iamthefij/homelab-nomad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update diun config to read from task socket

Browse Source
This commit is contained in:
IamTheFij 2024-05-01 10:18:54 -07:00
parent b9c35bf18f
commit 9af55580e7
1 changed files with 20 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
services/diun.tf
View File

@ -16,10 +16,13 @@ module "diun" {
DIUN_DEFAULTS_INCLUDETAGS = "^\\d+(\\.\\d+){0,2}$" DIUN_DEFAULTS_INCLUDETAGS = "^\\d+(\\.\\d+){0,2}$"
# Nomad API # Nomad API
# TODO: Use socket in $NOMAD_SECRETS_DIR/api.sock when we can assign workload ACLs with Terraform to NOMAD_ADDR = "unix:///secrets/api.sock"
# allow read access. Will need to update template to allow passing token by env DIUN_PROVIDERS_NOMAD = true
NOMAD_ADDR = "http://$${attr.unique.network.ip-address}:4646/" DIUN_PROVIDERS_NOMAD_SECRETID = "$${NOMAD_TOKEN}"
DIUN_PROVIDERS_NOMAD = true }
task_identity = {
env = true
} }
templates = [ templates = [
@ -36,3 +39,16 @@ module "diun" {
}, },
] ]
} }
resource "nomad_acl_policy" "diun_query_jobs" {
name = "diun-query-jobs"
description = "Allow diun to query jobs"
rules_hcl = <<EOH
namespace "default" {
capabilities = ["list-jobs", "read-job"]
}
EOH
job_acl {
job_id = module.diun.job_id
}
}