From 309fd37a189dff13978321a865bd8df7c75273d5 Mon Sep 17 00:00:00 2001 From: Aimee Ukasick Date: Thu, 23 Oct 2025 11:38:24 -0500 Subject: [PATCH 1/5] Add 1.11 release notes --- .../docs/release-notes/nomad/v1-11-x.mdx | 60 +++++++++++++++++++ website/data/docs-nav-data.json | 4 ++ 2 files changed, 64 insertions(+) create mode 100644 website/content/docs/release-notes/nomad/v1-11-x.mdx diff --git a/website/content/docs/release-notes/nomad/v1-11-x.mdx b/website/content/docs/release-notes/nomad/v1-11-x.mdx new file mode 100644 index 00000000000..66338f91a83 --- /dev/null +++ b/website/content/docs/release-notes/nomad/v1-11-x.mdx @@ -0,0 +1,60 @@ +--- +layout: docs +page_title: Nomad v1.11.x release notes +description: >- + HashiCorp Nomad version 1.11.x release notes. +--- + +# Nomad 1.11.x release notes + +We are pleased to announce the following Nomad updates. + +## 1.11.0 release highlights + +- **Client node identity**. Nomad's client node identity feature uniquely + identities each Nomad client node and provides an authentication mechanism for + nodes to make RPC calls to the Nomad servers. Refer to [Node identity](/docs/architecture/cluster/node-identity) for details. +- **Client node introduction**. Introduce Nomad clients to the cluster with a + token-based approach. Configure Nomad servers with introduction enforcement + levels that dictate how clients join the cluster. This approach results in logs and metrics to detail introduction violations. +- **Job specification secrets block**. Job Specification Secrets Block: A new + job specification block allows for fetching and interpolating secrets within + the specification. +- **System job deployment**. System Job Deployments: Job of type “system” now support deployment functionality. + +### Improvements + +- api: The `Evaluations.Info` method of the Go API now populates the `RelatedEvals` field. [[GH-26156](https://github.com/hashicorp/nomad/issues/26156)] +- build: Add tzdata to Docker container final image [[GH-26794](https://github.com/hashicorp/nomad/issues/26794)] +- build: Updated Go to 1.25.1 [[GH-26823](https://github.com/hashicorp/nomad/issues/26823)] +- cli: Add -preserve-resources flag for keeping resource block when updating jobs [[GH-26841](https://github.com/hashicorp/nomad/issues/26841)] +- cli: Added related evals and placed allocations tables to the eval status command, and exposed more fields without requiring the `-verbose` flag. [[GH-26156](https://github.com/hashicorp/nomad/issues/26156)] +- config: Added job_max_count option to limit number of allocs for a single job [[GH-26858](https://github.com/hashicorp/nomad/issues/26858)] +- consul connect: Allow cni/- network mode; use at your own risk [[GH-26449](https://github.com/hashicorp/nomad/issues/26449)] +- install (Enterprise): Updated license information displayed during post-install [[GH-26791](https://github.com/hashicorp/nomad/issues/26791)] +- metrics: Reduce memory usage on the Nomad leader for collecting eval broker metrics. [[GH-26737](https://github.com/hashicorp/nomad/issues/26737)] +- scheduler: Add reconciler annotations to the output of the `eval status` command [[GH-26188](https://github.com/hashicorp/nomad/issues/26188)] +- scheduler: Debug-level logs emitted by the scheduler are now single-line structured logs [[GH-26169](https://github.com/hashicorp/nomad/issues/26169)] +- scheduler: For service and batch jobs, the scheduler no longer includes stops for already-stopped canaries in plans it submits. [[GH-26292](https://github.com/hashicorp/nomad/issues/26292)] +- scheduler: For service and batch jobs, the scheduler treats a group.count=0 identically to removing the task group from the job, and will stop all non-terminal allocations. [[GH-26292](https://github.com/hashicorp/nomad/issues/26292)] + +### Breaking changes + +- metrics: Eval broker metrics that previously used the job ID as a label now use the parent ID of dispatch and periodic jobs [[GH-26737](https://github.com/hashicorp/nomad/issues/26737)] +- sysbatch: Submitting a sysbatch job with a `reschedule` block now returns an error instead of being silently ignored [[GH-26279](https://github.com/hashicorp/nomad/issues/26279)] + + +### Upgrade details + +For more detailed information, refer to the [upgrade details +page][upgrade] and the [GitHub releases