Support to run pods from yaml definitions

[ghost]

First, I have to say that I am very much a novice regarding both Nomad and Podman.

Exploring podman, I have found that it supports pods the same way as Kubernetes does - guess thats the reason for the name.

This means that a yaml file in the same format as the Kubernetes pod definition files can both be generated and played, launching one or multiple containers as specified: https://github.com/containers/libpod/blob/master/docs/source/markdown/podman-play-kube.1.md

The central point of this is that all containers in a pod share the same namespaces. This is essential to the pod concept, allowing composition of multiple ready-made, unchanged docker images to a useful unit which is always managed as a whole.

According to the following issue, it isn't foreseeable that Nomad tasks will be able to share the same namespace due to architectural constraints: hashicorp/nomad#3622

Therefore, this seems to be something that should be supported by the podman driver / task itself as an alternative operation mode to the "single container" approach.

Basically, a way should be provided to be able to run an entire pod from a pod definition file.

Does this seem like a sensible approach? I am not sure if and how this fits into the architecture of Nomad, as I don't really know it, but in theory I would assume that a pod is just another type of workload, not that much different from a single container.

[towe75]

Well, this is a bit of a clash between nomad, podman and kubernetes concepts. Nomad has task groups instead of pods. A task group can be used to relate several containers. It's, however, up to the job author to define what "sharing" exactly means. Nomad guarantees that the complete group is colocated on the same host but the author can freely mix various types of tasks (podman, docker, java, rawexec, ...).

Coming back to your pod idea: we can assume that at least a subset of a podman pod could be represented as a Nomad group. But it would mean to transform the (kubernetes)yml into Nomads job description language. Otherwise Nomad would be unable to supervise the containers and to properly track changes etc. Simply hiding an entire pod within a task would hide to much details from Nomad.

In concrete i propose to add driver specific options to dynamically form a pod from two or more containers in a group. You would get shared network namespaces without loosing Nomads benefits.

[tpetry]

In concrete i propose to add driver specific options to dynamically form a pod from two or more containers in a group. You would get shared network namespaces without loosing Nomads benefits.

That would be great! Just a "podname" setting in the nomad job description and the nomad podman driver would create pods on-the-fly and start the containers within the defined pods. If the setting is not used a random pod could be created for every container to be run to follow the podman principle of running docker containers.

[x70b1]

In concrete i propose to add driver specific options to dynamically form a pod from two or more containers in a group. You would get shared network namespaces without loosing Nomads benefits.

A pod definition would be awesome! Talking over localhost would simplify the deploment of smaller pods.

[computator]

I am not sure if it works the same with the podman driver, but for the docker driver anything in the same task group shares the same network namespace (like a pod does) when the network mode is set to bridge. This is a feature of nomad itself, not so much the docker driver. Here's an incomplete jobspec stripped from one of my services illustrating some of the relevant aspects:

job "example" {
  datacenters = ["dc1"]
  type = "service"

  group "example" {
    network {
      mode = "bridge"
    }

    task "php" {
      driver = "docker"
      config {
        image = "php:7.4-fpm"
      }
    }

    task "web" {
      driver = "docker"
      env {
        FASTCGI_HOST = "127.0.0.1:9000"
      }
      config {
        image = "nginx"
      }
      resources {
        cpu = 200 #MHz
        memory = 64 #MB
      }
    }
  }
}

[jkacou]

Hello,
Do we have any update on this topic?

1. We have a fully supported and stable podman driver (couldn't be add as a podman driver variant/option?)
2. We already have a pod definition in hcl with the k8s TF provider (couldn't it be transferable to podman in nomad configs?)
   I am not aware about the architecture implications of this feature but really interested about that in Nomad (and visibly not alone)
   the main point is to have multiple contianers in task (so a pod) for run and operation as well and representing one component (with observability/additional parts embeded and indisiciable from it)

[shoenig]

I think this feature - if possible - should be implemented in a separate task driver. The driver in this repository is oriented around representing a single Podman container as a Nomad Task - very similar to the Docker driver. The notion of representing a Podman pod as a Nomad Task, while intriguing, is probably going to take more code to make work than what is currently in this repository already. That amount of effort isn't something we can commit to, and so I'll close this issue to help set expectations.

If someone does implement a podman-pod task driver, definitely open a PR to link to it from the Community task drivers page in the Nomad docs.