homelab-nomad/core/traefik/traefik.nomad

job "traefik" {
  datacenters = ["dc1"]
  type = "service"
  priority = 100

  constraint {
    attribute = "${node.class}"
    value = "ingress"
  }

  constraint {
    distinct_hosts = true
  }

  update {
    max_parallel = 1
    min_healthy_time = "30s"
    healthy_deadline = "5m"
    auto_revert = true
    # Cannot do canary unless I have an unallocated host
    # canary = 1
    # auto_promote = false
  }

  group "traefik" {
    count = 2

    network  {
      port "web" {
        static = 80
      }

      port "websecure" {
        static = 443
      }

      port "syslog" {
        static = 514
      }

      port "gitssh" {
        static = 2222
      }

      port "metrics" {}
    }

    ephemeral_disk {
      migrate = true
      sticky = true
    }

    task "traefik" {
      driver = "docker"

      service {
        name = "traefik"
        provider = "nomad"
        port = "web"

        check {
          type = "http"
          path = "/ping"
          interval = "10s"
          timeout = "2s"
        }

        tags = [
          "traefik.enable=true",
          "traefik.http.routers.traefik.entryPoints=websecure",
          "traefik.http.routers.traefik.service=api@internal",
        ]
      }

      service {
        name = "traefik-metrics"
        provider = "nomad"
        port = "metrics"

        tags = [
          "prometheus.scrape",
        ]
      }

      config {
        image = "traefik:3.0"

        ports = ["web", "websecure", "syslog", "gitssh", "metrics"]
        network_mode = "host"

        mount {
          type = "bind"
          target = "/etc/traefik"
          source = "local/config"
        }

        mount {
          type = "bind"
          target = "/etc/traefik/usersfile"
          source = "secrets/usersfile"
        }

        mount {
          type = "bind"
          target = "/etc/traefik/certs"
          source = "secrets/certs"
        }
      }

      env = {
        TRAEFIK_PROVIDERS_NOMAD_ENDPOINT_TOKEN = "${NOMAD_TOKEN}"
      }

      identity {
        env = true
      }

      template {
        # Avoid conflict with TOML lists [[ ]] and Go templates {{ }}
        left_delimiter = "<<"
        right_delimiter = ">>"
        data = <<EOH
[log]
  level = "DEBUG"

[entryPoints]
  [entryPoints.web]
    address = ":80"
    [entryPoints.web.http]
      [entryPoints.web.http.redirections]
        [entryPoints.web.http.redirections.entrypoint]
          to = "websecure"
          scheme = "https"

  [entryPoints.websecure]
    address = ":443"
    [entryPoints.websecure.http.tls]

  [entryPoints.metrics]
    address = ":<< env "NOMAD_PORT_metrics" >>"

  [entryPoints.syslogtcp]
    address = ":514"

  [entryPoints.syslogudp]
    address = ":514/udp"

  [entryPoints.gitssh]
    address = ":2222"

[api]
  dashboard = true

[ping]
  entrypoint = "web"

[metrics]
  [metrics.prometheus]
    entrypoint = "metrics"
    # manualRouting = true

[providers.file]
  directory = "/etc/traefik/conf"
  watch = true

[providers.nomad]
  exposedByDefault = false
  defaultRule = "Host(`{{normalize .Name}}.<< with nomadVar "nomad/jobs" >><< .base_hostname >><< end >>`)"
  [providers.nomad.endpoint]
  address = "unix:///secrets/api.sock"
        EOH
        destination = "${NOMAD_TASK_DIR}/config/traefik.toml"
      }

      template {
        data = <<EOH
[http]
  [http.routers]
    [http.routers.nomad]
      entryPoints = ["websecure"]
      service = "nomad"
      rule = "Host(`nomad.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}`)"

    {{ range nomadVarList "traefik_external" }}{{ with nomadVar .Path }}
    [http.routers.{{ .name }}]
      entryPoints = ["websecure"]
      service = "{{ .name }}"
      rule = "Host(`{{ .subdomain }}.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}`){{ with .path_prefix.Value }}&&PathPrefix(`{{ . }}`){{ end }}"
      {{ $name := .name -}}
      {{ with .path_prefix.Value -}}
      middlewares = ["{{ $name }}@file"]
      {{ end }}
    {{- end }}{{ end }}

