HashiCorp Nomad - Kubernetes Alternative Without the YAML Hell

Nomad is what happens when someone looks at Kubernetes and says "there has to be a better way." It's a workload scheduler that doesn't require a PhD to operate. You download one 40MB binary, run it, and you're orchestrating workloads. No masters, no etcd clusters, no networking plugins that break when you look at them funny.

Three years in production taught me this shit: Nomad isn't perfect, but it's not trying to be everything to everyone.

What Actually Works (The Good Stuff)

Single Binary Deployment Actually Works

When they say single binary, they mean it. No control plane nodes, no separate databases, no "oh shit the etcd cluster is corrupted" during weekend emergencies. You literally copy one file and run it. The binary contains everything: scheduler, API server, the works.

I've deployed this thing dozens of times - the architecture is stupidly simple because one binary handles everything from job scheduling to API serving.

The catch? You still need Consul for service discovery if you want anything beyond basic scheduling. So it's really a two-binary setup, and Consul can fuck up your entire service discovery when it goes down.

Multi-Workload Support

This is Nomad's killer feature. You can schedule Docker containers, raw binaries, Java applications, and even QEMU VMs from the same scheduler. Perfect for legacy applications that you can't containerize yet.

I've used this to gradually migrate a legacy Java monolith alongside new microservices. The Java driver lets you deploy JAR files directly without Docker overhead.

Docker, raw binaries, JVMs, QEMU VMs - all managed by the same scheduler. No other orchestrator does this shit.

HCL Configuration

Job specs use HashiCorp Configuration Language instead of YAML. It's like Terraform but for workloads. Variables, conditionals, and loops actually work. No more copying YAML blocks and praying you got the indentation right.

job "web-app" {
  datacenters = ["dc1"]
  type = "service"
  
  group "web" {
    count = 3
    
    task "nginx" {
      driver = "docker"
      
      config {
        image = "nginx:1.20"
        ports = ["http"]
      }
      
      resources {
        cpu    = 500
        memory = 256
      }
    }
  }
}

Reasonable Resource Overhead

A Nomad server uses about 100MB of RAM. I've seen Kubernetes control plane nodes eat 2GB+ just sitting there doing nothing. Client nodes add maybe 50MB overhead - way better than K8s worker node overhead.

The Shit That Will Bite You (Reality Check)

Smaller Ecosystem

The Kubernetes ecosystem is massive. Nomad's is... not. Need a specific storage plugin? Probably doesn't exist. Want that cool new observability tool? It has a Kubernetes operator, not a Nomad job.

This matters more than you think. Half the time I spend on Kubernetes deployments is finding and configuring existing tools. With Nomad, I often build solutions from scratch.

Networking Can Be Painful

Nomad doesn't include a networking solution. You need Consul Connect for service mesh, or you're back to managing iptables rules and load balancer configs manually. The CNI integration works but requires external CNI plugins.

Learning Curve Still Exists

Yeah, it's easier than Kubernetes. But it's still not easy. You still need to understand distributed systems concepts, resource scheduling, and networking. The documentation assumes you know what you're doing.

Architecture That Actually Makes Sense

Basic topology

Server nodes (the brains) schedule work onto client nodes (the muscle). Regions organize datacenters geographically.

Server Nodes

are where the brains live. I run 3-5 in production for leader election and state management. They're just Nomad processes with -server flag. No separate control plane complexity to fuck with.

Client Nodes

run your actual workloads. Any machine can be a client - cloud instances, bare metal, hell I've even used my laptop for testing. Clients register with servers and receive job allocations.

Regions and Datacenters

let you organize things geographically. I run separate regions for us-east and eu-west, with multiple datacenters per region. Cross-region job federation actually works, unlike some other tools I could mention.

IBM Acquisition Impact

As of February 2025, IBM completed its acquisition of HashiCorp for $6.4 billion. The open-source versions remain available, but enterprise pricing is now IBM pricing. If you're planning large deployments, factor in IBM's traditional licensing costs.

The good news: IBM has enterprise connections and deep pockets. The bad news: IBM has that enterprise pricing that makes you want to cry and sales cycles longer than a Kubernetes upgrade.

Installation: It's Easy Until It's Not

Getting Nomad running is genuinely simple. Download the binary, make it executable, run it. No apt-get install kubernetes-control-plane-nightmare needed.

## This actually works
wget https://releases.hashicorp.com/nomad/1.10.5/nomad_1.10.5_linux_amd64.zip
unzip nomad_1.10.5_linux_amd64.zip
chmod +x nomad
./nomad agent -dev

The development mode works great for learning. Single node, no configuration files, data stored in /tmp. It'll be gone when you reboot, which is probably what you want for testing.

What the docs don't tell you: Sure, it's one binary, but your first production deploy will fail spectacularly because of these gotchas:

• File descriptor limits - Learned this during a midnight production failure when jobs started failing with "too many open files"
• Systemd logs filling /var/log - Default log level is DEBUG, which will eat your disk space in days
• Clock drift between nodes - More than 100ms skew and cluster formation breaks randomly
• Firewall bullshit - 4646 (HTTP), 4647 (RPC), 4648 (Serf). Miss one and spend hours debugging "connection refused"
• Consul dependency hell - Yeah, that "single binary" needs Consul for anything real

Job Deployment: HCL Beats YAML But Still Has Gotchas

The web UI shows job status, resource usage, and logs. Not fancy, but functional enough for debugging deployments.

