Ian Fijolek
88e91e5e5d
Backed by lldap and mysql and deployed on whoami for now as a forward proxy example Would be good to add oidc for Nomad as well as make policies configurable via Nomad variables.
93 lines
1.6 KiB
HCL
93 lines
1.6 KiB
HCL
job "redis" {
|
|
datacenters = ["dc1"]
|
|
type = "service"
|
|
priority = 80
|
|
|
|
group "cache" {
|
|
count = 1
|
|
|
|
ephemeral_disk {
|
|
migrate = true
|
|
sticky = true
|
|
size = 300
|
|
}
|
|
|
|
network {
|
|
mode = "bridge"
|
|
|
|
port "tls" {}
|
|
}
|
|
|
|
service {
|
|
name = "redis-tls"
|
|
provider = "nomad"
|
|
port = "tls"
|
|
}
|
|
|
|
task "redis" {
|
|
driver = "docker"
|
|
|
|
config {
|
|
image = "redis:6"
|
|
args = ["redis-server", "--save", "60", "1", "--loglevel", "warning", "--dir", "${NOMAD_ALLOC_DIR}/data"]
|
|
ports = ["main"]
|
|
}
|
|
|
|
resources {
|
|
cpu = 100
|
|
memory = 128
|
|
memory_max = 512
|
|
}
|
|
}
|
|
|
|
task "stunnel" {
|
|
driver = "docker"
|
|
|
|
config {
|
|
image = "alpine:3.17"
|
|
ports = ["tls"]
|
|
args = ["/bin/sh", "${NOMAD_TASK_DIR}/start.sh"]
|
|
}
|
|
|
|
resources {
|
|
cpu = 100
|
|
memory = 100
|
|
}
|
|
|
|
template {
|
|
data = <<EOF
|
|
set -e
|
|
apk add stunnel
|
|
exec stunnel ${NOMAD_TASK_DIR}/stunnel.conf
|
|
EOF
|
|
destination = "${NOMAD_TASK_DIR}/start.sh"
|
|
}
|
|
|
|
template {
|
|
data = <<EOF
|
|
syslog = no
|
|
foreground = yes
|
|
delay = yes
|
|
|
|
[redis_server]
|
|
|
|
accept = {{ env "NOMAD_PORT_tls" }}
|
|
connect = 127.0.0.1:6379
|
|
ciphers = PSK
|
|
PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/stunnel_psk.txt
|
|
EOF
|
|
destination = "${NOMAD_TASK_DIR}/stunnel.conf"
|
|
}
|
|
|
|
template {
|
|
data = <<EOF
|
|
{{ with nomadVar "nomad/jobs/redis" -}}
|
|
{{ .allowed_psks }}
|
|
{{- end }}
|
|
EOF
|
|
destination = "${NOMAD_SECRETS_DIR}/stunnel_psk.txt"
|
|
}
|
|
}
|
|
}
|
|
}
|