    #[http.middlewares]
    #  {{ range nomadVarList "traefik_external" }}{{ with nomadVar .Path -}}
    #  {{ $name := .name -}}
    #  {{ with .path_prefix.Value -}}
    #  [http.middlewares.{{ $name }}.stripPrefix]
    #  prefixes = ["{{ . }}"]
    #  {{ end }}
    #  {{- end }}{{ end }}

  [http.services]
    [http.services.nomad]
      [http.services.nomad.loadBalancer]
        [[http.services.nomad.loadBalancer.servers]]
          url = "http://127.0.0.1:4646"

    {{ range nomadVarList "traefik_external" }}{{ with nomadVar .Path }}
    [http.services.{{ .name }}]
      [http.services.{{ .name }}.loadBalancer]
        [[http.services.{{ .name }}.loadBalancer.servers]]
          url = "{{ .url }}"
    {{- end }}{{ end }}
        EOH
        destination = "${NOMAD_TASK_DIR}/config/conf/route-hashi.toml"
        change_mode = "noop"
        splay = "1m"

        wait {
          min = "10s"
          max = "20s"
        }
      }

      template {
        data = <<EOH
{{ with nomadService "syslogng" -}}
[tcp.routers]
  [tcp.routers.syslogtcp]
    entryPoints = ["syslogtcp"]
    service = "syslogngtcp"
    rule = "HostSNI(`*`)"

[tcp.services]
  [tcp.services.syslogngtcp]
    [tcp.services.syslogngtcp.loadBalancer]
      {{ range . -}}
      [[tcp.services.syslogngtcp.loadBalancer.servers]]
        address = "{{ .Address }}:{{ .Port }}"
      {{ end -}}
{{- end }}

{{ with nomadService "syslogng" -}}
[udp.routers]
  [udp.routers.syslogudp]
    entryPoints = ["syslogudp"]
    service = "syslogngudp"

[udp.services]
  [udp.services.syslogngudp]
    [udp.services.syslogngudp.loadBalancer]
      {{ range . -}}
      [[udp.services.syslogngudp.loadBalancer.servers]]
        address = "{{ .Address }}:{{ .Port }}"
      {{ end -}}
{{- end }}
        EOH
        destination = "${NOMAD_TASK_DIR}/config/conf/route-syslog-ng.toml"
        change_mode = "noop"
        splay = "1m"

        wait {
          min = "10s"
          max = "20s"
        }
      }

      template {
        data = <<EOF
{{- with nomadVar "secrets/certs/_lego/certificates/__thefij_rocks_crt" }}{{ .contents }}{{ end -}}"
EOF
        destination = "${NOMAD_SECRETS_DIR}/certs/_.thefij.rocks.crt"
        change_mode = "noop"
      }

      template {
        data = <<EOF
{{- with nomadVar "secrets/certs/_lego/certificates/__thefij_rocks_key" }}{{ .contents }}{{ end -}}"
EOF
        destination = "${NOMAD_SECRETS_DIR}/certs/_.thefij.rocks.key"
        change_mode = "noop"
      }

      template {
        data = <<EOH
[[tls.certificates]]
  certFile = "/etc/traefik/certs/_.thefij.rocks.crt"
  keyFile = "/etc/traefik/certs/_.thefij.rocks.key"
        EOH
        destination = "${NOMAD_TASK_DIR}/config/conf/dynamic-tls.toml"
        change_mode = "noop"
      }

      template {
        data = <<EOH
[http.middlewares]
{{ with nomadVar "nomad/jobs/traefik" }}
{{ if .usersfile }}
  [http.middlewares.basic-auth.basicAuth]
    usersFile = "/etc/traefik/usersfile"
{{- end }}
{{- end }}
        EOH
        destination = "${NOMAD_TASK_DIR}/config/conf/middlewares.toml"
        change_mode = "noop"
      }

