github.com/anth0d/nomad@v0.0.0-20221214183521-ae3a0a2cad06/website/content/tools/autoscaling/plugins/target/azure-vmss.mdx (about) 1 --- 2 layout: docs 3 page_title: 'Autoscaling Plugins: Azure VMSS' 4 description: The "azure-vmss" target plugin scales an Azure Virtual Machine Scale Set. 5 --- 6 7 # Azure Virtual Machine Scale Set Target 8 9 The `azure-vmss` target plugin allows for the scaling of the Nomad cluster 10 clients via manipulating [Azure Virtual Machine Scale 11 Sets][azure_virtual_machine_scale_sets]. 12 13 ~> The `azure-vmss` target plugin requires Azure fingerprinting, which was 14 added in Nomad 1.0. If you are running a previous version of Nomad you will to 15 set a [meta tag][client_meta_tag] in all of your nodes. 16 17 ## Agent Configuration Options 18 19 To use the `azure-vmss` target plugin, the agent configuration needs to be 20 populated with the appropriate target block. Authentication to the Azure API 21 can be supplied in a number of ways. 22 23 ### Virtual Machine Identities 24 25 When using [virtual machine identities][azure_vm_identity] you will need to 26 provide a user-managed identity with the `Contributor` role and set the 27 `subscription_id` in the Autoscaler configuration file: 28 29 ```hcl 30 target "azure-vmss" { 31 driver = "azure-vmss" 32 config = { 33 subscription_id = "ee0886ab-5cc2-4583-a3f0-c4bfd044ee82" 34 } 35 } 36 ``` 37 38 ### Configuration file 39 40 Credentials should be injected into the configuration via a template rather 41 than as environment variables. This ensures the credentials are passed only to 42 the plugin, rather than being available for all plugins and the agent process. 43 It is recommended, if possible to use the [Vault Azure Secrets 44 engine][vault_azure_backend] for supplying access credentials to the plugin. 45 46 ```hcl 47 target "azure-vmss" { 48 driver = "azure-vmss" 49 config = { 50 tenant_id = "02e99e69-91b0-4d0a-bd61-bf5c08fbfbab" 51 client_id = "34c276fa-2a74-4cf9-9fce-4e60642274cb" 52 secret_access_key = "ThisIrznTIS_~FAKEj4X93FTyAgilUC511" 53 subscription_id = "ee0886ab-5cc2-4583-a3f0-c4bfd044ee82" 54 } 55 } 56 ``` 57 58 - `tenant_id` `(string: "")` - The ID of the tenant to authenticate to. 59 60 - `client_id` `(string: "")` - The app ID of the user-assigned identity in 61 Azure Active Directory. 62 63 - `secret_access_key` `(string: "")` - The secret key ID used to authenticate 64 with the Azure API. 65 66 - `subscription_id` `(string: "")` - The ID of the subscription to authenticate 67 to. 68 69 ### Nomad ACL 70 71 When using a Nomad cluster with ACLs enabled, the plugin will require an ACL 72 token which provides the following permissions: 73 74 ```hcl 75 node { 76 policy = "write" 77 } 78 ``` 79 80 ## Policy Configuration Options 81 82 ```hcl 83 check "clients-azure-vmss" { 84 # ... 85 target "azure-vmss" { 86 resource_group = "prod" 87 vm_scale_set = "hashistack-client-set" 88 node_class = "hashistack" 89 node_drain_deadline = "5m" 90 node_purge = "true" 91 } 92 # ... 93 94 ``` 95 96 - `resource_group` `(string: <required>)` - The name of the [Azure resource 97 group][azure_resource_group] within which the virtual machine scale set 98 resides. 99 100 - `vm_scale_set` `(string: <required>)` - The name of the Azure virtual machine 101 scale set to interact with when performing scaling actions. 102 103 - `datacenter` `(string: "")` - The Nomad client [datacenter][nomad_datacenter] 104 identifier used to group nodes into a pool of resource. 105 106 - `node_class` `(string: "")` - The Nomad [client node class][nomad_node_class] 107 identifier used to group nodes into a pool of resource. 108 109 - `node_drain_deadline` `(duration: "15m")` The Nomad [drain 110 deadline][nomad_node_drain_deadline] to use when performing node draining 111 actions. **Note that the default value for this setting differs from Nomad's 112 default of 1h.** 113 114 - `node_drain_ignore_system_jobs` `(bool: "false")` A boolean flag used to 115 control if system jobs should be stopped when performing node draining 116 actions. 117 118 - `node_purge` `(bool: "false")` A boolean flag to determine whether Nomad 119 clients should be [purged][nomad_node_purge] when performing scale in 120 actions. 121 122 - `node_selector_strategy` `(string: "least_busy")` The strategy to use when 123 selecting nodes for termination. Refer to the [node selector 124 strategy][node_selector_strategy] documentation for more information. 125 126 ### Client meta tag 127 128 The `azure-vmss` target plugin requires Nomad 1.0 for Azure fingerprinting. 129 Alternatively, you can set a [client meta tag][nomad_client_meta_tag] called 130 `unique.platform.azure.name` with the value being the Azure VMSS node name. 131 This can be retrieved programatically via the [Azure Instance Metadata 132 service][azure_instance_metadata]. 133 134 [azure_instance_metadata]: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service 135 136 [azure_resource_group]: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/manage-resource-groups-portal#what-is-a-resource-group 137 138 [azure_virtual_machine_scale_sets]: https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/overview 139 140 [azure_vm_identity]: https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/ 141 142 [client_meta_tag]: #client-meta-tag 143 144 [node_selector_strategy]: /tools/autoscaling/internals/node-selector-strategy 145 146 [nomad_datacenter]: /docs/configuration#datacenter 147 148 [nomad_client_meta_tag]: /docs/configuration/client#meta 149 150 [nomad_node_class]: /docs/configuration/client#node_class 151 152 [nomad_node_drain_deadline]: /api-docs/nodes#deadline 153 154 [nomad_node_purge]: /api-docs/nodes#purge-node 155 156 [vault_azure_backend]: https://www.vaultproject.io/docs/secrets/azure