diff --git a/website/source/docs/job-specification/group.html.md b/website/source/docs/job-specification/group.html.md index f45652c50..a7e275ec2 100644 --- a/website/source/docs/job-specification/group.html.md +++ b/website/source/docs/job-specification/group.html.md @@ -99,8 +99,8 @@ group "example" { } ``` -[task]: /docs/job-specification/task.html "Nomad task Specification" -[job]: /docs/job-specification/job.html "Nomad job Specification" -[constraint]: /docs/job-specification/constraint.html "Nomad constraint Specification" -[meta]: /docs/job-specification/meta.html "Nomad meta Specification" -[restart]: /docs/job-specification/restart.html "Nomad restart Specification" +[task]: /docs/job-specification/task.html "Nomad task Job Specification" +[job]: /docs/job-specification/job.html "Nomad job Job Specification" +[constraint]: /docs/job-specification/constraint.html "Nomad constraint Job Specification" +[meta]: /docs/job-specification/meta.html "Nomad meta Job Specification" +[restart]: /docs/job-specification/restart.html "Nomad restart Job Specification" diff --git a/website/source/docs/job-specification/job.html.md b/website/source/docs/job-specification/job.html.md index e7659b79c..f1b50e354 100644 --- a/website/source/docs/job-specification/job.html.md +++ b/website/source/docs/job-specification/job.html.md @@ -33,6 +33,10 @@ job "docs" { "my-key" = "my-value" } + periodic { + # ... + } + priority = 100 region = "north-america" @@ -45,9 +49,7 @@ job "docs" { # ... } - periodic { - # ... - } + vault_token = "a3594cbc-dee6-40cb-a9e9-59dd5abf8985" } ``` @@ -87,6 +89,11 @@ job "docs" { - `update` ([Update][update]: nil) - Specifies the task's update strategy. When omitted, rolling updates are disabled. +- `vault_token` `(string: "")` - Specifies the Vault token that proves the + submitter of the job has access to the specified policies in the + [`vault`][vault] stanza. This field is only used to transfer the token and is + not stored after Job submission. + ## `job` Examples ### Docker Container @@ -138,7 +145,44 @@ job "docs" { } resources { - cpu = 10 + cpu = 20 + } + } + } +} +``` + +### Secrets Job + +This example shows a job which retrieves secrets from Vault and writes those +secrets to a file on disk, which the application then consumes. Nomad handles +all interactions with Vault. + +```hcl +job "docs" { + datacenters = ["default"] + + vault_token = "a3594cbc-dee6-40cb-a9e9-59dd5abf8985" + + group "example" { + task "uptime" { + driver = "exec" + + config { + command = "cat local/secrets.txt" + } + + template { + data = "{{ secret \"secret/data\" }}" + destination = "local/secrets.txt" + } + + vault { + policies = ["secret-readonly"] + } + + resources { + cpu = 20 } } } @@ -151,5 +195,6 @@ job "docs" { [periodic]: /docs/job-specification/periodic.html "Nomad periodic Job Specification" [task]: /docs/job-specification/task.html "Nomad task Job Specification" [update]: /docs/job-specification/update.html "Nomad update Job Specification" +[vault]: /docs/job-specification/vault.html "Nomad vault Job Specification" [meta]: /docs/job-specification/meta.html "Nomad meta Job Specification" [scheduler]: /docs/runtime/schedulers.html "Nomad Scheduler Types" diff --git a/website/source/docs/job-specification/logs.html.md b/website/source/docs/job-specification/logs.html.md index d8e1d4a1e..c138d077f 100644 --- a/website/source/docs/job-specification/logs.html.md +++ b/website/source/docs/job-specification/logs.html.md @@ -79,4 +79,4 @@ logs { } ``` -[logs-command]: /docs/commands/logs.html "nomad logs command" +[logs-command]: /docs/commands/logs.html "Nomad logs command" diff --git a/website/source/docs/job-specification/task.html.md b/website/source/docs/job-specification/task.html.md index f241c31d4..330ab84d8 100644 --- a/website/source/docs/job-specification/task.html.md +++ b/website/source/docs/job-specification/task.html.md @@ -111,7 +111,7 @@ task "server" { } resources { - cpu = 10 + cpu = 20 } } ``` @@ -140,7 +140,7 @@ task "server" { } resources { - cpu = 10 + cpu = 20 } } ```