Update diun config to read from task socket
This commit is contained in:
parent
b9c35bf18f
commit
9af55580e7
@ -16,10 +16,13 @@ module "diun" {
|
||||
DIUN_DEFAULTS_INCLUDETAGS = "^\\d+(\\.\\d+){0,2}$"
|
||||
|
||||
# Nomad API
|
||||
# TODO: Use socket in $NOMAD_SECRETS_DIR/api.sock when we can assign workload ACLs with Terraform to
|
||||
# allow read access. Will need to update template to allow passing token by env
|
||||
NOMAD_ADDR = "http://$${attr.unique.network.ip-address}:4646/"
|
||||
NOMAD_ADDR = "unix:///secrets/api.sock"
|
||||
DIUN_PROVIDERS_NOMAD = true
|
||||
DIUN_PROVIDERS_NOMAD_SECRETID = "$${NOMAD_TOKEN}"
|
||||
}
|
||||
|
||||
task_identity = {
|
||||
env = true
|
||||
}
|
||||
|
||||
templates = [
|
||||
@ -36,3 +39,16 @@ module "diun" {
|
||||
},
|
||||
]
|
||||
}
|
||||
|
||||
resource "nomad_acl_policy" "diun_query_jobs" {
|
||||
name = "diun-query-jobs"
|
||||
description = "Allow diun to query jobs"
|
||||
rules_hcl = <<EOH
|
||||
namespace "default" {
|
||||
capabilities = ["list-jobs", "read-job"]
|
||||
}
|
||||
EOH
|
||||
job_acl {
|
||||
job_id = module.diun.job_id
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user