      template {
        data = <<EOH
{{ with nomadVar "nomad/jobs/traefik" -}}
{{ .usersfile }}
{{- end }}
        EOH
        destination = "${NOMAD_SECRETS_DIR}/usersfile"
        change_mode = "noop"
      }

      resources {
        cpu = 100
        memory = 150
      }
    }
  }
}
Add some basic Nomad and k8s tests 2022-02-16 09:56:18 -08:00			`job "traefik" {`
			`datacenters = ["dc1"]`
Make traefik a service rather than a system job Sets it up to support auto_revert and auto_promote 2022-07-28 15:11:59 -07:00			`type = "service"`
Increase priority of Traefik 2022-06-23 09:51:42 -07:00			`priority = 100`
Add some basic Nomad and k8s tests 2022-02-16 09:56:18 -08:00
Update ansible to deploy nomad and consul to Pi host This is broken because the Pi doesn't have the right version of ip-tables 2022-02-27 14:49:00 -08:00			`constraint {`
			`attribute = "${node.class}"`
			`value = "ingress"`
			`}`

Make traefik a service rather than a system job Sets it up to support auto_revert and auto_promote 2022-07-28 15:11:59 -07:00			`constraint {`
			`distinct_hosts = true`
			`}`

Deploy traefik one at a time with autorevert 2022-06-23 20:12:30 -07:00			`update {`
			`max_parallel = 1`
Update traefik to v3 using canary 2024-05-28 11:43:46 -07:00			`min_healthy_time = "30s"`
			`healthy_deadline = "5m"`
Fix traefik deployment Not enough hosts for a 2+1 canary deployment 2025-02-24 09:22:10 -08:00			`auto_revert = true`
			`# Cannot do canary unless I have an unallocated host`
			`# canary = 1`
			`# auto_promote = false`
Deploy traefik one at a time with autorevert 2022-06-23 20:12:30 -07:00			`}`

Add some basic Nomad and k8s tests 2022-02-16 09:56:18 -08:00			`group "traefik" {`
Run traefik on multiple hosts 2024-01-04 13:24:15 -08:00			`count = 2`
Add some basic Nomad and k8s tests 2022-02-16 09:56:18 -08:00
			`network {`
			`port "web" {`
			`static = 80`
			`}`
Fix syslog proxy Apparently traefik only supports http proxy over connect. https://github.com/traefik/traefik/issues/7803 2022-09-04 20:21:02 -07:00
Add some basic Nomad and k8s tests 2022-02-16 09:56:18 -08:00			`port "websecure" {`
			`static = 443`
			`}`
Fix syslog proxy Apparently traefik only supports http proxy over connect. https://github.com/traefik/traefik/issues/7803 2022-09-04 20:21:02 -07:00
			`port "syslog" {`
			`static = 514`
			`}`
Use static port for Authelia so that nomad middleware config is the same for each service 2023-07-07 16:34:50 -07:00
Add Gitea Currently it won't auto bootstrap auth. A command has to be executed one time to get it to be added to the database. 2023-07-19 09:28:08 -07:00			`port "gitssh" {`
			`static = 2222`
			`}`

Add back other traefik ports and metrics 2024-02-13 12:03:03 -08:00			`port "metrics" {}`
Add some basic Nomad and k8s tests 2022-02-16 09:56:18 -08:00			`}`

Make traefik disk ephemeral and sticky 2022-07-27 17:30:35 -07:00			`ephemeral_disk {`
			`migrate = true`
			`sticky = true`
			`}`

Add some basic Nomad and k8s tests 2022-02-16 09:56:18 -08:00			`task "traefik" {`
			`driver = "docker"`

Add service healthchecks 2024-01-23 12:08:47 -08:00			`service {`
			`name = "traefik"`
			`provider = "nomad"`
			`port = "web"`

			`check {`
			`type = "http"`
			`path = "/ping"`
			`interval = "10s"`
			`timeout = "2s"`
			`}`

