open-nomad/website/source/docs/enterprise/sentinel/index.html.md
2017-11-17 14:52:41 -08:00

1 KiB

layout page_title sidebar_current description
docs Nomad Enterprise Sentinel Policy Enforcement docs-enterprise-sentinel Nomad Enterprise provides support for policy enforcement using Sentinel.

Nomad Enterprise Sentinel Policy Enforcement

In Nomad Enterprise, operators can create Sentinel policies for fine-grained policy enforcement. Sentinel policies build on top of the ACL system and allow operators to define fine-grained policies such as disallowing jobs to be submitted to production on Fridays. These extremely rich policies are defined as code. For example, to restrict jobs to only using the Docker driver, the operator would define and apply the following policy:

# Only allows Docker based tasks
main = rule { all_drivers_docker }

# all_drivers_docker checks that all the drivers in use are Docker
all_drivers_docker = rule {
    all job.task_groups as tg {
        all tg.tasks as task {
            task.driver is "docker"
        }
    }
}