Skip to content

Scopes

Scopes provide shared configuration and infrastructure boundaries for groups of components.

Available Scopes

Scope Description
networkscope.nomad.oam.dev Network configuration
nodepool.nomad.oam.dev Node pool targeting
namespace.nomad.oam.dev Namespace isolation

Network Scope

Configures networking for all components in the application:

scopeRef:
  kind: networkscope.nomad.oam.dev
  name: production-network
properties:
  networkMode: bridge           # bridge, host, overlay
  subnet: 10.0.0.0/16         # Network subnet
  dnsServers:                 # DNS servers
    - 8.8.8.8
    - 8.8.4.4
  serviceMesh: true           # Enable Consul Connect
  connectSidecar: true        # Inject Connect sidecar

Network Modes

Mode Description
bridge Default Docker bridge networking
host Use host networking
overlay Use Nomad's overlay networking

Service Mesh

When serviceMesh: true, Consul Connect is enabled:

  • mTLS between services
  • Automatic sidecar injection
  • Service mesh policies

Node Pool Scope

Targets specific node pools and configures scheduling:

scopeRef:
  kind: nodepool.nomad.oam.dev
  name: compute-pool
properties:
  poolName: production-pool    # Node pool name
  datacenter:                  # Target datacenters
    - dc1
    - dc2
  nodeClass: compute-optimized # Node class
  constraints:                 # Additional constraints
    - attribute: "${meta.gpu}"
      operator: "="
      value: "true"

Constraint Operators

Operator Description
= Equals
!= Not equals
> Greater than
< Less than
>= Greater or equal
<= Less or equal
set_contains Set contains

Namespace Scope

Configures tenant isolation:

scopeRef:
  kind: namespace.nomad.oam.dev
  name: production-ns
properties:
  namespace: ecommerce-prod    # Nomad namespace
  quota: large-quota          # Resource quota

Using Scopes

Scopes are defined in the application spec:

apiVersion: core.oam.dev/v1alpha2
kind: Application
metadata:
  name: my-app
spec:
  components:
    - name: web
      type: webservice
      properties:
        image: nginx:latest

  scopes:
    - scopeRef:
        kind: networkscope.nomad.oam.dev
        name: production-network
      properties:
        networkMode: bridge
        serviceMesh: true

    - scopeRef:
        kind: nodepool.nomad.oam.dev
        name: compute-pool
      properties:
        poolName: production-pool
        datacenter:
          - dc1

    - scopeRef:
        kind: namespace.nomad.oam.dev
        name: prod-ns
      properties:
        namespace: myapp-prod

Scope Inheritance

Child components inherit scope settings unless explicitly overridden:

Application
├── Network Scope
│   └── All components use same network mode
├── Node Pool Scope
│   └── All components scheduled on same pool
└── Namespace Scope
    └── All components in same namespace