diff --git a/core/traefik/traefik.nomad b/core/traefik/traefik.nomad index a3e0d34..47025ec 100644 --- a/core/traefik/traefik.nomad +++ b/core/traefik/traefik.nomad @@ -114,6 +114,14 @@ job "traefik" { } } + env = { + TRAEFIK_PROVIDERS_NOMAD_ENDPOINT_TOKEN = "${NOMAD_TOKEN}" + } + + identity { + env = true + } + template { # Avoid conflict with TOML lists [[ ]] and Go templates {{ }} left_delimiter = "<<" @@ -166,7 +174,7 @@ job "traefik" { exposedByDefault = false defaultRule = "Host(`{{normalize .Name}}.<< with nomadVar "nomad/jobs" >><< .base_hostname >><< end >>`)" [providers.nomad.endpoint] - address = "http://127.0.0.1:4646" + address = "unix:///secrets/api.sock" EOH destination = "${NOMAD_TASK_DIR}/config/traefik.toml" } diff --git a/core/traefik/traefik.tf b/core/traefik/traefik.tf index 9a98e66..46094fa 100644 --- a/core/traefik/traefik.tf +++ b/core/traefik/traefik.tf @@ -21,3 +21,16 @@ EOH job_id = resource.nomad_job.traefik.id } } + +resource "nomad_acl_policy" "traefik_query_jobs" { + name = "traefik-query-jobs" + description = "Allow traefik to query jobs" + rules_hcl = <