Auto fetch agent consul token #23473
Comments
|
Hi @jorgemarey, thanks for a suggestion. Indeed we do have future plans of improving Consul integration based on WI tokens, but it's not currently on our next release roadmap and it's hard for us to commit to a timeline here. It's definitely something we will be revisiting in the future though. |
github-project-automation
bot
moved this to Needs Triage
in Nomad - Community Issues Triage
|
I also wanted to leave a note here that this rolls up into a concept we've been talking about internally as Node Identity. See also #16574 for related ideas. |
jrasell
moved this from Needs Triage
to Needs Roadmapping
in Nomad - Community Issues Triage
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Proposal
With the addition of workload identities nomad would fetch automatically consul tokens for services and tasks, but we still need to provide a consul token for nomad to be able to perform other operations in consul.
Maybe nomad servers could also issue a jwt for clients that this use for login and retrieval of the consul token used by the agent.
A configuration option could be provided as
agent_auth_method, similar to the ones present currently for tasks and servicesThe issued jwt could have the node_class, node_pool and name.
This would avoid needing to set a consul token on configuration.
I don't know if this is possible by how nomad currently starts and connects with the servers. But if it's possible I think it would be an improvement.
The text was updated successfully, but these errors were encountered: