Red Hat Podman and HashiCorp Nomad integration matures
Improvements in the integration of Red Hat Podman and HashiCorp Nomad make it suitable for high-value applications and workflows.
One of the core goals of the HashiCorp Nomad team is to enable users to run workloads the way they like.
That goal extends to the Red Hat Podman container engine for running OCI Linux containers. Through community-driven efforts, running Podman tasks in Nomad has been possible with the Podman task driver plugin for some time.
Thanks to recent community efforts, we’ve made progress maturing the Podman and Nomad integration for high-value applications and workflows. This post shares some of the new features of the Nomad-Podman integration.
» The Nomad-Podman integration has matured
The latest enhancements to the Nomad-Podman integration add support for:
- Running Podman containers in task groups with bridge networking enabled
- Authentication options in the task driver config
- Specifying a credentials helper or external credentials configuration file for working with private registries (via Podman driver support)
Although there is still work to be done, the progress made opens doors to new Podman use cases that were tedious, if not impossible, before.
» Podman and Consul service mesh
Nomad 1.7, released in GA this month, takes advantage of these developments to provide a more seamless experience when using Podman in conjunction with our HashiCorp Consul service mesh integration.
Consul service mesh requires the use of an Envoy sidecar proxy for each task participating in
the network mesh. Since its inception, the Nomad integration for Consul service mesh has defaulted to a Docker-specific task configuration for these Envoy sidecars. Now, Nomad will automatically detect if Podman is the most suitable task driver and generate an Envoy task configuration that runs Envoy as a Podman container. Job submitters no longer need to specify a custom connect.sidecar_task
block.
» Why use Podman instead of Docker?
There are substantial advantages to using Podman as a task driver instead of Docker:
- Podman does not require running
dockerd
andcontainerd
as root processes on every node. - Podman makes clever use of
systemd
socket activation to launch containers. Most mainstream Linux distributions are based on systemd, providing widespread out-of-the-box support. - Unlike Docker, Podman does not require pause containers to support the bridge networking use case
Earlier in this post, we discussed how Envoy containers run alongside each Nomad task when using the Consul service mesh integration. With Docker, each task group with one of those Envoy containers actually requires a second sidecar — the pause container — which is necessary due to the special way Docker creates network namespaces.
Since Podman works with the conventional network namespaces created and managed by the Nomad client, there is no need for that extra sidecar. In a cluster with thousands of tasks participating in a service mesh, the savings on CPU, memory, disk, and bandwidth can be significant.
» More maturity on the way
These improvements to the Nomad-Podman integration story are only the beginning. Going forward, we intend to provide first-class support for rootless Podman, address outstanding bug reports, enhance our Podman integration test coverage, and update the plugin-packaging.
To find out more about the Nomad-Podman integration, please visit our Podman task driver page.
Sign up for the latest HashiCorp news
More blog posts like this one
Nomad 1.9 adds NVIDIA MIG support, golden job versions, and more
HashiCorp Nomad 1.9 introduces NVIDIA multi-instance GPU support, NUMA and quotas for devices, exec2 GA, and golden job versions.
Terraform, Packer, Nomad, and Waypoint updates help scale ILM at HashiConf 2024
New Infrastructure Lifecycle Management (ILM) offerings from HashiCorp Terraform, Packer, Nomad, and Waypoint help organizations manage their infrastructure at scale with reduced complexity.
Terraform Enterprise improves deployment flexibility with Nomad and OpenShift
Customers can now deploy Terraform Enterprise using Red Hat OpenShift or HashiCorp Nomad runtime platforms.