulating [AWS AutoScaling Groups][aws_autoscaling]. 132 133 ### Agent Configuration Options 134 135 To use the AWS ASG target plugin, the agent configuration needs to be populated 136 with the appropriate target block. Authentication to the AWS API can be supplied 137 in a number of ways including EC2 instance roles. It is recommended, if possible 138 to use the [Vault AWS Secrets engine][vault_aws_backend] for supplying access 139 credentials to the plugin. Credentials should be injected into the configuration 140 via a template rather than as environment variables. This ensures the credentials 141 are passed only to the plugin, rather than being available for all plugins and 142 the agent process. 143 144 The IAM policy required for the AWS ASG plugin to function properly is detailed 145 below. 146 147 ```json 148 { 149 "Version": "2012-10-17", 150 "Statement": [ 151 { 152 "Sid": "", 153 "Effect": "Allow", 154 "Action": [ 155 "ec2:TerminateInstances", 156 "ec2:DescribeInstanceStatus", 157 "autoscaling:UpdateAutoScalingGroup", 158 "autoscaling:DetachInstances", 159 "autoscaling:DescribeScalingActivities", 160 "autoscaling:DescribeAutoScalingGroups", 161 "autoscaling:CreateOrUpdateTags" 162 ], 163 "Resource": "*" 164 } 165 ] 166 } 167 ``` 168 169 ```hcl 170 target "aws-asg" { 171 driver = "aws-asg" 172 config = { 173 aws_region = "eu-west-3" 174 aws_access_key_id = "AKIAIOSFODNN7EXAMPLE" 175 aws_secret_access_key = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" 176 } 177 } 178 ``` 179 180 When using a Nomad cluster with ACLs enabled, the plugin will require an ACL token which provides 181 the following permissions: 182 183 ```hcl 184 node { 185 policy = "write" 186 } 187 ``` 188 189 - `aws_region` `(string: "us-east-1")` - The [AWS region][aws_region] identifier 190 to connect to and where resources should be managed. 191 192 - `aws_access_key_id` `(string: "")` - The AWS access key ID used to authenticate 193 with the AWS API. 194 195 - `aws_secret_access_key` `(string: "")` - The AWS secret key ID used to authenticate 196 with the AWS API. 197 198 - `aws_session_token` `(string: "")` - The AWS session token used to authenticate 199 with the AWS API. 200 201 ### Policy Configuration Options 202 203 ```hcl 204 check "hashistack-allocated-cpu" { 205 ... 206 target "aws-asg" { 207 aws_asg_name = "hashistack-client-asg" 208 node_class = "hashistack" 209 node_drain_deadline = "5m" 210 node_purge = "true" 211 } 212 ... 213 ``` 214 215 - `aws_asg_name` `(string: <required>)` - The name of the AWS AutoScaling Group to 216 interact with when performing scaling actions. 217 218 - `node_class` `(string: <required>)` - The Nomad [client node class][nomad_node_class] 219 identifier used to group nodes into a pool of resource. 220 221 - `node_drain_deadline` `(duration: "15m")` The Nomad [drain deadline][nomad_node_drain_deadline] 222 to use when performing node draining actions. 223 224 - `node_drain_ignore_system_jobs` `(bool: "false")` A boolean flag used to control if 225 system jobs should be stopped when performing node draining actions. 226 227 - `node_purge` `(bool: "false")` A boolean flag to determine whether Nomad clients should 228 be [purged][nomad_node_purge] when performing scale in actions. 229 230 ## Azure Virtual Machine Scale Set Target 231 232 The Azure VMSS target plugin allows for the scaling of the Nomad cluster clients 233 via manipulating [Azure Virtual Machine Scale Sets][azure_virtual_machine_scale_sets]. 234 235 ~> The Azure VMSS target plugin requires Azure fingerprinting, which became 236 available in Nomad 1.0. If you are running a previous version of Nomad you will 237 to set a [meta tag][client_meta_tag] in all of your nodes. 238 239 ### Agent Configuration Options 240 241 To use the Azure VMSS target plugin, the agent configuration needs to be populated 242 with the appropriate target block. Authentication to the Azure API can be supplied 243 in a number of ways. 244 245 #### Virtual Machine Identities 246 247 When using [virtual machine identities][vm_identity] you will need to provide a 248 user-managed identity with the `Contributor` role and set the `subscription_id` 249 in the Autoscaler configuration file: 250 251 ```hcl 252 target "azure-vmss" { 253 driver = "azure-vmss" 254 config = { 255 subscription_id = "ee0886ab-5cc2-4583-a3f0-c4bfd044ee82" 256 } 257 } 258 ``` 259 260 #### Configuration file 261 262 Credentials should be injected into the configuration via a template rather 263 than as environment variables. This ensures the credentials are passed only to 264 the plugin, rather than being available for all plugins and the agent process. 