2022-07-08 23:24:03 +00:00
|
|
|
# Vars
|
|
|
|
# name = string*
|
|
|
|
# image = string*
|
|
|
|
# service_port = int
|
|
|
|
# ingress = bool
|
2022-07-25 17:44:37 +00:00
|
|
|
# sticky_disk = bool
|
2022-07-08 23:24:03 +00:00
|
|
|
# args = json(list[str])
|
|
|
|
# resources = dict(cpu = int, mem = int)
|
2022-08-30 22:16:08 +00:00
|
|
|
# env = json(dict(str: any))
|
2022-11-03 22:10:51 +00:00
|
|
|
# ingress_middlewares = json(list(str))
|
2022-07-08 23:24:03 +00:00
|
|
|
# templates = json(list(dict(
|
|
|
|
# data = str,
|
|
|
|
# dest = str,
|
|
|
|
# change_mode = str,
|
|
|
|
# change_signal = str,
|
|
|
|
# left_delimiter = str,
|
|
|
|
# right_delimiter = str,
|
2022-11-10 18:20:53 +00:00
|
|
|
# mount = bool
|
2022-07-08 23:24:03 +00:00
|
|
|
# )))
|
2022-08-30 22:16:08 +00:00
|
|
|
# host_volumes = json(list(dict(
|
|
|
|
# name = str,
|
|
|
|
# dest = str,
|
|
|
|
# read_only = bool,
|
|
|
|
# )))
|
2022-07-08 23:24:03 +00:00
|
|
|
# healthcheck = "/"
|
2022-10-27 21:28:34 +00:00
|
|
|
# upstreams = json(list(dict(
|
|
|
|
# destination_name = str,
|
|
|
|
# local_bind_port = int
|
|
|
|
# )))
|
2022-07-08 23:24:03 +00:00
|
|
|
# mysql = bool
|
|
|
|
# redis = bool
|
2022-07-27 21:41:13 +00:00
|
|
|
# vault = bool
|
2022-11-10 18:20:53 +00:00
|
|
|
# mysql_bootstrap = json(dict(
|
|
|
|
# vault_key = str
|
|
|
|
# db_name = str
|
|
|
|
# db_name_key = str
|
|
|
|
# db_user = str
|
|
|
|
# db_user_key = str
|
|
|
|
# db_pass = str
|
|
|
|
# db_pass_key = str
|
|
|
|
# ))
|
2022-07-08 23:24:03 +00:00
|
|
|
job "[[.name]]" {
|
|
|
|
region = "global"
|
|
|
|
datacenters = ["dc1"]
|
|
|
|
|
|
|
|
type = "service"
|
|
|
|
|
|
|
|
group "[[.name]]" {
|
2022-07-27 21:41:42 +00:00
|
|
|
[[ with .count ]]count = [[ . ]][[ end ]]
|
2022-07-08 23:24:03 +00:00
|
|
|
network {
|
|
|
|
mode = "bridge"
|
2022-07-27 21:41:42 +00:00
|
|
|
[[ if not (empty .service_port) -]]
|
2022-07-08 23:24:03 +00:00
|
|
|
port "main" {
|
2022-07-27 21:41:42 +00:00
|
|
|
[[ if default false .ingress -]]
|
2022-07-08 23:24:03 +00:00
|
|
|
host_network = "loopback"
|
2022-07-27 21:41:42 +00:00
|
|
|
[[ end -]]
|
|
|
|
to = [[ .service_port ]]
|
2022-07-08 23:24:03 +00:00
|
|
|
}
|
2022-07-27 21:41:42 +00:00
|
|
|
[[ end -]]
|
2022-07-08 23:24:03 +00:00
|
|
|
}
|
|
|
|
|
2022-07-25 17:44:37 +00:00
|
|
|
[[ if default false .sticky_disk ]]
|
|
|
|
ephemeral_disk {
|
|
|
|
migrate = true
|
|
|
|
sticky = true
|
|
|
|
}
|
|
|
|
[[ end ]]
|
|
|
|
|
2022-08-30 22:16:08 +00:00
