Kubernetes orchestrates containers. Nomad orchestrates anything β containers, VMs, Java JARs, raw binaries. This fundamental difference drives the complexity and capability trade-off.
Architecture
Kubernetes
Kubernetes is a container-only orchestrator with a rich ecosystem:
- API server, scheduler, controller manager, etcd
- kubelet on every node
- Container runtime (containerd/CRI-O)
- CNI plugin for networking
- CRDs for extensibility
- Massive ecosystem of operators and tools
Nomad
Nomad is a multi-workload scheduler with minimal dependencies:
- Single binary (server + client modes)
- No etcd β built-in Raft consensus
- Task drivers: Docker, Podman, exec, Java, QEMU, raw_exec
- Optional Consul integration for service discovery
- Optional Vault integration for secrets
Feature comparison
| Feature | Kubernetes | Nomad |
|---|---|---|
| Workload types | Containers only | Containers, VMs, binaries, JARs |
| Binary | Multiple components | Single binary |
| Complexity | High (steep learning curve) | Low-moderate |
| Scheduling | Pod-level | Task group-level |
| Networking | CNI plugins (complex) | Bridge, host, or Consul Connect |
| Service mesh | Istio, Cilium, Linkerd | Consul Connect |
| Service discovery | DNS, Services | Consul (external) |
| Secrets | Kubernetes Secrets, CSI | Vault (external) |
| Storage | PV/PVC, CSI drivers | Host volumes, CSI |
| Autoscaling | HPA, VPA, KEDA, Karpenter | Nomad Autoscaler |
| Multi-region | Federation (complex) | Built-in (native) |
| Ecosystem | Massive (CNCF) | Smaller (HashiCorp) |
| Windows | Yes (limited) | Yes (native) |
| GPU scheduling | Device plugins | Device plugins |
| License | Apache 2.0 | BSL 1.1 |
Job definitions
Kubernetes
apiVersion: apps/v1
kind: Deployment
metadata:
name: web
spec:
replicas: 3
selector:
matchLabels:
app: web
template:
metadata:
labels:
app: web
spec:
containers:
- name: web
image: nginx:alpine
ports:
- containerPort: 80
resources:
requests:
cpu: 100m
memory: 128Mi
---
apiVersion: v1
kind: Service
metadata:
name: web
spec:
selector:
app: web
ports:
- port: 80Kubernetes needs a Deployment + Service + potentially Ingress, NetworkPolicy, HPA, PDB β multiple resources for one workload.
Nomad
job "web" {
datacenters = ["dc1"]
type = "service"
group "web" {
count = 3
network {
port "http" { to = 80 }
}
service {
name = "web"
port = "http"
provider = "consul"
}
task "nginx" {
driver = "docker"
config {
image = "nginx:alpine"
ports = ["http"]
}
resources {
cpu = 100
memory = 128
}
}
}
}Nomad defines everything in one file β networking, service registration, and workload. Simpler, but fewer features.
Multi-workload scheduling (Nomad advantage)
Nomad can schedule non-container workloads:
# Run a Java application
task "api" {
driver = "java"
config {
jar_path = "local/app.jar"
jvm_options = ["-Xmx512m"]
}
}
# Run a raw binary
task "worker" {
driver = "raw_exec"
config {
command = "/usr/local/bin/worker"
args = ["--config", "/etc/worker.toml"]
}
}
# Run a QEMU virtual machine
task "legacy" {
driver = "qemu"
config {
image_path = "local/legacy-app.qcow2"
accelerator = "kvm"
}
}Kubernetes cannot do this without heavy lifting (KubeVirt for VMs, custom operators for bare processes).
Operational complexity
| Aspect | Kubernetes | Nomad |
|---|---|---|
| Install | kubeadm (multi-step) or managed | Single binary, one config |
| Upgrade | Rolling control plane + nodes | Rolling binary replacement |
| Debugging | kubectl describe, logs, events | nomad alloc status, logs |
| Networking | CNI plugins (Cilium, Calico) | Simple bridge or host networking |
| Certificate management | Complex (kubeadm certs, cert-manager) | Built-in TLS |
| Learning curve | 6-12 months to proficiency | 1-3 months |
Nomad is genuinely simpler to operate. A production Nomad cluster can be maintained by a small team that would struggle with Kubernetes.
Ecosystem
This is Kubernetesβ decisive advantage:
| Category | Kubernetes | Nomad |
|---|---|---|
| Operators/CRDs | 1,000+ | None (no CRD concept) |
| Monitoring | Prometheus, Datadog, Grafana | Prometheus, Datadog |
| GitOps | ArgoCD, Flux | Levant (limited) |
| Service mesh | Istio, Cilium, Linkerd | Consul Connect |
| Managed offerings | EKS, GKE, AKS, DOKS | HCP Nomad (limited) |
| Job market | Massive demand | Niche |
| Community | CNCF (vendor-neutral) | HashiCorp (BSL license) |
If you need an operator for PostgreSQL, Redis, Kafka, or any other stateful workload β Kubernetes has it. Nomad does not have an operator pattern.
Decision guide
Choose Kubernetes when:
- You run containers in production at scale
- You need the ecosystem β operators, CRDs, managed services
- Your team has or is willing to invest in Kubernetes expertise
- You need managed Kubernetes (EKS, GKE, AKS)
- Industry standard matters for hiring and tooling
- You need advanced networking (service mesh, network policies)
Choose Nomad when:
- You orchestrate mixed workloads β containers + VMs + binaries
- Simplicity is a priority and your team is small
- You already use the HashiCorp stack (Consul, Vault, Terraform)
- Multi-region scheduling is a core requirement
- You have legacy applications that cannot be containerized
- You want a working orchestrator in days, not months


