Skip to content

Scopes Guide

This guide covers using scopes to configure shared infrastructure and isolation.

Network Scope

Bridge Network Mode

scopes:
  - scopeRef:
      kind: networkscope.nomad.oam.dev
      name: bridge-network
    properties:
      networkMode: bridge

Host Network Mode

scopes:
  - scopeRef:
      kind: networkscope.nomad.oam.dev
      name: host-network
    properties:
      networkMode: host

Service Mesh

Enable Consul Connect for mTLS:

scopes:
  - scopeRef:
      kind: networkscope.nomad.oam.dev
      name: mesh-network
    properties:
      networkMode: bridge
      serviceMesh: true
      connectSidecar: true

Node Pool Scope

Basic Node Pool

scopes:
  - scopeRef:
      kind: nodepool.nomad.oam.dev
      name: production-pool
    properties:
      poolName: production-pool
      datacenter:
        - dc1

Multi-Region

scopes:
  - scopeRef:
      kind: nodepool.nomad.oam.dev
      name: multi-dc
    properties:
      poolName: production-pool
      datacenter:
        - dc1
        - dc2
      nodeClass: compute-optimized

With Constraints

scopes:
  - scopeRef:
      kind: nodepool.nomad.oam.dev
      name: gpu-pool
    properties:
      poolName: gpu-pool
      nodeClass: gpu
      constraints:
        - attribute: "${attr.nvidia.com/gpu}"
          operator: "="
          value: "1"
        - attribute: "${meta.instance_type}"
          operator: "="
          value: "g4dn.xlarge"

Namespace Scope

Basic Namespace

scopes:
  - scopeRef:
      kind: namespace.nomad.oam.dev
      name: production-ns
    properties:
      namespace: production

With Quota

scopes:
  - scopeRef:
      kind: namespace.nomad.oam.dev
      name: production-ns
    properties:
      namespace: production
      quota: production-quota

Combining Scopes

Multiple scopes can be applied to an application:

apiVersion: core.oam.dev/v1alpha2
kind: Application
metadata:
  name: production-app
spec:
  components:
    - name: web
      type: webservice
      properties:
        image: nginx:latest

    - name: api
      type: webservice
      properties:
        image: api:latest

  scopes:
    - scopeRef:
        kind: networkscope.nomad.oam.dev
        name: production-network
      properties:
        networkMode: bridge
        serviceMesh: true
        connectSidecar: true

    - scopeRef:
        kind: nodepool.nomad.oam.dev
        name: production-pool
      properties:
        poolName: production-pool
        datacenter:
          - dc1
          - dc2

    - scopeRef:
        kind: namespace.nomad.oam.dev
        name: production-ns
      properties:
        namespace: production
        quota: production-quota

Scope Inheritance

Child components inherit scope settings:

Application
├── Network Scope: bridge, serviceMesh=true
│   ├── Component 1 ──▶ Uses bridge network + Connect sidecar
│   └── Component 2 ──▶ Uses bridge network + Connect sidecar
├── Node Pool: production-pool
│   ├── Component 1 ──▶ Scheduled on production-pool
│   └── Component 2 ──▶ Scheduled on production-pool
└── Namespace: production
    ├── Component 1 ──▶ Runs in production namespace
    └── Component 2 ──▶ Runs in production namespace