changelogs][github-releases]. + + +### Changelog + +- [v1.11.0](https://github.com/hashicorp/nomad/releases/tag/v1.11.0) + + + +[upgrade]: /nomad/docs/upgrade/upgrade-specific#nomad-1-11-0 +[github-releases]: https://github.com/hashicorp/nomad/releases/ diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json index 4327e55c23c..f1e4f29b97c 100644 --- a/website/data/docs-nav-data.json +++ b/website/data/docs-nav-data.json @@ -572,6 +572,10 @@ "title": "Upcoming", "path": "release-notes/nomad/upcoming" }, + { + "title": "v1.11.x", + "path": "release-notes/nomad/v1-11-x" + }, { "title": "v1.10.x", "path": "release-notes/nomad/v1-10-x" From 77742f9bb1afc7433fa9d6406296e6829e96cbd6 Mon Sep 17 00:00:00 2001 From: Aimee Ukasick Date: Thu, 23 Oct 2025 12:05:53 -0500 Subject: [PATCH 2/5] add page description --- .../docs/release-notes/nomad/v1-11-x.mdx | 55 +++++++------------ 1 file changed, 19 insertions(+), 36 deletions(-) diff --git a/website/content/docs/release-notes/nomad/v1-11-x.mdx b/website/content/docs/release-notes/nomad/v1-11-x.mdx index 66338f91a83..a95dea4dfb2 100644 --- a/website/content/docs/release-notes/nomad/v1-11-x.mdx +++ b/website/content/docs/release-notes/nomad/v1-11-x.mdx @@ -2,7 +2,7 @@ layout: docs page_title: Nomad v1.11.x release notes description: >- - HashiCorp Nomad version 1.11.x release notes. + HashiCorp Nomad version 1.11.x release notes. Release highlights include client node identity, client node introduction, job specification secret block, and system job deployment support. --- # Nomad 1.11.x release notes @@ -16,45 +16,28 @@ We are pleased to announce the following Nomad updates. nodes to make RPC calls to the Nomad servers. Refer to [Node identity](/docs/architecture/cluster/node-identity) for details. - **Client node introduction**. Introduce Nomad clients to the cluster with a token-based approach. Configure Nomad servers with introduction enforcement - levels that dictate how clients join the cluster. This approach results in logs and metrics to detail introduction violations. -- **Job specification secrets block**. Job Specification Secrets Block: A new - job specification block allows for fetching and interpolating secrets within - the specification. -- **System job deployment**. System Job Deployments: Job of type “system” now support deployment functionality. - -### Improvements - -- api: The `Evaluations.Info` method of the Go API now populates the `RelatedEvals` field. [[GH-26156](https://github.com/hashicorp/nomad/issues/26156)] -- build: Add tzdata to Docker container final image [[GH-26794](https://github.com/hashicorp/nomad/issues/26794)] -- build: Updated Go to 1.25.1 [[GH-26823](https://github.com/hashicorp/nomad/issues/26823)] -- cli: Add -preserve-resources flag for keeping resource block when updating jobs [[GH-26841](https://github.com/hashicorp/nomad/issues/26841)] -- cli: Added related evals and placed allocations tables to the eval status command, and exposed more fields without requiring the `-verbose` flag. [[GH-26156](https://github.com/hashicorp/nomad/issues/26156)] -- config: Added job_max_count option to limit number of allocs for a single job [[GH-26858](https://github.com/hashicorp/nomad/issues/26858)] -- consul connect: Allow cni/- network mode; use at your own risk [[GH-26449](https://github.com/hashicorp/nomad/issues/26449)] -- install (Enterprise): Updated license information displayed during post-install [[GH-26791](https://github.com/hashicorp/nomad/issues/26791)] -- metrics: Reduce memory usage on the Nomad leader for collecting eval broker metrics. [[GH-26737](https://github.com/hashicorp/nomad/issues/26737)] -- scheduler: Add reconciler annotations to the output of the `eval status` command [[GH-26188](https://github.com/hashicorp/nomad/issues/26188)] -- scheduler: Debug-level logs emitted by the scheduler are now single-line structured logs [[GH-26169](https://github.com/hashicorp/nomad/issues/26169)] -- scheduler: For service and batch jobs, the scheduler no longer includes stops for already-stopped canaries in plans it submits. [[GH-26292](https://github.com/hashicorp/nomad/issues/26292)] -- scheduler: For service and batch jobs, the scheduler treats a group.count=0 identically to removing the task group from the job, and will stop all non-terminal allocations. [[GH-26292](https://github.com/hashicorp/nomad/issues/26292)] - -### Breaking