|
|
|
[[ with .host_volumes -]]
|
|
|
|
[[ range $v := . | parseJSON -]]
|
|
|
|
volume "[[ $v.name ]]" {
|
|
|
|
type = "host"
|
2022-09-04 21:26:19 +00:00
|
|
|
read_only = [[ $v.read_only ]]
|
2022-08-30 22:16:08 +00:00
|
|
|
source = "[[ $v.name ]]"
|
|
|
|
}
|
|
|
|
[[ end ]]
|
|
|
|
[[ end -]]
|
|
|
|
|
2022-07-08 23:24:03 +00:00
|
|
|
[[ if not (empty .service_port) ]]
|
|
|
|
service {
|
|
|
|
name = "[[.name | replace "_" "-"]]"
|
|
|
|
port = "main"
|
|
|
|
|
|
|
|
[[ if default false .ingress ]]
|
|
|
|
connect {
|
|
|
|
sidecar_service {
|
|
|
|
proxy {
|
2022-07-27 21:41:42 +00:00
|
|
|
local_service_port = [[ .service_port ]]
|
|
|
|
[[ if default false .mysql -]]
|
2022-07-08 23:24:03 +00:00
|
|
|
upstreams {
|
|
|
|
destination_name = "mysql-server"
|
|
|
|
local_bind_port = 4040
|
|
|
|
}
|
|
|
|
[[ end -]]
|
2022-07-27 21:41:42 +00:00
|
|
|
[[ if default false .redis -]]
|
2022-07-08 23:24:03 +00:00
|
|
|
upstreams {
|
|
|
|
destination_name = "redis"
|
|
|
|
local_bind_port = 6379
|
|
|
|
}
|
2022-07-27 21:41:42 +00:00
|
|
|
[[ end -]]
|
2022-10-27 21:28:34 +00:00
|
|
|
[[ with .upstreams -]]
|
|
|
|
[[range $u := . | parseJSON -]]
|
|
|
|
upstreams {
|
|
|
|
destination_name = "[[ $u.destination_name ]]"
|
|
|
|
local_bind_port = [[ $u.local_bind_port ]]
|
|
|
|
}
|
|
|
|
[[ end ]]
|
|
|
|
[[ end -]]
|
2022-07-08 23:24:03 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
sidecar_task {
|
|
|
|
resources {
|
|
|
|
cpu = 50
|
2022-07-25 23:35:30 +00:00
|
|
|
memory = 20
|
|
|
|
memory_max = 50
|
2022-07-08 23:24:03 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
[[ end ]]
|
|
|
|
|
2022-07-25 22:52:02 +00:00
|
|
|
[[ if not (eq .healthcheck "") -]]
|
2022-07-08 23:24:03 +00:00
|
|
|
check {
|
|
|
|
type = "http"
|
|
|
|
path = "[[ or .healthcheck "/" ]]"
|
|
|
|
port = "main"
|
|
|
|
interval = "10s"
|
|
|
|
timeout = "10s"
|
|
|
|
}
|
2022-07-25 22:52:02 +00:00
|
|
|
[[ end -]]
|
2022-07-08 23:24:03 +00:00
|
|
|
|
|
|
|
tags = [
|
|
|
|
[[ if default false .ingress -]]
|
|
|
|
"traefik.enable=true",
|
|
|
|
"traefik.http.routers.[[.name]].entryPoints=websecure",
|
2022-09-06 21:47:06 +00:00
|
|
|
[[ if not (empty .ingress_rule) -]]
|
|
|
|
"traefik.http.routers.[[.name]].rule=[[.ingress_rule]]",
|
|
|
|
[[ end -]]
|
2022-11-03 22:10:51 +00:00
|
|
|
[[ with .ingress_middlewares -]][[ range $m := . | parseJSON -]]
|
|
|
|
"traefik.http.routers.[[$.name]].middlewares=[[ $m ]]",
|
|
|
|
[[ end -]][[ end -]]
|