Job specifications use HCL, which is infinitely better than YAML for anything complex. Variables work. Comments don't break parsing. You can actually debug syntax errors.

job "real-app" {
  datacenters = ["dc1", "dc2"]
  type = "service"
  
  # This works and makes sense
  constraint {
    attribute = "${attr.kernel.name}"
    value     = "linux"
  }
  
  group "web" {
    count = 3
    
    # Restart policy that doesn't hate you
    restart {
      attempts = 3
      interval = "30m"
      delay    = "15s"
      mode     = "fail"
    }
    
    task "nginx" {
      driver = "docker"
      
      config {
        image = "nginx:1.25"
        ports = ["http"]
      }
      
      # Resource allocation that's actually useful
      resources {
        cpu    = 500  # MHz, not some abstract unit
        memory = 512  # MB, not requests/limits confusion
      }
      
      # Health check that works
      service {
        name = "web"
        port = "http"
        
        check {
          type     = "http"
          path     = "/health"
          interval = "10s"
          timeout  = "3s"
        }
      }
    }
  }
}

Real deployment failures I've experienced:

• Dynamic port allocation nightmare - Works in dev, fails in prod when AWS security groups block random high ports
• Docker auth token expiry - Private registry auth breaks during critical deployments, all new deployments fail with cryptic "pull access denied"
• Memory allocation math - Nomad reserves exactly what you ask for. Request 512MB for a 300MB app? Waste 212MB per task
• Rolling update deadlock - Version 1.8.x had a bug where rolling updates could deadlock if you hit resource limits during deployment
• NFS mount failures - Host volumes on NFS break spectacularly when network hiccups. Learned this during a critical deploy

Real-World Use Cases Where Nomad Shines

Edge Computing - Cloudflare runs Nomad on 200+ edge locations because it's lightweight and handles network partitions well. When your edge nodes have 4GB RAM total, every MB matters.

Cloudflare proves the edge computing point: when you're running on limited hardware across 200+ locations, every megabyte of overhead matters.

Legacy Migration - I've used Nomad to orchestrate a mix of:

• New Docker microservices
• Legacy JAR files via the Java driver
• VM-based databases that can't be containerized yet
• Batch processing scripts that run on raw metal

This mixed workload capability is Nomad's killer feature. Try doing that with Kubernetes.

Batch Processing - Scientific computing loves Nomad. Submit thousands of compute jobs, let the scheduler handle placement. The parameterized jobs feature is perfect for parallel processing workloads.

Jobs go through simple states: pending → running → complete/failed. No complex pod phases or restart policies to decipher.

Small Teams - When you have 2-3 engineers and need orchestration but can't dedicate someone to become a Kubernetes expert. Nomad's operational overhead is manageable for small teams.

Enterprise: When You Need IBM-Level Support

Nomad Enterprise adds features that matter for large deployments:

• Multi-region federation - Actually works, unlike some DIY federation attempts
• Advanced autoscaling - Automatically add/remove nodes based on job queue
• Audit logging - For when compliance asks "who deployed what when"
• Governance policies - Prevent developers from requesting 64GB RAM for their hello-world service

Pricing Reality: IBM owns HashiCorp now, so expect enterprise-grade pricing. Budget $50-100 per node per month for enterprise features. The trial program lets you test before committing.

The HashiCorp Ecosystem (When It Works)

Consul Integration - Service discovery that actually works. Jobs register automatically, health checks propagate, DNS queries return healthy endpoints. This is where the "single binary" claim falls apart - you need Consul for any real deployment.

Vault Integration - Secret management with dynamic credentials. Your app gets a database password that expires in 1 hour. When it works, it's magical. When Vault is down, nothing starts.

Monitoring Reality - Prometheus integration works well. Nomad exposes metrics, Consul provides service discovery for scraping. I've had good luck with Grafana dashboards from the community.

The community Grafana dashboards work well once you get telemetry configured properly.

Third-party Tools - The ecosystem is smaller but focused. Nomad Pack provides reusable job templates. Levant handles deployments with templating. Terraform manages the infrastructure.

What Actually Breaks in Production (War Stories)

Three years of production Nomad means I've seen some shit:

1. Client disconnections during AWS maintenance - Network hiccups trigger mass job rescheduling. Tuesday morning becomes a shitshow when AWS decides to "improve" their networking
2. Resource exhaustion from rogue batch jobs - One asshole's ETL job fills /tmp with 100GB of files, crashes Docker daemon, kills every container on the node
3. Docker daemon memory leaks - Version 20.10.8 had a memory leak that would slowly consume all host RAM. Learned this when monitoring alerts went nuts during dinner
4. Consul brain split during network partition - Lost half our service discovery for 2 hours. Apps couldn't find databases, users couldn't reach apps, everyone panicked
5. Overly specific constraints creating scheduling deadlocks - "Must run on nodes with GPU AND SSD AND at least 16GB RAM" sounds smart until no nodes match

The shit actually works better than Kubernetes for debugging though. When something breaks, you can actually figure out why without a PhD in container orchestration.