Working Nomad+Consul TLS
This commit is contained in:
parent
de1f64679e
commit
1c3551b06b
GPG key ID:
E9602264D639FF68
3 changed files with 45 additions and 14 deletions
|
|
@ -3,5 +3,4 @@
|
|||
set -euxo pipefail
|
||||
|
||||
go build
|
||||
cat $SECRET_PATH
|
||||
echo "done" >&2
|
||||
|
|
|
|||
|
|
@ -140,7 +140,7 @@ See this v1.0 as a MVP that will serve Deuxfleurs needs,
|
|||
nothing more. Don't have any expectation in term
|
||||
of code quality, abstraction or anything else.
|
||||
|
||||
- [ ] Read Nomad+Consul config from environment variables
|
||||
- [X] Read Nomad+Consul config from environment variables
|
||||
- [X] Inject secrets only when the sender is trusted
|
||||
- [ ] Test PR behavior
|
||||
|
||||
|
|
|
|||
56
main.go
56
main.go
|
|
@ -338,39 +338,71 @@ var NomadClient *nomad.Client
|
|||
var ConsulClient *consul.Client
|
||||
|
||||
type config struct {
|
||||
AlbatrosURL string `env:"ALBATROS_URL,required"`
|
||||
// @TODO get nomad config from env
|
||||
// @TODO get consul config from env
|
||||
AlbatrosURL string `env:"ALBATROS_URL,required"`
|
||||
NomadAddr string `env:"NOMAD_ADDR"`
|
||||
NomadClientCert string `env:"NOMAD_CLIENT_CERT"`
|
||||
NomadClientKey string `env:"NOMAD_CLIENT_KEY"`
|
||||
NomadCACert string `env:"NOMAD_CACERT"`
|
||||
ConsulAddr string `env:"CONSUL_HTTP_ADDR"`
|
||||
ConsulClientCert string `env:"CONSUL_CLIENT_CERT"`
|
||||
ConsulClientKey string `env:"CONSUL_CLIENT_KEY"`
|
||||
ConsulCACert string `env:"CONSUL_CACERT"`
|
||||
}
|
||||
|
||||
var GlobalConfig config
|
||||
|
||||
func main() {
|
||||
var err error
|
||||
|
||||
// init config
|
||||
if err = env.Parse(&GlobalConfig); err != nil {
|
||||
func initConfig() {
|
||||
if err := env.Parse(&GlobalConfig); err != nil {
|
||||
log.Fatal(fmt.Sprintf("unable to parse config, error: %+v\n", err))
|
||||
return
|
||||
}
|
||||
log.Printf("Albatros public URL: %s\n", GlobalConfig.AlbatrosURL)
|
||||
if GlobalConfig.NomadAddr != "" {
|
||||
isTLS := GlobalConfig.NomadClientCert != "" && GlobalConfig.NomadClientKey != "" && GlobalConfig.NomadCACert != ""
|
||||
log.Printf("Nomad URL: %s, TLS: %t\n", GlobalConfig.NomadAddr, isTLS)
|
||||
} else {
|
||||
log.Println("Use Nomad default configuration")
|
||||
}
|
||||
if GlobalConfig.ConsulAddr != "" {
|
||||
isTLS := GlobalConfig.ConsulClientCert != "" && GlobalConfig.ConsulClientKey != "" && GlobalConfig.ConsulCACert != ""
|
||||
log.Printf("Consul URL: %s, TLS: %t\n", GlobalConfig.ConsulAddr, isTLS)
|
||||
} else {
|
||||
log.Println("Use Consul default configuration")
|
||||
}
|
||||
}
|
||||
|
||||
// init nomad
|
||||
func initNomad() {
|
||||
var err error
|
||||
nomadConfig := nomad.DefaultConfig()
|
||||
nomadConfig.Namespace = "ci"
|
||||
nomadConfig.Address = GlobalConfig.NomadAddr
|
||||
nomadConfig.TLSConfig.CACert = GlobalConfig.NomadCACert
|
||||
nomadConfig.TLSConfig.ClientCert = GlobalConfig.NomadClientCert
|
||||
nomadConfig.TLSConfig.ClientKey = GlobalConfig.NomadClientKey
|
||||
NomadClient, err = nomad.NewClient(nomadConfig)
|
||||
if err != nil {
|
||||
log.Fatal("Unable to connect to Nomad, check your config and setup")
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
// init consul
|
||||
func initConsul() {
|
||||
var err error
|
||||
consulConfig := consul.DefaultConfig()
|
||||
consulConfig.Address = GlobalConfig.ConsulAddr
|
||||
consulConfig.TLSConfig.CAFile = GlobalConfig.ConsulCACert
|
||||
consulConfig.TLSConfig.CertFile = GlobalConfig.ConsulClientCert
|
||||
consulConfig.TLSConfig.KeyFile = GlobalConfig.ConsulClientKey
|
||||
ConsulClient, err = consul.NewClient(consulConfig)
|
||||
if err != nil {
|
||||
log.Fatal("Unable to connect to Consul, check your config and setup")
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
func main() {
|
||||
var err error
|
||||
initConfig()
|
||||
initNomad()
|
||||
initConsul()
|
||||
|
||||
// init webserver
|
||||
http.HandleFunc("/hook", hook)
|
||||
|
|
|
|||
Loading…
Reference in a new issue