changes - -- metrics: Eval broker metrics that previously used the job ID as a label now use the parent ID of dispatch and periodic jobs [[GH-26737](https://github.com/hashicorp/nomad/issues/26737)] -- sysbatch: Submitting a sysbatch job with a `reschedule` block now returns an error instead of being silently ignored [[GH-26279](https://github.com/hashicorp/nomad/issues/26279)] - + levels that dictate how clients join the cluster. This approach results in + logs and metrics to detail introduction violations. Refer to `nomad agent` + command's [`-client-intro-token` + parameter](/nomad/commands/agent#client-intro-token) for more information. +- **Job specification secrets block**. Use the new [`secrets` + block](/nomad/docs/job-specification/secret) to fetch and interpolate secrets + from a specified location. Nomad automatically retrieves the contents of the + secret, which you may reference as a variable within the task specification. + Nomad provides built-in support to fetch secrets from Nomad and Vault. + Alternately, you may build your own custom secret provider. Refer to the + [Create a secret provider plugin](/nomad/plugins/author/secret-provider) guide + for more information. +- **System job deployment**. Jobs of type “system” now support deployment + functionality. You may now view system job deployment status in the web UI. ### Upgrade details -For more detailed information, refer to the [upgrade details -page][upgrade] and the [GitHub releases changelogs][github-releases]. - +Refer to the [upgrade details +page](/nomad/docs/upgrade/upgrade-specific#nomad-1-11-0) for more information. ### Changelog -- [v1.11.0](https://github.com/hashicorp/nomad/releases/tag/v1.11.0) - - +Review improvements, security fixes, and breaking changes in the changelog. -[upgrade]: /nomad/docs/upgrade/upgrade-specific#nomad-1-11-0 -[github-releases]: https://github.com/hashicorp/nomad/releases/ +- [v1.11.0](https://github.com/hashicorp/nomad/releases/tag/v1.11.0) From 497adcf1f208437823a41428e9e335a56d6f6c2d Mon Sep 17 00:00:00 2001 From: Aimee Ukasick Date: Thu, 23 Oct 2025 12:12:37 -0500 Subject: [PATCH 3/5] fix content-check failure --- website/content/docs/release-notes/nomad/v1-11-x.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/release-notes/nomad/v1-11-x.mdx b/website/content/docs/release-notes/nomad/v1-11-x.mdx index a95dea4dfb2..6b3cf83ca86 100644 --- a/website/content/docs/release-notes/nomad/v1-11-x.mdx +++ b/website/content/docs/release-notes/nomad/v1-11-x.mdx @@ -13,7 +13,7 @@ We are pleased to announce the following Nomad updates. - **Client node identity**. Nomad's client node identity feature uniquely identities each Nomad client node and provides an authentication mechanism for - nodes to make RPC calls to the Nomad servers. Refer to [Node identity](/docs/architecture/cluster/node-identity) for details. + nodes to make RPC calls to the Nomad servers. Refer to [Node identity](/nomad/docs/architecture/cluster/node-identity) for details. - **Client node introduction**. Introduce Nomad clients to the cluster with a token-based approach. Configure Nomad servers with introduction enforcement levels that dictate how clients join the cluster. This approach results in From 23e794193934415ebaf5cab06a4633f61c14ac63 Mon Sep 17 00:00:00 2001 From: Aimee Ukasick Date: Mon, 10 Nov 2025 13:16:43 -0600 Subject: [PATCH 4/5] update based on doc for Support --- .../docs/release-notes/nomad/v1-11-x.mdx | 118 +++++++++++++++--- 1 file changed, 99 insertions(+), 19 deletions(-) diff --git a/website/content/docs/release-notes/nomad/v1-11-x.mdx b/website/content/docs/release-notes/nomad/v1-11-x.mdx index 6b3cf83ca86..3fa8f04446f 100644 --- a/website/content/docs/release-notes/nomad/v1-11-x.mdx +++ b/website/content/docs/release-notes/nomad/v1-11-x.mdx @@ -11,25 +11,105 @@ We are pleased to announce the following Nomad updates. ## 1.11.0 release highlights -- **Client node identity**. Nomad's client node identity feature uniquely - identities each Nomad client node and provides an authentication mechanism for - nodes to make RPC calls to the Nomad servers. Refer to [Node identity](/nomad/docs/architecture/cluster/node-identity) for details. -- **Client node introduction**. Introduce Nomad clients to the cluster with a - token-based approach. Configure Nomad servers with