Hashicorp's Nomad template explanation

Question

With Hashicorp Nomad one can define a template through which a file can be created on a Docker containers storage - provided that `driver="docker". The template looks like the following:

template {
        data = <<EOF
{{ source from parameter store }}
EOF
        destination   = "secrets/certificate.pem"
      }

How is Nomad able to do such a thing confuses me. I want to achieve the same thing using Terraform while creating an ECS container definition and the only option I have is to create an EFS manually where I should load manually the secrets from the parameter store and then bind that volume via container definitions.

How does Nomad achieve that?

Answer 1

The Nomad template block actually works somewhat similarly to the EFS solution you described.

Here's how Nomad does it:

1. When Nomad schedules an allocation, it creates several directories on the host
2. The Nomad agent on the host runs consul-template to render any templates within the task directories on the host.
3. When Nomad starts a Docker container, it mounts the task directories inside the container, e.g. /data/nomad/alloc/<alloc-uuid>/alloc would be at /alloc in the container.

If you manage the Docker images you use with ECS, you could achieve similar behavior by setting the container entrypoint to use consul-templates's exec flag to wrap the container process. This would require consul-template to be installed at a known path in your container.