			`tags = [`
			`"traefik.enable=true",`
			`"traefik.http.routers.traefik.entryPoints=websecure",`
			`"traefik.http.routers.traefik.service=api@internal",`
			`]`
Update promtail version and version checker 2023-01-13 15:47:48 -08:00			`}`

Add back other traefik ports and metrics 2024-02-13 12:03:03 -08:00			`service {`
			`name = "traefik-metrics"`
			`provider = "nomad"`
			`port = "metrics"`

			`tags = [`
			`"prometheus.scrape",`
			`]`
			`}`

Add some basic Nomad and k8s tests 2022-02-16 09:56:18 -08:00			`config {`
Update traefik to v3 using canary 2024-05-28 11:43:46 -07:00			`image = "traefik:3.0"`
Add some basic Nomad and k8s tests 2022-02-16 09:56:18 -08:00
Add back other traefik ports and metrics 2024-02-13 12:03:03 -08:00			`ports = ["web", "websecure", "syslog", "gitssh", "metrics"]`
Add some basic Nomad and k8s tests 2022-02-16 09:56:18 -08:00			`network_mode = "host"`

Simplify proxy routing 2022-03-14 15:58:03 -07:00			`mount {`
			`type = "bind"`
			`target = "/etc/traefik"`
Add basic auth to traefik 2022-07-26 21:45:06 -07:00			`source = "local/config"`
Simplify proxy routing 2022-03-14 15:58:03 -07:00			`}`
Add basic auth to traefik 2022-07-26 21:45:06 -07:00
			`mount {`
			`type = "bind"`
			`target = "/etc/traefik/usersfile"`
			`source = "secrets/usersfile"`
			`}`
Traefik: Use nomad vars for dynamic certs Rather than having Traefik handle cert fetching, instead it is delegated to a separate job so that multiple Traefik instances can share certs 2024-01-03 13:56:43 -08:00
			`mount {`
			`type = "bind"`
			`target = "/etc/traefik/certs"`
			`source = "secrets/certs"`
			`}`
Add basic auth to traefik 2022-07-26 21:45:06 -07:00			`}`

Use Nomad task socket from Traefik 2024-05-28 12:00:13 -07:00			`env = {`
			`TRAEFIK_PROVIDERS_NOMAD_ENDPOINT_TOKEN = "${NOMAD_TOKEN}"`
			`}`

			`identity {`
			`env = true`
			`}`

Simplify proxy routing 2022-03-14 15:58:03 -07:00			`template {`
			`# Avoid conflict with TOML lists [[ ]] and Go templates {{ }}`
			`left_delimiter = "<<"`
			`right_delimiter = ">>"`
			`data = <<EOH`
			`[log]`
			`level = "DEBUG"`

			`[entryPoints]`
			`[entryPoints.web]`
			`address = ":80"`
			`[entryPoints.web.http]`
			`[entryPoints.web.http.redirections]`
			`[entryPoints.web.http.redirections.entrypoint]`
			`to = "websecure"`
			`scheme = "https"`

			`[entryPoints.websecure]`
			`address = ":443"`
			`[entryPoints.websecure.http.tls]`

			`[entryPoints.metrics]`
Fix traefik metrics 2024-02-18 07:47:31 -08:00			`address = ":<< env "NOMAD_PORT_metrics" >>"`
Simplify proxy routing 2022-03-14 15:58:03 -07:00
Add Traefik proxy for Syslogng 2022-09-04 12:36:26 -07:00			`[entryPoints.syslogtcp]`
			`address = ":514"`

			`[entryPoints.syslogudp]`
			`address = ":514/udp"`

Add Gitea Currently it won't auto bootstrap auth. A command has to be executed one time to get it to be added to the database. 2023-07-19 09:28:08 -07:00			`[entryPoints.gitssh]`
			`address = ":2222"`

Simplify proxy routing 2022-03-14 15:58:03 -07:00			`[api]`
			`dashboard = true`

			`[ping]`
			`entrypoint = "web"`

			`[metrics]`
			`[metrics.prometheus]`
			`entrypoint = "metrics"`
			`# manualRouting = true`

