»Google Cloud Engine Managed Instance Groups Target

The gce-mig target plugin allows for the scaling of the Nomad cluster clients via manipulating Google Cloud Engine Managed Instance Groups. The plugin supports both regional and zonal groups.

»Agent Configuration Options

The plugin uses the official Google Cloud Golang SDK. This means it supports the common ways of providing credentials to Google Cloud.

It is recommended, if possible to use the Vault GCP Secrets engine for supplying access credentials to the plugin.

Credentials should be injected into the configuration via a template rather than as environment variables. This ensures the credentials are passed only to the plugin, rather than being available for all plugins and the agent process.

target "gce-mig" {
  driver = "gce-mig"
  config = {
    credentials = "local/creds.json"
  }
}
target "gce-mig" {  driver = "gce-mig"  config = {    credentials = "local/creds.json"  }}
  • credentials (string: "") - This is specified as the path to a Google Cloud credentials file, typically for a service account.

»Nomad ACL

When using a Nomad cluster with ACLs enabled, the plugin will require an ACL token which provides the following permissions:

node {
  policy = "write"
}
node {  policy = "write"}

»Policy Configuration Options

check "hashistack-allocated-cpu" {
  # ...
  target "gce-mig" {
    project             = "hashistack-demo"
    region              = "us-west1"
    mig_name            = "nomad-client-hashistack"
    node_class          = "hashistack"
    node_drain_deadline = "5m"
    node_purge          = "true"
  }
  # ...
}
check "hashistack-allocated-cpu" {  # ...  target "gce-mig" {    project             = "hashistack-demo"    region              = "us-west1"    mig_name            = "nomad-client-hashistack"    node_class          = "hashistack"    node_drain_deadline = "5m"    node_purge          = "true"  }  # ...}
  • project (string: <required>) - The Google Cloud Platform project ID within which the managed instance group is running.

  • region (string: "") - The GCP region where the Managed Instance Group resides. Providing this parameter indicates the MIG is regional. Conflicts with zone.

  • zone (string: "") - The GCP zone where the Managed Instance Group resides. Providing this parameter indicates the MIG is zonal. Conflicts with region.

  • mig_name (string: <required>) - The name of the GCE Managed Instance Group to interact with when performing scaling actions.

  • datacenter (string: "") - The Nomad client datacenter identifier used to group nodes into a pool of resource. Conflicts with node_class.

  • node_class (string: "") - The Nomad client node class identifier used to group nodes into a pool of resource. Conflicts with datacenter.

  • node_drain_deadline (duration: "15m") The Nomad drain deadline to use when performing node draining actions. Note that the default value for this setting differs from Nomad's default of 1h.

  • node_drain_ignore_system_jobs (bool: "false") A boolean flag used to control if system jobs should be stopped when performing node draining actions.

  • node_purge (bool: "false") A boolean flag to determine whether Nomad clients should be purged when performing scale in actions.

  • node_selector_strategy (string: "least_busy") The strategy to use when selecting nodes for termination. Refer to the node selector strategy documentation for more information.