forked from Deuxfleurs/infrastructure
WIP: working on sidecars, it fails
This commit is contained in:
parent
66818430bb
commit
213e42f4ad
5 changed files with 119 additions and 18 deletions
|
@ -11,15 +11,19 @@
|
|||
|
||||
* [x] Dummy HTTP server to have something to work with.
|
||||
* [x] Reverse-proxy/load-balancer: nginx is a good match for a one-node deployment. Installing it with Nomad/Consul will make me practice Consul Template etc.
|
||||
|
||||
SSL using nginx is pain. I undrstand the interest of traefik or fabio in that sense: their close collaboration with Nomad allow them to automate certificates generation.
|
||||
|
||||
Consequently, SSL is not supported at the moment. (It would be manual using nginx.)
|
||||
|
||||
* [x] Generate services configuration outside the nginx service definition.
|
||||
|
||||
Can't do because of *separation of concerns*: files needed by nginx need to be defined in the nginx job specification.
|
||||
|
||||
Solution: each new service needs to add its nginx configuration to `app/nginx/config`, plus a template stanza in `app/nginx/deploy/nginx.hcl`. Lame.
|
||||
Solution: each new web service needs:
|
||||
|
||||
* The services URL should be accessible from Consul using tags, instead of being hard-coded in configuration files.
|
||||
* The dummy HTTP server replicas must not be accessible through the Internet.
|
||||
* TLS: Let's Encrypt will probably be part of the same job definition as nginx.
|
||||
* an nginx configuration template at `app/nginx/config`
|
||||
* a template stanza in `app/nginx/deploy/nginx.hcl` to interpret the above template configuration. Which is lame.
|
||||
|
||||
2. Wiki installation
|
||||
|
||||
|
@ -27,7 +31,7 @@
|
|||
|
||||
* [x] Persistent data volume - using `host_volume` in the `client` config of Nomad (requires a restart, and it's not so fun to add volumes there).
|
||||
|
||||
* [ ] How can Postgres be its own job, while letting it talk to other jobs? With Consul Connect apparently.
|
||||
* [ ] How can Postgres be its own job, while not exposing it publicly and still letting it talk to other jobs? With Consul Connect apparently.
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -0,0 +1,65 @@
|
|||
job "countdash" {
|
||||
datacenters = ["dc1"]
|
||||
|
||||
group "api" {
|
||||
network {
|
||||
mode = "bridge"
|
||||
}
|
||||
|
||||
service {
|
||||
name = "count-api"
|
||||
port = "9001"
|
||||
|
||||
connect {
|
||||
sidecar_service {}
|
||||
}
|
||||
}
|
||||
|
||||
task "web" {
|
||||
driver = "docker"
|
||||
|
||||
config {
|
||||
image = "hashicorpnomad/counter-api:v3"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
group "dashboard" {
|
||||
network {
|
||||
mode = "bridge"
|
||||
|
||||
port "http" {
|
||||
static = 9002
|
||||
to = 9002
|
||||
}
|
||||
}
|
||||
|
||||
service {
|
||||
name = "count-dashboard"
|
||||
port = "9002"
|
||||
|
||||
connect {
|
||||
sidecar_service {
|
||||
proxy {
|
||||
upstreams {
|
||||
destination_name = "count-api"
|
||||
local_bind_port = 8080
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
task "dashboard" {
|
||||
driver = "docker"
|
||||
|
||||
env {
|
||||
COUNTING_SERVICE_URL = "http://${NOMAD_UPSTREAM_ADDR_count_api}"
|
||||
}
|
||||
|
||||
config {
|
||||
