»Target Plugins

Target Plugins determine where the resource to be autoscaled is located. All target plugins support the dry-run policy config parameter which allows a policy to be evaluated, but will noop any suggested changes.

»Nomad Task Group Target

The Nomad task group target indicates the scalable resource is a Nomad job running on a Nomad cluster.

»Agent Configuration Options

The Nomad target is automatically launched by the Nomad Autoscaler and so the following setup is optional.

target "nomad" {
  driver = "nomad"
}

»Policy Configuration Options

If using the Nomad job specification scaling stanza to configure the scaling policy, the following section can be omitted as Nomad will populate them on job submission.

check {
  ...
  target "nomad" {
    Job   = "example"
    Group = "cache"
  }
  ...
  • job (string: "") - The job identifier which contains the task group to scale as defined within the job specification job stanza.

  • group (string: "") - The name of the task group to scale as defined in the job specification group stanza.

»AWS AutoScaling Group Target

The AWS ASG target plugin allows for the scaling of the Nomad cluster clients via manipulating AWS AutoScaling Groups.

»Agent Configuration Options

To use the AWS ASG target plugin, the agent configuration needs to be populated with the appropriate target block. Authentication to the AWS API can be supplied in a number of ways including EC2 instance roles. It is recommended, if possible to use the Vault AWS Secrets engine for supplying access credentials to the plugin. Credentials should be injected into the configuration via a template rather than as environment variables. This ensures the credentials are passed only to the plugin, rather than being available for all plugins and the agent process.

The IAM policy required for the AWS ASG plugin to function properly is detailed below.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "",
            "Effect": "Allow",
            "Action": [
                "ec2:TerminateInstances",
                "ec2:DescribeInstanceStatus",
                "autoscaling:UpdateAutoScalingGroup",
                "autoscaling:DetachInstances",
                "autoscaling:DescribeScalingActivities",
                "autoscaling:DescribeAutoScalingGroups",
                "autoscaling:CreateOrUpdateTags"
            ],
            "Resource": "*"
        }
    ]
}
target "aws-asg" {
  driver = "aws-asg"
  config = {
    aws_region        = "eu-west-3"
    aws_access_key_id = "AKIAIOSFODNN7EXAMPLE"
    aws_secret_key_id = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
  }
}

When using a Nomad cluster with ACLs enabled, the plugin will require an ACL token which provides the following permissions:

node {
  policy = "write"
}
  • aws_region (string: "us-east-1") - The AWS region identifier to connect to and where resources should be managed.

  • aws_access_key_id (string: "") - The AWS access key ID used to authenticate with the AWS API.

  • aws_secret_key_id (string: "") - The AWS secret key ID used to authenticate with the AWS API.

  • aws_session_token (string: "") - The AWS session token used to authenticate with the AWS API.

»Policy Configuration Options

check {
  ...
  target "aws-asg" {
    aws_asg_name        = "hashistack-client-asg"
    node_class          = "hashistack"
    node_drain_deadline = "5m"
  }
  ...
  • asg_name (string: <required>) - The name of the AWS AutoScaling Group to interact with when performing scaling actions.

  • class (string: <required>) - The Nomad client node class identifier used to group nodes into a pool of resource.

  • drain_deadline (duration: "15m") The Nomad drain deadline to use when performing node draining actions.