265 It is recommended, if possible to use the 266 [Vault Azure Secrets engine][vault_azure_backend] for supplying access 267 credentials to the plugin. 268 269 ```hcl 270 target "azure-vmss" { 271 driver = "azure-vmss" 272 config = { 273 tenant_id = "02e99e69-91b0-4d0a-bd61-bf5c08fbfbab" 274 client_id = "34c276fa-2a74-4cf9-9fce-4e60642274cb" 275 secret_access_key = "ThisIrznTIS_~FAKEj4X93FTyAgilUC511" 276 subscription_id = "ee0886ab-5cc2-4583-a3f0-c4bfd044ee82" 277 } 278 } 279 ``` 280 281 - `tenant_id` `(string: "")` - The ID of the tenant to authenticate to. 282 283 - `client_id` `(string: "")` - The app ID of the user-assigned identity in Azure 284 Active Directory. 285 286 - `secret_access_key` `(string: "")` - The secret key ID used to authenticate 287 with the Azure API. 288 289 - `subscription_id` `(string: "")` - The ID of the subscription to authenticate 290 to. 291 292 #### Nomad ACL 293 294 When using a Nomad cluster with ACLs enabled, the plugin will require an ACL token 295 which provides the following permissions: 296 297 ```hcl 298 node { 299 policy = "write" 300 } 301 ``` 302 303 ### Policy Configuration Options 304 305 ```hcl 306 check "clients-azure-vmss" { 307 ... 308 target "azure-vmss" { 309 resource_group = "prod" 310 vm_scale_set = "hashistack-client-set" 311 node_class = "hashistack" 312 node_drain_deadline = "5m" 313 node_purge = "true" 314 } 315 ... 316 ``` 317 318 - `resource_group` `(string: <required>)` - The name of the [Azure resource group][azure_resource_group] 319 within which the virtual machine scale set resides. 320 321 - `vm_scale_set` `(string: <required>)` - The name of the Azure virtual machine 322 scale set to interact with when performing scaling actions. 323 324 - `node_class` `(string: <required>)` - The Nomad [client node class][nomad_node_class] 325 identifier used to group nodes into a pool of resource. 326 327 - `node_drain_deadline` `(duration: "15m")` The Nomad [drain deadline][nomad_node_drain_deadline] 328 to use when performing node draining actions. 329 330 - `node_drain_ignore_system_jobs` `(bool: "false")` A boolean flag used to control if 331 system jobs should be stopped when performing node draining actions. 332 333 - `node_purge` `(bool: "false")` A boolean flag to determine whether Nomad clients should 334 be [purged][nomad_node_purge] when performing scale in actions. 335 336 ### Client meta tag 337 338 The Azure VMSS target plugin requires Nomad 1.0 for Azure fingerprinting. 339 Alternatively, you can set a [client meta tag][client_meta_tag_docs] called 340 `unique.platform.azure.name` with the value being the Azure VMSS node name. 341 This can be retrieved programatically via the 342 [Azure Instance Metadata service][azure_instance_metadata]. 343 344 ## Google Cloud Platform Managed Instance Groups Target 345 346 The GCP MIG target plugin allows for the scaling of the Nomad cluster clients 347 via manipulating [Google Cloud Platform Managed Instance Groups][gcp_migs]. The 348 plugin supports both regional and zonal groups. 349 350 ### Agent Configuration Options 351 352 The plugin uses the official Google Cloud Golang SDK. This means it supports the 353 common ways of [providing credentials to Google Cloud][gcp_credentials]. It is 354 recommended, if possible to use the [Vault GCP Secrets engine][vault_gcp_backend] 355 for supplying access credentials to the plugin. Credentials should be injected 356 into the configuration via a template rather than as environment variables. This 357 ensures the credentials are passed only to the plugin, rather than being available 358 for all plugins and the agent process. 359 360 ```hcl 361 target "gcp-mig" { 362 driver = "gcp-mig" 363 config = { 364 credentials = "local/creds.json" 365 } 366 } 367 ``` 368 369 - `credentials` `(string: "")` - This is specified as the path to a Google Cloud 370 credentials file, typically for a service account. 