			`[providers.file]`
			`directory = "/etc/traefik/conf"`
			`watch = true`

Add Nomad provider and sample using Wesher 2023-03-24 08:50:16 -07:00			`[providers.nomad]`
			`exposedByDefault = false`
WIP: Moving vars and service discovery to Nomad Starting with core 2022-11-20 16:24:00 -08:00			defaultRule = "Host(`{{normalize .Name}}.<< with nomadVar "nomad/jobs" >><< .base_hostname >><< end >>`)"
Add Nomad provider and sample using Wesher 2023-03-24 08:50:16 -07:00			`[providers.nomad.endpoint]`
Use Nomad task socket from Traefik 2024-05-28 12:00:13 -07:00			`address = "unix:///secrets/api.sock"`
Simplify proxy routing 2022-03-14 15:58:03 -07:00			`EOH`
Traefik: Use nomad vars for dynamic certs Rather than having Traefik handle cert fetching, instead it is delegated to a separate job so that multiple Traefik instances can share certs 2024-01-03 13:56:43 -08:00			`destination = "${NOMAD_TASK_DIR}/config/traefik.toml"`
Get letsencrypt certs working with Traefik 2022-07-27 11:12:08 -07:00			`}`

Simplify proxy routing 2022-03-14 15:58:03 -07:00			`template {`
			`data = <<EOH`
			`[http]`
			`[http.routers]`
			`[http.routers.nomad]`
Add vault setup: Not secured 2022-03-15 11:57:00 -07:00			`entryPoints = ["websecure"]`
Simplify proxy routing 2022-03-14 15:58:03 -07:00			`service = "nomad"`
WIP: Moving vars and service discovery to Nomad Starting with core 2022-11-20 16:24:00 -08:00			rule = "Host(`nomad.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}`)"
Add external traefik routes to nomad vars 2024-01-16 14:15:18 -08:00
Use vars for external services 2024-08-21 20:02:18 -07:00			`{{ range nomadVarList "traefik_external" }}{{ with nomadVar .Path }}`
			`[http.routers.{{ .name }}]`
A whole lot of incremental fixes for nomad variables and such Also adds stunnel between redis and clients 2023-03-24 16:32:37 -07:00			`entryPoints = ["websecure"]`
Use vars for external services 2024-08-21 20:02:18 -07:00			`service = "{{ .name }}"`
			rule = "Host(`{{ .subdomain }}.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}`){{ with .path_prefix.Value }}&&PathPrefix(`{{ . }}`){{ end }}"
			`{{ $name := .name -}}`
			`{{ with .path_prefix.Value -}}`
			`middlewares = ["{{ $name }}@file"]`
			`{{ end }}`
			`{{- end }}{{ end }}`

			`#[http.middlewares]`
			`# {{ range nomadVarList "traefik_external" }}{{ with nomadVar .Path -}}`
			`# {{ $name := .name -}}`
			`# {{ with .path_prefix.Value -}}`
			`# [http.middlewares.{{ $name }}.stripPrefix]`
			`# prefixes = ["{{ . }}"]`
			`# {{ end }}`
			`# {{- end }}{{ end }}`
Simplify proxy routing 2022-03-14 15:58:03 -07:00
			`[http.services]`
			`[http.services.nomad]`
			`[http.services.nomad.loadBalancer]`
			`[[http.services.nomad.loadBalancer.servers]]`
A whole lot of incremental fixes for nomad variables and such Also adds stunnel between redis and clients 2023-03-24 16:32:37 -07:00			`url = "http://127.0.0.1:4646"`
Add external traefik routes to nomad vars 2024-01-16 14:15:18 -08:00
Use vars for external services 2024-08-21 20:02:18 -07:00			`{{ range nomadVarList "traefik_external" }}{{ with nomadVar .Path }}`
			`[http.services.{{ .name }}]`
			`[http.services.{{ .name }}.loadBalancer]`
			`[[http.services.{{ .name }}.loadBalancer.servers]]`
			`url = "{{ .url }}"`
			`{{- end }}{{ end }}`
Add basic auth to traefik 2022-07-26 21:45:06 -07:00			`EOH`
Traefik: Use nomad vars for dynamic certs Rather than having Traefik handle cert fetching, instead it is delegated to a separate job so that multiple Traefik instances can share certs 2024-01-03 13:56:43 -08:00			`destination = "${NOMAD_TASK_DIR}/config/conf/route-hashi.toml"`
Add basic auth to traefik 2022-07-26 21:45:06 -07:00			`change_mode = "noop"`
Add external traefik routes to nomad vars 2024-01-16 14:15:18 -08:00			`splay = "1m"`

