|
f5a180f019
|
Add dummy stunnel server to blocky
Hopefully this keeps the stunnel instance from failing if mysql and redis
are both unavailable
|
2024-08-30 11:13:53 -07:00 |
|
|
2a58439ab5
|
Simplify passing blocky config to nomad
|
2024-08-30 11:09:59 -07:00 |
|
|
cf43d32d06
|
Remove n2 host
|
2024-08-29 13:51:18 -07:00 |
|
|
8e8dbc3e65
|
Clean up of iot block lists
|
2024-07-17 20:08:38 -07:00 |
|
|
c478ba4278
|
Auto refresh blocky lists when template change
|
2024-06-26 13:28:45 -07:00 |
|
|
9ee660cb6d
|
Pin stunnel image to speed deployments
This will prevent redownload
|
2024-06-26 13:27:41 -07:00 |
|
|
2235a00f3b
|
Refactor blocky lists to a new nomad var space to make them easier to manage
|
2024-06-24 17:04:03 -07:00 |
|
|
bc620987b7
|
Move from Gitea to Nomad Vars for custom block and allow
DNS doesn't route to internal addresses for git.thefij.rocks because
list lookups use bootstrap DNS servers, which don't know about it.
|
2024-06-24 13:53:34 -07:00 |
|
|
7477cb7227
|
Upgrade blocky and init fast
|
2024-06-24 13:53:13 -07:00 |
|
|
90b7740343
|
Move Blocky and Exporters away from system to service jobs
This is because service jobs do not get rescheduled when allocs fail
|
2024-05-30 11:41:40 -07:00 |
|
|
3dcd4c44b3
|
Tune memory after reviewing grafana
|
2024-03-26 09:48:31 -07:00 |
|
|
b35b8cecd5
|
Blocky: Remove mysql and redis configs from stunnel if server isn't found
|
2024-02-13 12:01:45 -08:00 |
|
|
b9dfeff6d8
|
Have blocky use router for upstream in nomad
|
2024-02-13 12:01:08 -08:00 |
|
|
cda2842f8f
|
Switch to image containing stunnel
Rather than installing on container startup, using an image with
stunnel pre-installed. This avoids issues with DNS breaking
the container on startup.
|
2024-01-03 13:50:49 -08:00 |
|
|
b29f405090
|
Bump prometheus versiosn and pin blocky
|
2023-09-18 21:58:43 -07:00 |
|
|
ea8ca478c6
|
Fix blocky acl
|
2023-08-29 12:59:14 -07:00 |
|
|
f5898b0283
|
Add workload ACL management for mysql and postgres access
Allows required jobs to access shared secrets and auto generates psks
for stunnel.
Currently supporting MySQL, Postgres, and LDAP.
|
2023-08-29 12:48:48 -07:00 |
|
|
d5078b24da
|
Refactor use of wesher to be behind a variable toggle
Occasionally I run into issues with Wesher. This makes it easier to
disable use of Wesher by setting TF_VAR_use_wesher to false.
|
2023-08-24 12:51:32 -07:00 |
|
|
f333031c25
|
bootstrap blocky with stunnel
|
2023-07-26 23:23:23 -07:00 |
|
|
0a7ad7a9dc
|
Enable redis for authelia
This also splits redis instances by service
|
2023-07-07 15:50:23 -07:00 |
|
|
f11fad30a5
|
Use stunnel for mysql
Doesn't remove wesher or normal mysql service
|
2023-05-09 13:20:36 -07:00 |
|
|
c7f85bd985
|
Fix blocky redis stunnel lookup
|
2023-03-27 15:21:19 -07:00 |
|
|
f17dec7b57
|
Add nomad services to nomad zone using hosts in blocky
|
2023-03-27 15:20:50 -07:00 |
|
|
a748adbab0
|
Store blocky config in local task dir
|
2023-03-27 15:19:53 -07:00 |
|
|
98ea2a1ca0
|
A whole lot of incremental fixes for nomad variables and such
Also adds stunnel between redis and clients
|
2023-03-24 16:32:37 -07:00 |
|
|
d8307935f5
|
Refactor everything for nomad vars
|
2023-03-24 11:24:36 -07:00 |
|
|
5fb0e0841e
|
Blocky do not create read only user to reduce password exposure
|
2023-03-24 09:56:56 -07:00 |
|
|
00697ebb02
|
Blocky use wgoverlay for api
|
2023-03-24 09:56:29 -07:00 |
|
|
65cb6afaf9
|
WIP: Moving vars and service discovery to Nomad
Starting with core
|
2023-03-24 08:55:23 -07:00 |
|
|
3a95fb46db
|
Add more conditional checks to Blocky so it is more resiliant
Hopefully this will allow it to deploy if mysql or vault are down
|
2023-02-27 11:54:33 -08:00 |
|
|
fd731971d3
|
Try to stabilize DNS
Add all cluster nodes to each nodes resolv.conf and update blocky config
template to delay render on update to avoid unnecessary restarts
|
2022-11-27 22:46:25 -08:00 |
|
|
2db266bda7
|
Update blocky upstream dns to bootstrap better (hopefully) and forward to consul
|
2022-11-15 10:26:26 -08:00 |
|
|
bb400a3f1c
|
Add blocky metrics to grafana
|
2022-11-11 16:21:17 -08:00 |
|
|
3077e66e70
|
Limit all existing services to websecure entrypoint
This will be a bigger issue if exposing a public entrypoint.
|
2022-11-10 13:37:50 -08:00 |
|
|
1fad6b691c
|
Update some metrics
|
2022-11-07 20:50:18 -08:00 |
|
|
45c597b040
|
Big refactor to split core and services for better ordering
|
2022-10-27 14:28:34 -07:00 |
|