Update diun config to read from task socket
This commit is contained in:
parent
b9c35bf18f
commit
9af55580e7
@ -16,10 +16,13 @@ module "diun" {
|
|||||||
DIUN_DEFAULTS_INCLUDETAGS = "^\\d+(\\.\\d+){0,2}$"
|
DIUN_DEFAULTS_INCLUDETAGS = "^\\d+(\\.\\d+){0,2}$"
|
||||||
|
|
||||||
# Nomad API
|
# Nomad API
|
||||||
# TODO: Use socket in $NOMAD_SECRETS_DIR/api.sock when we can assign workload ACLs with Terraform to
|
NOMAD_ADDR = "unix:///secrets/api.sock"
|
||||||
# allow read access. Will need to update template to allow passing token by env
|
DIUN_PROVIDERS_NOMAD = true
|
||||||
NOMAD_ADDR = "http://$${attr.unique.network.ip-address}:4646/"
|
DIUN_PROVIDERS_NOMAD_SECRETID = "$${NOMAD_TOKEN}"
|
||||||
DIUN_PROVIDERS_NOMAD = true
|
}
|
||||||
|
|
||||||
|
task_identity = {
|
||||||
|
env = true
|
||||||
}
|
}
|
||||||
|
|
||||||
templates = [
|
templates = [
|
||||||
@ -36,3 +39,16 @@ module "diun" {
|
|||||||
},
|
},
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "nomad_acl_policy" "diun_query_jobs" {
|
||||||
|
name = "diun-query-jobs"
|
||||||
|
description = "Allow diun to query jobs"
|
||||||
|
rules_hcl = <<EOH
|
||||||
|
namespace "default" {
|
||||||
|
capabilities = ["list-jobs", "read-job"]
|
||||||
|
}
|
||||||
|
EOH
|
||||||
|
job_acl {
|
||||||
|
job_id = module.diun.job_id
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user