			`wait {`
			`min = "10s"`
			`max = "20s"`
			`}`
Add basic auth to traefik 2022-07-26 21:45:06 -07:00			`}`

Fix syslog proxy Apparently traefik only supports http proxy over connect. https://github.com/traefik/traefik/issues/7803 2022-09-04 20:21:02 -07:00			`template {`
			`data = <<EOH`
WIP: Moving vars and service discovery to Nomad Starting with core 2022-11-20 16:24:00 -08:00			`{{ with nomadService "syslogng" -}}`
Fix syslog proxy Apparently traefik only supports http proxy over connect. https://github.com/traefik/traefik/issues/7803 2022-09-04 20:21:02 -07:00			`[tcp.routers]`
			`[tcp.routers.syslogtcp]`
			`entryPoints = ["syslogtcp"]`
			`service = "syslogngtcp"`
			rule = "HostSNI(`*`)"

			`[tcp.services]`
			`[tcp.services.syslogngtcp]`
			`[tcp.services.syslogngtcp.loadBalancer]`
			`{{ range . -}}`
			`[[tcp.services.syslogngtcp.loadBalancer.servers]]`
			`address = "{{ .Address }}:{{ .Port }}"`
			`{{ end -}}`
A whole lot of incremental fixes for nomad variables and such Also adds stunnel between redis and clients 2023-03-24 16:32:37 -07:00			`{{- end }}`
Fix syslog proxy Apparently traefik only supports http proxy over connect. https://github.com/traefik/traefik/issues/7803 2022-09-04 20:21:02 -07:00
WIP: Moving vars and service discovery to Nomad Starting with core 2022-11-20 16:24:00 -08:00			`{{ with nomadService "syslogng" -}}`
Fix syslog proxy Apparently traefik only supports http proxy over connect. https://github.com/traefik/traefik/issues/7803 2022-09-04 20:21:02 -07:00			`[udp.routers]`
			`[udp.routers.syslogudp]`
			`entryPoints = ["syslogudp"]`
			`service = "syslogngudp"`

			`[udp.services]`
			`[udp.services.syslogngudp]`
			`[udp.services.syslogngudp.loadBalancer]`
			`{{ range . -}}`
			`[[udp.services.syslogngudp.loadBalancer.servers]]`
			`address = "{{ .Address }}:{{ .Port }}"`
			`{{ end -}}`
A whole lot of incremental fixes for nomad variables and such Also adds stunnel between redis and clients 2023-03-24 16:32:37 -07:00			`{{- end }}`
Fix syslog proxy Apparently traefik only supports http proxy over connect. https://github.com/traefik/traefik/issues/7803 2022-09-04 20:21:02 -07:00			`EOH`
Traefik: Use nomad vars for dynamic certs Rather than having Traefik handle cert fetching, instead it is delegated to a separate job so that multiple Traefik instances can share certs 2024-01-03 13:56:43 -08:00			`destination = "${NOMAD_TASK_DIR}/config/conf/route-syslog-ng.toml"`
			`change_mode = "noop"`
Add external traefik routes to nomad vars 2024-01-16 14:15:18 -08:00			`splay = "1m"`

			`wait {`
			`min = "10s"`
			`max = "20s"`
			`}`
Traefik: Use nomad vars for dynamic certs Rather than having Traefik handle cert fetching, instead it is delegated to a separate job so that multiple Traefik instances can share certs 2024-01-03 13:56:43 -08:00			`}`

