Simplify proxy routing

This commit is contained in:
IamTheFij 2022-03-14 15:58:03 -07:00
parent b845847ce4
commit 8b55f83996
10 changed files with 104 additions and 70 deletions

View File

@ -52,8 +52,6 @@ job "grafana" {
tags = [
"traefik.enable=true",
"traefik.http.routers.grafana.entrypoints=web,websecure",
"traefik.http.routers.grafana.tls=true",
]
}

View File

@ -54,8 +54,6 @@ job "prometheus" {
// TODO: Remove traefik tags
tags = [
"traefik.enable=true",
"traefik.http.routers.prometheus.entrypoints=web,websecure",
"traefik.http.routers.prometheus.tls=true",
]
}

View File

@ -1,9 +1,3 @@
variable "base_hostname" {
type = string
description = "Base hostname to serve content from"
default = "dev.homelab"
}
job "adminer" {
datacenters = ["dc1"]
type = "service"
@ -21,6 +15,7 @@ job "adminer" {
}
service {
name = "adminer"
port = "adminer"
connect {
@ -50,9 +45,6 @@ job "adminer" {
tags = [
"traefik.enable=true",
"traefik.http.routers.adminer.entrypoints=web,websecure",
"traefik.http.routers.adminer.rule=Host(`adminer.${var.base_hostname}`)",
"traefik.http.routers.adminer.tls=true",
]
}

View File

@ -15,7 +15,6 @@ job "mysql-server" {
network {
mode = "bridge"
port "db" {
static = 3306
to = 3306
}
}
@ -31,7 +30,18 @@ job "mysql-server" {
port = "db"
connect {
sidecar_service {}
sidecar_service {
proxy {
local_service_port = 3306
}
}
sidecar_task {
resources {
cpu = 50
memory = 50
}
}
}
# Can't use a tcp check with bridge network or proxy

View File

@ -1,9 +1,3 @@
variable "base_hostname" {
type = string
description = "Base hostname to serve content from"
default = "dev.homelab"
}
resource "nomad_job" "mysql-server" {
hcl2 {
enabled = true
@ -15,9 +9,6 @@ resource "nomad_job" "mysql-server" {
resource "nomad_job" "adminer" {
hcl2 {
enabled = true
vars = {
"base_hostname" = "${var.base_hostname}",
}
}
jobspec = file("${path.module}/adminer.nomad")

View File

@ -29,6 +29,7 @@ job "nextcloud" {
}
service {
name = "nextcloud"
port = "web"
connect {
@ -57,8 +58,6 @@ job "nextcloud" {
tags = [
"traefik.enable=true",
"traefik.http.routers.nextcloud.entrypoints=web,websecure",
"traefik.http.routers.nextcloud.tls=true",
]
}

View File

@ -1,15 +1,6 @@
variable "base_hostname" {
type = string
description = "Base hostname to serve content from"
default = "dev.homelab"
}
resource "nomad_job" "nextcloud" {
hcl2 {
enabled = true
vars = {
"base_hostname" = "${var.base_hostname}",
}
}
jobspec = file("${path.module}/nextcloud.nomad")

View File

@ -63,8 +63,6 @@ module "metrics" {
module "nextcloud" {
source = "./nextcloud"
base_hostname = var.base_hostname
depends_on = [module.mysql-server]
}

View File

@ -51,7 +51,7 @@ job "traefik" {
tags = [
"traefik.enable=true",
"traefik.http.routers.traefik_dashboard.entrypoints=web,websecure",
"traefik.http.routers.traefik_dashboard.entryPoints=web,websecure",
"traefik.http.routers.traefik_dashboard.rule=Host(`traefik.${var.base_hostname}`)",
"traefik.http.routers.traefik_dashboard.service=api@internal",
"traefik.http.routers.traefik_dashboard.tls=true",
@ -63,34 +63,99 @@ job "traefik" {
config {
image = "traefik:2.6"
args = [
"--log.level=DEBUG",
"--entryPoints.web.address=:80",
"--entryPoints.websecure.address=:443",
"--entryPoints.websecure.tls=true",
"--entrypoints.web.http.redirections.entryPoint.to=websecure",
# "--entryPoints.admin.address=:8080",
"--accesslog=true",
"--api=true",
"--api.dashboard=true",
# "--metrics=true",
# "--metrics.prometheus=true",
# "--metrics.prometheus.entryPoint=admin",
# "--metrics.prometheus.manualrouting=true",
"--ping=true",
"--ping.entryPoint=web",
"--providers.consulcatalog=true",
"--providers.consulcatalog.connectaware=true",
"--providers.consulcatalog.connectbydefault=true",
"--providers.consulcatalog.exposedbydefault=false",
"--providers.consulcatalog.endpoint.address=${var.consul_address}",
"--providers.consulcatalog.defaultrule=Host(`{{normalize .Name}}.${var.base_hostname}`)",
]
ports = ["web", "websecure"]
network_mode = "host"
volumes = []
mount {
type = "bind"
target = "/etc/traefik"
source = "config"
}
}
template {
# Avoid conflict with TOML lists [[ ]] and Go templates {{ }}
left_delimiter = "<<"
right_delimiter = ">>"
data = <<EOH
[log]
level = "DEBUG"
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.http]
[entryPoints.web.http.redirections]
[entryPoints.web.http.redirections.entrypoint]
to = "websecure"
scheme = "https"
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http.tls]
# certResolver = "letsEncrypt"
[entryPoints.metrics]
address = ":8989"
[api]
dashboard = true
[ping]
entrypoint = "web"
[metrics]
[metrics.prometheus]
entrypoint = "metrics"
# manualRouting = true
[providers.file]
directory = "/etc/traefik/conf"
watch = true
[providers.consulCatalog]
connectAware = true
connectByDefault = true
exposedByDefault = false
defaultRule = "Host(`{{normalize .Name}}.${var.base_hostname}`)"
[providers.consulCatalog.endpoint]
address = "http://<< env "CONSUL_HTTP_ADDR" >>"
EOH
destination = "/config/traefik.toml"
}
template {
# Avoid conflict with TOML lists [[ ]] and Go templates {{ }}
left_delimiter = "<<"
right_delimiter = ">>"
data = <<EOH
[http]
[http.routers]
[http.routers.nomad]
entryPoints = ["web", "websecure"]
# middlewares = []
service = "nomad"
rule = "Host(`nomad.${var.base_hostname}`)"
[http.routers.consul]
entryPoints = ["web", "websecure"]
# middlewares = []
service = "consul"
rule = "Host(`consul.${var.base_hostname}`)"
[http.services]
[http.services.nomad]
[http.services.nomad.loadBalancer]
[[http.services.nomad.loadBalancer.servers]]
url = "http://<< env "NOMAD_IP_web" >>:4646"
[http.services.consul]
[http.services.consul.loadBalancer]
[[http.services.consul.loadBalancer.servers]]
url = "http://<< env "NOMAD_IP_web" >>:8500"
EOH
destination = "/config/conf/route-hashi.toml"
change_mode = "noop"
}
resources {

View File

@ -1,9 +1,3 @@
variable "base_hostname" {
type = string
description = "Base hostname to serve content from"
default = "dev.homelab"
}
variable "count" {
type = number
default = 2
@ -55,8 +49,6 @@ job "whoami" {
tags = [
"traefik.enable=true",
"traefik.http.routers.whoami.entrypoints=web,websecure",
"traefik.http.routers.whoami.tls=true",
]
}