When you deploy Nomad Jobs on a larger scale, you need to ensure that people follow naming conventions, make sure they include certain metadata or deploy only things that have jumped through all your security hoops.

Validation is one thing, but how do you deal with repetitive code throughout your jobs? Connecting to a database? Just set a vault policy, include an application specific environment variable block, maybe some TLS providing sidecar? Super simple....not. Sure, throw in yet another layer of templating, but this makes your HCL going to be HateCL.

The Nomad Admission Control Proxy (NACP) enforces conventions and hides complexity. It is based on the concept of Kubernetes' Admission Control. NACP is a gatekeeper placed in front of your Nomad API, mutating and validating incoming job requests.

You can configure any kind of remote webhook or use the embedded OPA engine that validates and transforms your Nomad Jobs.