Merge pull request #3874 from hashicorp/docs-runner-config

Add docs example for workspace-scoped runner config
hashicorp · Sep 15, 2022 · 025c3dc · 025c3dc
2 parents d864bee + b30d5a6
commit 025c3dc
Showing 1 changed file with 32 additions and 1 deletion.
diff --git a/website/content/docs/runner/config.mdx b/website/content/docs/runner/config.mdx
@@ -20,7 +20,7 @@ You can set environment variables using [`waypoint config`](/commands/config-set
 with the `-runner` flag:
 
 ```shell-session
-$ waypoint config set -runner AWS_ACCESS_KEY_ID=abcd AWS_SECRET_ACCESS_KEY=1234
+$ waypoint config set -runner -scope=global AWS_ACCESS_KEY_ID=abcd AWS_SECRET_ACCESS_KEY=1234
 ```
 
 This will expose these environment variables on every runner (including
@@ -30,6 +30,10 @@ an empty value. You may view the set of runner configuration values using
 
 ```shell-session
 $ waypoint config get -runner
+   SCOPE  |    NAME               | VALUE | WORKSPACE | LABELS
+----------+-----------------------+-------+-----------+---------
+  global  | AWS_ACCESS_KEY_ID     | abcd  |           |
+  global  | AWS_SECRET_ACCESS_KEY | 1234  |           |
 ```
 
 ~> **Security note:** These configuration values are stored as plaintext in the
@@ -42,6 +46,33 @@ You can use the `-scope` flag paired with flags such as `-project`,
 available within certain scoped situations. Variables are otherwise server
 global by default.
 
+Consider an example where you're using a `dev` and a `prod` workspace in Waypoint.
+These workspaces match up to your `dev` and `prod` environments.
+For this example, let's assume that you use Nomad (with an ACL-enabled cluster), and
+your `dev` and `prod` environments are separated into different namespaces by the name names. These two different workspaces need to be configured by Waypoint to deploy
+to the proper environments in Nomad.
+To accomplish this, you would set your runner config to use workspace-scoped
+config: a Nomad token with permissions to submit jobs to the `dev` namespace
+is used for the `dev` Waypoint workspace, and another token with permissions to
+submit jobs to the `prod` namespace for the `prod` Waypoint workspace. Here's what
+that could look like:
+
+```shell-session
+$ waypoint config set -runner -workspace-scope=dev NOMAD_TOKEN=abc123
+
+$ waypoint config set -runner -workspace-scope=prod NOMAD_TOKEN=def456
+
+$ waypoint config get -runner
+   SCOPE  |    NAME     |                VALUE                 | WORKSPACE | LABELS
+----------+-------------+--------------------------------------+-----------+---------
+  project | NOMAD_TOKEN | abc123                               | dev       |
+  project | NOMAD_TOKEN | def456                               | prod      |
+
+```
+
+With configurations set in this way, operations executed in a given workspace will
+use the `NOMAD_TOKEN` configured for the corresponding environment automatically.
+
 ### Via the `waypoint.hcl` File
 
 Environment variables for runners can also be set via the `waypoint.hcl`