introduction enforcement - levels that dictate how clients join the cluster. This approach results in - logs and metrics to detail introduction violations. Refer to `nomad agent` - command's [`-client-intro-token` - parameter](/nomad/commands/agent#client-intro-token) for more information. -- **Job specification secrets block**. Use the new [`secrets` - block](/nomad/docs/job-specification/secret) to fetch and interpolate secrets - from a specified location. Nomad automatically retrieves the contents of the - secret, which you may reference as a variable within the task specification. - Nomad provides built-in support to fetch secrets from Nomad and Vault. - Alternately, you may build your own custom secret provider. Refer to the - [Create a secret provider plugin](/nomad/plugins/author/secret-provider) guide - for more information. -- **System job deployment**. Jobs of type “system” now support deployment - functionality. You may now view system job deployment status in the web UI. +### Client node introduction and identity + +Nomad's client node identity feature uniquely identities each Nomad client node +and provides an authentication mechanism for nodes to make RPC calls to the +Nomad servers. + +Introduce Nomad clients to the cluster with JWT tokens. Configure +Nomad servers with introduction enforcement levels that dictate how clients join +the cluster. This approach results in logs and metrics to detail introduction +violations. Once registered, Nomad clients are now provided with an identity token, used for RPC communication which is periodically renewed. + +#### Relevant documentation + +- [Client node identity concepts](/nomad/docs/architecture/cluster/node-identity) +- [Client identity node pool TTL configuration option](/nomad/docs/other-specifications/node-pool#node_identity_ttl) +- [Client Introduction server configuration options](/nomad/docs/configuration/server#client_introduction-parameters) +- [Client introduction monitoring detail](/nomad/docs/monitor#client-introduction) +- [Client introduction agent CLI token flag](/nomad/commands/agent#client-intro-token) + +Commands: + +- [`nomad node intro create`](/nomad/commands/node/intro/create): Generates a node introduction token which is a signed JWT. +- [`nomad node identity get`](/nomad/commands/node/identity/get): View the identity claims for a node. +- [`nomad node identity renew`](/nomad/commands/node/identity/renew): Instruct a node to renew its identity of its next heartbeat. +- [`nomad node pool info`](/nomad/commands/node-pool/info): View the identity TTL for nodes in the provided pool. +- [`nomad operator client-state`](/nomad/commands/operator/client-state): View + the client persistent state in JSON, which includes the client identity. +- [`nomad agent` command's `-client-intro-token` parameter](/nomad/commands/agent#client-intro-token): Set the JWT token used to authenticate with servers during the client's initial registration. + +API: + +- [`/v1/acl/identity/client-introduction-token`](/nomad/api-docs/acl/identities#create-client-introduction-identity): Generates a node introduction token which is a signed JWT. +- [`/v1/client/identity`](/nomad/api-docs/client#read-a-node-s-identity-claims): View the identity claims for a node. +- [`/v1/client/identity/renew`](/nomad/api-docs/client#renew-a-node-s-identity): Instruct a node to renew its identity of its next heartbeat. +- [`/v1/node/pool/:node_pool`](/nomad/api-docs/node-pools#read-node-pool): View the identity TTL for nodes in the provided pool. + +### Artifact secrets + +Use the new job specification secrets block to fetch and interpolate secrets +from a specified location. Nomad automatically retrieves the contents of the +secret. In your task specification, reference the variable with +`${secret.secret_name.key}` format. + +Nomad provides built-in support to fetch secrets from Nomad and +Vault. Alternately, you may build your own custom secret provider. + +#### Relevant documentation + +- [Job specification `secret` block](/nomad/docs/job-specification/secret) +- [Secret provider plugin authoring guide](/nomad/plugins/author/secret-provider) + + +### System job deployments + +Jobs of type “system” now support deployment functionality, so you may roll out +job updates in a more controlled manner. Additionally, you may now view system +job