Using Nomad When You Don’t Know You Need It

Many teams jump straight into Kubernetes because it feels like the industry standard, but the truth is that not everyone needs that level of complexity—especially when starting out. HashiCorp Nomad offers a simpler, flexible, and far more approachable way to orchestrate workloads, yet so many practitioners don’t realize that Nomad may actually be the tool they need first.

This session introduces Nomad from a beginner’s perspective. It explains what Nomad is, why it exists, and how it helps teams run applications without fighting operational overhead. Nomad handles container workloads, batch jobs, binaries, stateful services, and legacy applications in one unified system. This makes it a powerful tool for small teams, growing startups, engineers learning orchestration for the first time, or organizations who want reliability without maintaining a full Kubernetes ecosystem.

The talk walks through the core ideas behind Nomad, including how its scheduler works, how services are distributed across nodes, and how it integrates naturally with Consul and Vault. It highlights how Nomad simplifies common deployment challenges, reduces infrastructure friction, and gives teams predictable and secure operations with minimal setup.

Attendees will leave with a clear understanding of why Nomad is a great starting point for engineers exploring orchestration, how it can grow with their infrastructure, and why Nomad might already be solving problems they didn’t know they had. The goal is to make Nomad feel accessible, practical, and even exciting for anyone encountering it for the first time.

Golden images made simple – Automating infrastructure with HashiCorp Packer and HCP Packer Registry

In modern cloud environments, consistency and security are critical, yet many teams still rely on manual image creation or scattered automation scripts. This often leads to configuration drift, outdated software, and challenges in scaling infrastructure. HashiCorp Packer solves this problem by enabling teams to create automated, reproducible machine images across multiple clouds. With Packer, you can build golden images that are preconfigured, secured, and ready to be deployed in any environment.

But building images is only half of the story. Managing and sharing them across teams, environments, and regions can be just as complex. This is where HCP Packer Registry comes in. By integrating Packer with HCP Packer, you gain a central service to track image versions, manage lifecycle stages, and promote builds across channels like development, staging, and production. This eliminates the need to hardcode AMI IDs or manually distribute image references. Instead, Terraform and other automation tools can consume the latest approved image directly from HCP.

In this session, I will walk through how to create golden images using Packer, push image metadata into HCP Packer Registry, and integrate this workflow into Terraform for seamless deployments. Attendees will learn how to standardize infrastructure, strengthen security posture, and simplify cross-cloud image management with a practical, demo-driven approach.

Set up secure secret management: Vault, Packer, Terraform, GCP, Kubernetes

In today's cloud-native ecosystem, managing sensitive information such as API keys, passwords, and certificates securely is paramount. This talk delves into the integration of robust secret management practices using HashiCorp Vault, Packer, and Terraform within a Google Cloud Platform (GCP) and Kubernetes environment. Attendees will learn how to set up a secure secret management pipeline that ensures secrets are stored, accessed, and rotated securely.

The session will cover the deployment of Vault as a centralized secrets manager, the use of Packer to create secure machine images, and Terraform for infrastructure as code to automate and enforce security policies. Additionally, we'll explore how to seamlessly integrate these tools with Kubernetes to manage secrets at the application level, ensuring a secure and scalable cloud infrastructure. Whether you're a DevOps engineer, cloud architect, or security professional, this talk will provide you with practical insights and best practices to enhance your secret management strategy.

Attendees will gain a deep understanding of key concepts like auto unseal and manual unseal, exploring their configurations and use cases. The session will highlight practical implementations tailored to meet compliance requirements and show how Vault can simplify secret management in hybrid and multi-cloud environments.

By the end of this talk, participants will walk away with actionable insights on setting up and securing their secret management systems, as well as tools and techniques to ensure scalability and maintain compliance.

Technical Requirements:

Basic understanding of cloud computing, Kubernetes, and infrastructure-as-code (IaC) tools. A Google Cloud Platform (GCP) account with billing enabled. Packer, Terraform, and kubectl installed on your local machine. HashiCorp Vault CLI installed for testing and interaction.

Outline

1. Why We Need Vault:
Importance of secure secret management.
Risks of hardcoding secrets or using insecure storage.
Benefits of using HashiCorp Vault for dynamic secrets, encryption, and access control.

2. Creating a Hardened Vault Image with Packer:
Walkthrough of the Packer template and shell script.
Best practices for hardening the VM image.
Storing the image in GCP for reuse.

3. Configuring Vault for Auto-Unseal Using GCP KMS:
Explanation of Vault's sealing/unsealing mechanism.
Setting up GCP KMS for auto-unseal.
Modifying the Vault configuration (`config.hcl`) to enable auto-unseal.

4. Terraform Setup for the Environment:
Explanation of Terraform files to deploy the hardened Vault image.
Creating a managed instance group, autoscaling group, and load balancer.
Applying the Terraform configuration to provision the infrastructure.

5. Service Account and ClusterRoleBinding in Kubernetes:
Creating a Kubernetes service account for Vault.
Defining a ClusterRoleBinding to grant necessary permissions.
Ensuring secure access to the Kubernetes cluster.

6. Role and Policy for Vault Authentication:
Configuring Vault roles and policies for Kubernetes authentication.
Testing the authentication flow.
Ensuring least privilege access for applications.

7. Uploading Your Secrets:
Demonstrating how to store and retrieve secrets in Vault.

8. Closing:
All code snippets and configuration files will be shared via a GitHub repository for easy access.