Ian Fijolek
cda2842f8f
Rather than installing on container startup, using an image with stunnel pre-installed. This avoids issues with DNS breaking the container on startup.
84 lines
1.4 KiB
HCL
84 lines
1.4 KiB
HCL
job "redis-${name}" {
|
|
datacenters = ["dc1"]
|
|
type = "service"
|
|
priority = 80
|
|
|
|
group "cache" {
|
|
count = 1
|
|
|
|
ephemeral_disk {
|
|
migrate = true
|
|
sticky = true
|
|
size = 300
|
|
}
|
|
|
|
network {
|
|
mode = "bridge"
|
|
|
|
port "tls" {}
|
|
}
|
|
|
|
service {
|
|
name = "redis-${name}"
|
|
provider = "nomad"
|
|
port = "tls"
|
|
}
|
|
|
|
task "redis" {
|
|
driver = "docker"
|
|
|
|
config {
|
|
image = "redis:6"
|
|
args = ["redis-server", "--save", "60", "1", "--loglevel", "warning", "--dir", "$${NOMAD_ALLOC_DIR}/data"]
|
|
ports = ["main"]
|
|
}
|
|
|
|
resources {
|
|
cpu = 100
|
|
memory = 128
|
|
memory_max = 512
|
|
}
|
|
}
|
|
|
|
task "stunnel" {
|
|
driver = "docker"
|
|
|
|
config {
|
|
image = "iamthefij/stunnel:latest"
|
|
args = ["$${NOMAD_TASK_DIR}/stunnel.conf"]
|
|
ports = ["tls"]
|
|
}
|
|
|
|
resources {
|
|
cpu = 100
|
|
memory = 100
|
|
}
|
|
|
|
template {
|
|
data = <<EOF
|
|
syslog = no
|
|
foreground = yes
|
|
delay = yes
|
|
|
|
[redis_server]
|
|
|
|
accept = {{ env "NOMAD_PORT_tls" }}
|
|
connect = 127.0.0.1:6379
|
|
ciphers = PSK
|
|
PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/stunnel_psk.txt
|
|
EOF
|
|
destination = "$${NOMAD_TASK_DIR}/stunnel.conf"
|
|
}
|
|
|
|
template {
|
|
data = <<EOF
|
|
{{ with nomadVar "nomad/jobs/redis-${name}" -}}
|
|
{{ .allowed_psks }}
|
|
{{- end }}
|
|
EOF
|
|
destination = "$${NOMAD_SECRETS_DIR}/stunnel_psk.txt"
|
|
}
|
|
}
|
|
}
|
|
}
|