image = "hashicorpnomad/counter-dashboard:v3"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
|
@ -11,6 +11,7 @@ job "gitea" {
|
|||
}
|
||||
|
||||
network {
|
||||
mode = "bridge"
|
||||
port "http" { to = 3000 }
|
||||
port "ssh" { to = 22 }
|
||||
}
|
||||
|
@ -26,6 +27,7 @@ job "gitea" {
|
|||
# timeout = "2s"
|
||||
# }
|
||||
}
|
||||
|
||||
service {
|
||||
name = "gitea-ssh"
|
||||
port = "ssh"
|
||||
|
@ -38,6 +40,24 @@ job "gitea" {
|
|||
# }
|
||||
}
|
||||
|
||||
service {
|
||||
name = "gitea-db"
|
||||
|
||||
connect {
|
||||
sidecar_service {
|
||||
proxy {
|
||||
upstreams {
|
||||
# Required
|
||||
destination_name = "postgres"
|
||||
local_bind_port = "5432"
|
||||
# Optional
|
||||
# local_bind_address = "127.0.0.1"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
task "gitea" {
|
||||
driver = "docker"
|
||||
|
||||
|
@ -71,10 +91,9 @@ DB_TYPE = "postgres"
|
|||
DB_USER = "{{ key "secrets/postgres/gitea/user" }}"
|
||||
DB_PASSWD = "{{ key "secrets/postgres/gitea/password" }}"
|
||||
DB_NAME = "{{ key "secrets/postgres/gitea/db_name" }}"
|
||||
DB_HOST = "{{ with service "postgres" }}{{ with index . 0 }}{{ .Address }}:{{ .Port }}{{ end }}{{ end }}"
|
||||
EOH
|
||||
|
||||
destination = "secrets/env"
|
||||
destination = "secrets/env.env"
|
||||
env = true
|
||||
change_mode = "restart"
|
||||
}
|
||||
|
@ -82,6 +101,7 @@ EOH
|
|||
env {
|
||||
DOMAIN = "gitea.hammerhead.luxeylab.net"
|
||||
SSH_DOMAIN = "gitea.hammerhead.luxeylab.net"
|
||||
DB_HOST = "${NOMAD_UPSTREAM_ADDR_postgres}"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -14,18 +14,26 @@ job "postgres" {
|
|||
}
|
||||
|
||||
network {
|
||||
port "db" { static = 5432 }
|
||||
mode = "bridge"
|
||||
# port "db" {
|
||||
# static = 5432
|
||||
# to = 5432
|
||||
# }
|
||||
}
|
||||
|
||||
service {
|
||||
name = "postgres"
|
||||
port = "db"
|
||||
port = "5432"
|
||||
|
||||
check {
|
||||
name = "alive"
|
||||
type = "tcp"
|
||||
interval = "10s"
|
||||
timeout = "2s"
|
||||
# check {
|
||||
# name = "alive"
|
||||
# type = "tcp"
|
||||
# interval = "10s"
|
||||
# timeout = "2s"
|
||||
# }
|
||||
|
||||
connect {
|
||||
sidecar_service {}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -33,7 +41,7 @@ job "postgres" {
|
|||
driver = "docker"
|
||||
|
||||
config {
|
||||
ports = ["db"]
|
||||
# ports = ["db"]
|
||||
image = "postgres"
|
||||
}
|
||||
|
||||
|
@ -53,7 +61,7 @@ POSTGRES_USER = "{{ key "secrets/postgres/user" }}"
|
|||
POSTGRES_PASSWORD = "{{ key "secrets/postgres/password" }}"
|
||||
EOH
|
||||
|
||||
destination = "secrets/env"
|
||||
destination = "secrets/env.env"
|
||||
env = true
|
||||
change_mode = "restart"
|
||||
}
|
||||
|
|
|
@ -13,17 +13,21 @@
|
|||
"server": true,
|
||||
"ui": true,
|
||||
"ports": {
|
||||
"dns": 53
|
||||
"dns": 53,
|
||||
"grpc": 8502
|
||||
},
|
||||
"recursors": [
|
||||
"213.186.33.99",
|
||||
"172.104.136.243"
|
||||
],
|
||||
"encrypt": "2B2vxbfCRzu3Q29LEJAZBg==",
|
||||
"domain": "2.cluster.deuxfleurs.fr",
|
||||
"domain": "hammerhead.deuxfleurs.fr",
|
||||
"performance": {
|
||||
"raft_multiplier": 10,
|
||||
"rpc_hold_timeout": "30s",
|
||||
"leave_drain_time": "30s"
|
||||
},
|
||||
"connect": {
|
||||
"enabled": true
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue