From 6a7bfb3fc6a2159783d2177d292e942057f61268 Mon Sep 17 00:00:00 2001 From: Ian Fijolek Date: Mon, 14 Mar 2022 15:56:06 -0700 Subject: [PATCH] Add redis and prometheus support to blocky --- nomad/blocky/blocky.nomad | 51 ++++++++++++++++++++++--- nomad/blocky/config.yml | 17 +++++++++ nomad/metrics/prometheus.nomad | 1 + nomad/redis/redis.nomad | 65 ++++++++++++++++++++++++++++++++ nomad/redis/redis.tf | 38 +++++++++++++++++++ nomad/redis/rediscommander.nomad | 64 +++++++++++++++++++++++++++++++ nomad/services.tf | 5 ++- 7 files changed, 234 insertions(+), 7 deletions(-) create mode 100644 nomad/redis/redis.nomad create mode 100644 nomad/redis/redis.tf create mode 100644 nomad/redis/rediscommander.nomad diff --git a/nomad/blocky/blocky.nomad b/nomad/blocky/blocky.nomad index 98af39b..d897379 100644 --- a/nomad/blocky/blocky.nomad +++ b/nomad/blocky/blocky.nomad @@ -17,7 +17,7 @@ job "blocky" { static = "53" } - port "web" { + port "api" { to = "4000" } } @@ -29,13 +29,52 @@ job "blocky" { service { name = "blocky-api" - port = "web" + port = "api" + + meta { + metrics_addr = "${NOMAD_ADDR_api}" + } + + connect { + sidecar_service { + proxy { + local_service_port = 400 + + expose { + path { + path = "/metrics" + protocol = "http" + local_path_port = 4000 + listener_port = "api" + } + } + + upstreams { + destination_name = "redis" + local_bind_port = 6379 + } + } + } + + sidecar_task { + resources { + cpu = 50 + memory = 50 + } + } + } + + check { + name = "api-health" + port = "api" + type = "http" + path = "/" + interval = "10s" + timeout = "3s" + } tags = [ "traefik.enable=true", - "traefik.consulcatalog.connect=false", - "traefik.http.routers.blocky.entrypoints=web,websecure", - "traefik.http.routers.blocky.tls=true", ] } @@ -44,7 +83,7 @@ job "blocky" { config { image = "ghcr.io/0xerr0r/blocky" - ports = ["dns", "web"] + ports = ["dns", "api"] mount { type = "bind" diff --git a/nomad/blocky/config.yml b/nomad/blocky/config.yml index 12cbdfa..7b02f3d 100644 --- a/nomad/blocky/config.yml +++ b/nomad/blocky/config.yml @@ -2,6 +2,7 @@ upstream: default: - 1.1.1.1 - 1.0.0.1 + blocking: blackLists: ads: @@ -15,6 +16,22 @@ customDNS: mapping: ${base_hostname}: ${ingress_address} +prometheus: + enable: true + +redis: + address: {{ env "NOMAD_UPSTREAM_ADDR_redis" }} +# password: passwd +# database: 2 + required: true +# connectionAttempts: 10 +# connectionCooldown: 3s + +# queryLog: +# type: mysql +# target: db_user:db_password@tcp(db_host_or_ip:3306)/db_user?charset=utf8mb4&parseTime=True&loc=Local +# logRetentionDays: 7 + port: 53 httpPort: 4000 diff --git a/nomad/metrics/prometheus.nomad b/nomad/metrics/prometheus.nomad index 15e5e79..edf79b7 100644 --- a/nomad/metrics/prometheus.nomad +++ b/nomad/metrics/prometheus.nomad @@ -136,6 +136,7 @@ scrape_configs: services: - "cadvisor" - "nodeexporter" + - "blocky-api" relabel_configs: - source_labels: [__meta_consul_service_metadata_metrics_addr] action: keep diff --git a/nomad/redis/redis.nomad b/nomad/redis/redis.nomad new file mode 100644 index 0000000..13af735 --- /dev/null +++ b/nomad/redis/redis.nomad @@ -0,0 +1,65 @@ +job "redis" { + datacenters = ["dc1"] + type = "service" + + group "cache" { + count = 1 + + ephemeral_disk { + migrate = true + sticky = true + size = 300 + } + + network { + mode = "bridge" + + port "main" { + host_network = "loopback" + to = 6379 + } + } + + service { + name = "redis" + port = "main" + + connect { + sidecar_service { + proxy { + local_service_port = 6379 + } + } + + sidecar_task { + resources { + cpu = 50 + memory = 50 + } + } + } + + # check { + # name = "alive" + # type = "tcp" + # interval = "10s" + # timeout = "2s" + # } + } + + task "main" { + driver = "docker" + + config { + image = "redis:6" + args = ["redis-server", "--save", "60", "1", "--loglevel", "warning"] + ports = ["main"] + } + + resources { + cpu = 100 + memory = 1024 + } + } + } +} diff --git a/nomad/redis/redis.tf b/nomad/redis/redis.tf new file mode 100644 index 0000000..80f82d0 --- /dev/null +++ b/nomad/redis/redis.tf @@ -0,0 +1,38 @@ +resource "nomad_job" "redis" { + hcl2 { + enabled = true + } + + jobspec = file("${path.module}/redis.nomad") +} + +resource "nomad_job" "rediscommander" { + hcl2 { + enabled = true + } + + jobspec = file("${path.module}/rediscommander.nomad") +} + +# NOTE: This may need to be moved to after the services are created +resource "consul_config_entry" "redis_intents" { + name = "redis" + kind = "service-intentions" + + config_json = jsonencode({ + Sources = [ + { + Action = "allow" + Name = "blocky-api" + Precedence = 9 + Type = "consul" + }, + { + Action = "allow" + Name = "rediscommander" + Precedence = 9 + Type = "consul" + }, + ] + }) +} diff --git a/nomad/redis/rediscommander.nomad b/nomad/redis/rediscommander.nomad new file mode 100644 index 0000000..d348e80 --- /dev/null +++ b/nomad/redis/rediscommander.nomad @@ -0,0 +1,64 @@ +job "rediscommander" { + datacenters = ["dc1"] + type = "service" + + group "rediscommander" { + count = 1 + + network { + mode = "bridge" + + port "main" { + host_network = "loopback" + to = 8081 + } + } + + service { + name = "rediscommander" + port = "main" + + connect { + sidecar_service { + proxy { + local_service_port = 8081 + + upstreams { + destination_name = "redis" + local_bind_port = 6379 + } + } + } + + sidecar_task { + resources { + cpu = 50 + memory = 25 + } + } + } + + tags = [ + "traefik.enable=true", + ] + } + + task "rediscommander" { + driver = "docker" + + config { + image = "rediscommander/redis-commander:latest" + ports = ["main"] + } + + env = { + "REDIS_HOSTS" = "local:${NOMAD_UPSTREAM_ADDR_redis}" + } + + resources { + cpu = 50 + memory = 50 + } + } + } +} diff --git a/nomad/services.tf b/nomad/services.tf index dbd2fdc..1731498 100644 --- a/nomad/services.tf +++ b/nomad/services.tf @@ -34,14 +34,17 @@ provider "nomad" { module "mysql-server" { source = "./mysql" +} - base_hostname = var.base_hostname +module "redis" { + source = "./redis" } module "blocky" { source = "./blocky" base_hostname = var.base_hostname + depends_on = [module.mysql-server, module.redis] } module "traefik" {