371 372 When using a Nomad cluster with ACLs enabled, the plugin will require an ACL token 373 which provides the following permissions: 374 375 ```hcl 376 node { 377 policy = "write" 378 } 379 ``` 380 381 ### Policy Configuration Options 382 383 ```hcl 384 check "hashistack-allocated-cpu" { 385 ... 386 target "gcp-mig" { 387 project = "hashistack-demo" 388 region = "us-west1" 389 mig_name = "nomad-client-hashistack" 390 node_class = "hashistack" 391 node_drain_deadline = "5m" 392 node_purge = "true" 393 } 394 ... 395 ``` 396 397 - `project` `(string: <required>)` - The [Google Cloud Platform project ID][gcp_projects] 398 within which the managed instance group is running. 399 400 - `region` `(string: "")` - The GCP region where the Managed Instance Group resides. 401 Providing this parameter indicates the MIG is regional. Conflicts with `zone`. 402 403 - `zone` `(string: "")` - The GCP zone where the Managed Instance Group resides. 404 Providing this parameter indicates the MIG is zonal. Conflicts with `region`. 405 406 - `mig_name` `(string: <required>)` - The name of the GCP Managed Instance Group 407 to interact with when performing scaling actions. 408 409 - `node_class` `(string: <required>)` - The Nomad [client node class][nomad_node_class] 410 identifier used to group nodes into a pool of resource. 411 412 - `node_drain_deadline` `(duration: "15m")` The Nomad [drain deadline][nomad_node_drain_deadline] 413 to use when performing node draining actions. 414 415 - `node_drain_ignore_system_jobs` `(bool: "false")` A boolean flag used to control if 416 system jobs should be stopped when performing node draining actions. 417 418 - `node_purge` `(bool: "false")` A boolean flag to determine whether Nomad clients should 419 be [purged][nomad_node_purge] when performing scale in actions. 420 421 [nomad_node_class]: /docs/configuration/client#node_class 422 [nomad_node_drain_deadline]: /api-docs/nodes#deadline 423 [nomad_scaling_stanza]: /docs/job-specification/scaling 424 [nomad_group_stanza]: /docs/job-specification/group#group-stanza 425 [nomad_job_stanza]: /docs/job-specification/job#job-stanza 426 [aws_region]: https://aws.amazon.com/about-aws/global-infrastructure/regions_az/ 427 [aws_autoscaling]: https://aws.amazon.com/autoscaling/ 428 [vault_aws_backend]: https://www.vaultproject.io/docs/secrets/aws 429 [nomad_node_purge]: /api-docs/nodes#purge-node 430 [nomad_recommendations_api]: /api-docs/recommendations 431 [nomad_task_stanza]: /docs/job-specification/task#task-stanza 432 [nomad_resource_stanza]: /docs/job-specification/resources#resources-stanza 433 [nomad_namespace_parameter]: /docs/job-specification/job#namespace 434 [nomad_region_parameter]: /docs/job-specification/job#region 435 [nomad_autoscaler_policy]: /docs/autoscaling/policy 436 [azure_virtual_machine_scale_sets]: https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/overview 437 [vault_azure_backend]: https://www.vaultproject.io/docs/secrets/azure 438 [azure_resource_group]: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/manage-resource-groups-portal#what-is-a-resource-group 439 [nomad_task_group_target]: /docs/autoscaling/plugins/target#nomad-task-group-target 440 [aws_asg_target]: /docs/autoscaling/plugins/target#aws-autoscaling-group-target 441 [azure_vmss_target]: /docs/autoscaling/plugins/target#azure-virtual-machine-scale-set-target 442 [vm_identity]: https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/ 443 [client_meta_tag_docs]: https://www.nomadproject.io/docs/configuration/client#meta 444 [client_meta_tag]: /docs/autoscaling/plugins/target#client-meta-tag 445 [azure_instance_metadata]: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service 446 [das_task_target]: /docs/autoscaling/plugins/target#dynamic-application-sizing-nomad-task-target 447 [gcp_migs]: https://cloud.google.com/compute/docs/instance-groups/ 448 [vault_gcp_backend]: https://www.vaultproject.io/docs/secrets/gcp 449 [gcp_credentials]: https://cloud.google.com/docs/authentication/production#providing_credentials_to_your_application 450 [gcp_projects]: https://cloud.google.com/resource-manager/docs/creating-managing-projects 451 [gcp_mig_target]: /docs/autoscaling/plugins/target#google-cloud-platform-managed-instance-groups-target