2022-07-08 23:24:03 +00:00
|
|
|
[[ end -]]
|
|
|
|
]
|
|
|
|
}
|
2022-07-27 21:41:42 +00:00
|
|
|
[[ end -]]
|
2022-07-08 23:24:03 +00:00
|
|
|
|
|
|
|
task "[[.name]]" {
|
|
|
|
driver = "docker"
|
|
|
|
|
|
|
|
config {
|
|
|
|
image = "[[.image]]"
|
2022-11-10 18:20:53 +00:00
|
|
|
[[ with .service_port -]]
|
2022-07-08 23:24:03 +00:00
|
|
|
ports = ["main"]
|
2022-07-27 21:41:42 +00:00
|
|
|
[[ end -]]
|
2022-11-10 18:20:53 +00:00
|
|
|
[[ with .args -]]
|
|
|
|
args = [[ . ]]
|
2022-07-27 21:41:42 +00:00
|
|
|
[[ end -]]
|
2022-07-08 23:24:03 +00:00
|
|
|
|
2022-07-27 21:41:42 +00:00
|
|
|
[[ with .templates -]]
|
|
|
|
[[ range $t := . | parseJSON -]]
|
2022-11-10 18:20:53 +00:00
|
|
|
[[ if and (default true $t.mount) (not (default false $t.env)) -]]
|
2022-07-08 23:24:03 +00:00
|
|
|
mount {
|
|
|
|
type = "bind"
|
|
|
|
target = "[[ $t.dest ]]"
|
2022-11-10 18:20:53 +00:00
|
|
|
source = "[[ default "local/" $t.dest_prefix ]][[ $t.dest ]]"
|
2022-07-08 23:24:03 +00:00
|
|
|
}
|
2022-11-10 18:20:53 +00:00
|
|
|
[[ end -]]
|
2022-07-08 23:24:03 +00:00
|
|
|
[[ end ]]
|
2022-07-27 21:41:42 +00:00
|
|
|
[[ end -]]
|
2022-07-08 23:24:03 +00:00
|
|
|
}
|
|
|
|
|
2022-07-27 21:41:13 +00:00
|
|
|
[[ if default false .vault -]]
|
|
|
|
vault {
|
|
|
|
policies = [
|
|
|
|
"access-tables",
|
|
|
|
"nomad-task",
|
|
|
|
]
|
|
|
|
}
|
|
|
|
[[ end -]]
|
|
|
|
|
2022-07-08 23:24:03 +00:00
|
|
|
[[ with .env -]]
|
|
|
|
env = {
|
2022-08-30 22:16:08 +00:00
|
|
|
[[ range $k, $v := . | parseJSON -]]
|
2022-07-08 23:24:03 +00:00
|
|
|
"[[$k]]" = "[[$v]]"
|
2022-07-27 21:41:42 +00:00
|
|
|
[[ end -]]
|
2022-07-08 23:24:03 +00:00
|
|
|
}
|
2022-07-27 21:41:42 +00:00
|
|
|
[[ end -]]
|
2022-07-08 23:24:03 +00:00
|
|
|
|
2022-08-30 22:16:08 +00:00
|
|
|
[[ with .host_volumes -]]
|
|
|
|
[[ range $v := . | parseJSON -]]
|
|
|
|
volume_mount {
|
|
|
|
volume = "[[ $v.name ]]"
|
|
|
|
destination = "[[ $v.dest ]]"
|
2022-09-04 21:26:19 +00:00
|
|
|
read_only = [[ $v.read_only ]]
|
2022-08-30 22:16:08 +00:00
|
|
|
}
|
|
|
|
[[ end ]]
|
|
|
|
[[ end -]]
|
|
|
|
|
2022-07-27 21:41:42 +00:00
|
|
|
[[ with .templates -]]
|
|
|
|
[[ range $t := . | parseJSON -]]
|
2022-07-08 23:24:03 +00:00
|
|
|
template {
|
|
|
|
data = <<EOF
|
|
|
|
[[ $t.data ]]
|
|
|
|
EOF
|
2022-11-10 18:20:53 +00:00
|
|
|
destination = "[[ default "local/" $t.dest_prefix ]][[ $t.dest ]]"
|
2022-07-08 23:24:03 +00:00
|
|
|
[[ with $t.left_delimiter ]]left_delimiter = "[[ . ]]"[[ end -]]
|
|
|
|