deployment status in the web UI. + +#### Relevant documentation + +- [Job specification `update` block](/nomad/docs/job-specification/update) +- [Blue/Green deployment detail](/nomad/docs/job-declare/strategy/blue-green-canary) +- [`nomad deployment` commands](/nomad/commands/deployment) for interacting with Nomad job deployments + +### Scheduler improvements + +We improved Nomad's scheduler observability for job authors. + +#### Relevant documentation + +- [`nomad eval status` command](/nomad/commands/eval/status): View more details + on an evaluation including related evaluations, successful placements, + scheduler annotations, failed placements, and preemptions. + + - The **Plan Annotations** table represents the intended plan before Nomad + checks nodes for feasibility. This can help you narrow down where in the + scheduling pipeline unexpected results are coming from. + - The [Nomad repository scheduler + README](https://github.com/hashicorp/nomad/blob/main/scheduler/README.md) + has architectural details. +- [`nomad alloc status` command](/nomad/commands/alloc/status): When you run the + command with the `-verbose` flag, the output includes information about the + scheduler's placement decision, including the number of nodes evaluated and + rejected, and the scoring of each node considered. + +### Additional census usage metrics + +We added several Enterprise reporting metrics, which Nomad exports with Census. + +#### Relevant documentation + +- [Automated license utilization + reporting](/nomad/docs/enterprise/license/utilization-reporting) +- Agent reporting configuration [`disable_product_usage_reporting` + parameter](/nomad/docs/configuration/reporting#disable_product_usage_reporting): + Disable detailed product usage metrics. +- [`nomad operator utilization` command](/nomad/commands/operator/utilization): + If you have disabled automated reporting, use this command to manually + generate the report and send it to HashiCorp. ### Upgrade details From 7c447dedd02da552c87817a04df6684880849858 Mon Sep 17 00:00:00 2001 From: Aimee Ukasick Date: Mon, 10 Nov 2025 14:12:34 -0600 Subject: [PATCH 5/5] implemented Daniel's suggestions --- .../content/docs/release-notes/nomad/v1-11-x.mdx | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/website/content/docs/release-notes/nomad/v1-11-x.mdx b/website/content/docs/release-notes/nomad/v1-11-x.mdx index 3fa8f04446f..b7bd093b19d 100644 --- a/website/content/docs/release-notes/nomad/v1-11-x.mdx +++ b/website/content/docs/release-notes/nomad/v1-11-x.mdx @@ -17,10 +17,11 @@ Nomad's client node identity feature uniquely identities each Nomad client node and provides an authentication mechanism for nodes to make RPC calls to the Nomad servers. -Introduce Nomad clients to the cluster with JWT tokens. Configure -Nomad servers with introduction enforcement levels that dictate how clients join -the cluster. This approach results in logs and metrics to detail introduction -violations. Once registered, Nomad clients are now provided with an identity token, used for RPC communication which is periodically renewed. +Introduce Nomad clients to the cluster with JWT tokens. Configure Nomad servers +with introduction enforcement levels that dictate how clients join the cluster. +This approach results in logs and metrics to detail introduction violations. +Once registered, Nomad clients are now provided with an identity token, used for +RPC communication which is periodically renewed. #### Relevant documentation @@ -89,7 +90,7 @@ We improved Nomad's scheduler observability for job authors. checks nodes for feasibility. This can help you narrow down where in the scheduling pipeline unexpected results are coming from. - The [Nomad repository scheduler - README](https://github.com/hashicorp/nomad/blob/main/scheduler/README.md) + README](https://github.com/hashicorp/nomad/blob/v1.11.0/scheduler/README.md) has architectural details. - [`nomad alloc status` command](/nomad/commands/alloc/status): When you run the command with the `-verbose` flag, the output includes information about the @@ -98,7 +99,7 @@ We improved Nomad's scheduler observability for job authors. ### Additional census usage metrics -We added several Enterprise reporting metrics, which Nomad exports with Census. +We added several Enterprise reporting metrics. #### Relevant documentation