			`template {`
			`data = <<EOF`
			`{{- with nomadVar "secrets/certs/_lego/certificates/__thefij_rocks_crt" }}{{ .contents }}{{ end -}}"`
			`EOF`
			`destination = "${NOMAD_SECRETS_DIR}/certs/_.thefij.rocks.crt"`
			`change_mode = "noop"`
			`}`

			`template {`
			`data = <<EOF`
			`{{- with nomadVar "secrets/certs/_lego/certificates/__thefij_rocks_key" }}{{ .contents }}{{ end -}}"`
			`EOF`
			`destination = "${NOMAD_SECRETS_DIR}/certs/_.thefij.rocks.key"`
			`change_mode = "noop"`
			`}`

			`template {`
			`data = <<EOH`
			`[[tls.certificates]]`
			`certFile = "/etc/traefik/certs/_.thefij.rocks.crt"`
			`keyFile = "/etc/traefik/certs/_.thefij.rocks.key"`
			`EOH`
			`destination = "${NOMAD_TASK_DIR}/config/conf/dynamic-tls.toml"`
Fix syslog proxy Apparently traefik only supports http proxy over connect. https://github.com/traefik/traefik/issues/7803 2022-09-04 20:21:02 -07:00			`change_mode = "noop"`
			`}`

Add basic auth to traefik 2022-07-26 21:45:06 -07:00			`template {`
			`data = <<EOH`
			`[http.middlewares]`
WIP: Moving vars and service discovery to Nomad Starting with core 2022-11-20 16:24:00 -08:00			`{{ with nomadVar "nomad/jobs/traefik" }}`
			`{{ if .usersfile }}`
Add basic auth to traefik 2022-07-26 21:45:06 -07:00			`[http.middlewares.basic-auth.basicAuth]`
			`usersFile = "/etc/traefik/usersfile"`
A whole lot of incremental fixes for nomad variables and such Also adds stunnel between redis and clients 2023-03-24 16:32:37 -07:00			`{{- end }}`
			`{{- end }}`
Add basic auth to traefik 2022-07-26 21:45:06 -07:00			`EOH`
Traefik: Use nomad vars for dynamic certs Rather than having Traefik handle cert fetching, instead it is delegated to a separate job so that multiple Traefik instances can share certs 2024-01-03 13:56:43 -08:00			`destination = "${NOMAD_TASK_DIR}/config/conf/middlewares.toml"`
Add basic auth to traefik 2022-07-26 21:45:06 -07:00			`change_mode = "noop"`
			`}`

			`template {`
			`data = <<EOH`
A whole lot of incremental fixes for nomad variables and such Also adds stunnel between redis and clients 2023-03-24 16:32:37 -07:00			`{{ with nomadVar "nomad/jobs/traefik" -}}`
WIP: Moving vars and service discovery to Nomad Starting with core 2022-11-20 16:24:00 -08:00			`{{ .usersfile }}`
A whole lot of incremental fixes for nomad variables and such Also adds stunnel between redis and clients 2023-03-24 16:32:37 -07:00			`{{- end }}`
Simplify proxy routing 2022-03-14 15:58:03 -07:00			`EOH`
Traefik: Use nomad vars for dynamic certs Rather than having Traefik handle cert fetching, instead it is delegated to a separate job so that multiple Traefik instances can share certs 2024-01-03 13:56:43 -08:00			`destination = "${NOMAD_SECRETS_DIR}/usersfile"`
Simplify proxy routing 2022-03-14 15:58:03 -07:00			`change_mode = "noop"`
Add some basic Nomad and k8s tests 2022-02-16 09:56:18 -08:00			`}`

			`resources {`
Tweak memory requirements for tasks 2022-07-25 15:51:16 -07:00			`cpu = 100`
Increase Traefik memory 2023-07-31 10:43:03 -07:00			`memory = 150`
Add some basic Nomad and k8s tests 2022-02-16 09:56:18 -08:00			`}`
			`}`
			`}`
			`}`