[[ with $t.right_delimiter ]]right_delimiter = "[[ . ]]"[[ end -]]
|
|
|
|
[[ with $t.change_mode ]]change_mode = "[[ . ]]"[[ end -]]
|
|
|
|
[[ with $t.change_signal ]]change_signal = "[[ . ]]"[[ end -]]
|
|
|
|
[[ with $t.env ]]env = [[ . ]][[ end ]]
|
|
|
|
}
|
2022-07-27 21:41:42 +00:00
|
|
|
[[ end -]]
|
|
|
|
[[ end -]]
|
2022-07-08 23:24:03 +00:00
|
|
|
|
2022-07-27 21:41:42 +00:00
|
|
|
[[ with .resources -]]
|
2022-07-08 23:24:03 +00:00
|
|
|
resources {
|
|
|
|
cpu = [[ .cpu ]]
|
|
|
|
memory = [[ .memory ]]
|
|
|
|
}
|
2022-07-27 21:41:42 +00:00
|
|
|
[[ end -]]
|
2022-07-08 23:24:03 +00:00
|
|
|
}
|
2022-11-10 18:20:53 +00:00
|
|
|
[[ with .mysql_bootstrap ]][[ with . | parseJSON -]]
|
|
|
|
task "[[$.name]]-bootstrap" {
|
|
|
|
driver = "docker"
|
|
|
|
|
|
|
|
lifecycle {
|
|
|
|
hook = "prestart"
|
|
|
|
sidecar = false
|
|
|
|
}
|
|
|
|
|
|
|
|
config {
|
2022-11-10 19:15:58 +00:00
|
|
|
image = "mariadb:10"
|
2022-11-10 18:20:53 +00:00
|
|
|
args = [
|
|
|
|
"/bin/bash",
|
|
|
|
"-c",
|
|
|
|
"/usr/bin/mysql --defaults-extra-file=${NOMAD_SECRETS_DIR}/my.cnf < ${NOMAD_SECRETS_DIR}/bootstrap.sql",
|
|
|
|
]
|
|
|
|
}
|
|
|
|
|
|
|
|
vault {
|
|
|
|
policies = [
|
|
|
|
"access-tables",
|
|
|
|
"nomad-task",
|
|
|
|
]
|
|
|
|
}
|
|
|
|
|
|
|
|
template {
|
|
|
|
data = <<EOF
|
|
|
|
[client]
|
|
|
|
host={{ env "NOMAD_UPSTREAM_IP_mysql_server" }}
|
|
|
|
port={{ env "NOMAD_UPSTREAM_PORT_mysql_server" }}
|
|
|
|
user=root
|
|
|
|
{{ with secret "kv/data/mysql" -}}
|
|
|
|
password={{ .Data.data.root_password }}
|
|
|
|
{{ end -}}
|
|
|
|
EOF
|
|
|
|
destination = "${NOMAD_SECRETS_DIR}/my.cnf"
|
|
|
|
}
|
|
|
|
|
|
|
|
template {
|
|
|
|
data = <<EOF
|
|
|
|
{{ with secret "[[.vault_key]]" -}}
|
|
|
|
{{ if .Data.data.[[.db_name_key]] -}}
|
|
|
|
CREATE DATABASE IF NOT EXISTS `{{ .Data.data.[[.db_name_key]] }}`
|
|
|
|
CHARACTER SET = 'utf8mb4'
|
|
|
|
COLLATE = 'utf8mb4_unicode_ci';
|
|
|
|
CREATE USER IF NOT EXISTS '{{ .Data.data.[[.db_user_key]] }}'@'%'
|
|
|
|
IDENTIFIED BY '{{ .Data.data.[[.db_pass_key]] }}';
|
|
|
|
GRANT ALL ON `{{ .Data.data.[[.db_name_key]] }}`.* to '{{ .Data.data.[[.db_user_key]] }}'@'%';
|
|
|
|
{{ else -}}
|
|
|
|
SELECT 'NOOP';
|
|
|
|
{{ end -}}
|
|
|
|
{{ end -}}
|
|
|
|
EOF
|
|
|
|
destination = "${NOMAD_SECRETS_DIR}/bootstrap.sql"
|
|
|
|
}
|
|
|
|
|
|
|
|
resources {
|
|
|
|
cpu = 50
|
|
|
|
memory = 50
|
|
|
|
}
|
|
|
|
}
|
|
|
|
[[ end -]][[ end -]]
|
2022-07-08 23:24:03 +00:00
|
|
|
}
|
|
|
|
}
|