diff --git a/nomad/metrics/metrics.tf b/nomad/metrics/metrics.tf index b2dd2c3..d12a3cd 100644 --- a/nomad/metrics/metrics.tf +++ b/nomad/metrics/metrics.tf @@ -37,3 +37,28 @@ resource "nomad_job" "grafana" { jobspec = file("${path.module}/grafana.nomad") } + +resource "consul_config_entry" "prometheus_intent" { + name = "prometheus" + kind = "service-intentions" + + config_json = jsonencode({ + Sources = [ + { + Action = "allow" + Name = "grafana" + Precedence = 9 + Type = "consul" + }, + ] + }) +} + +# resource "consul_config_entry" "envoy_prometheus_bind" { +# name = "global" +# kind = "proxy-defaults" +# +# config_json = jsonencode({ +# "envoy_prometheus_bind_addr" = "0.0.0.0:9102" +# }) +# } diff --git a/nomad/mysql/mysql.tf b/nomad/mysql/mysql.tf index a936abd..5b7c1fd 100644 --- a/nomad/mysql/mysql.tf +++ b/nomad/mysql/mysql.tf @@ -13,3 +13,26 @@ resource "nomad_job" "adminer" { jobspec = file("${path.module}/adminer.nomad") } + +# NOTE: This may need to be moved to after the services are created +resource "consul_config_entry" "mysql_intents" { + name = "mysql" + kind = "service-intentions" + + config_json = jsonencode({ + Sources = [ + { + Action = "allow" + Name = "adminer" + Precedence = 9 + Type = "consul" + }, + { + Action = "allow" + Name = "nextcloud" + Precedence = 9 + Type = "consul" + }, + ] + }) +} diff --git a/nomad/services.tf b/nomad/services.tf index 9c863de..595b0fb 100644 --- a/nomad/services.tf +++ b/nomad/services.tf @@ -71,9 +71,31 @@ resource "nomad_job" "whoami" { enabled = true vars = { "count" = "${2 * length(data.consul_service.read-nomad-cluster.service)}", - "base_hostname" = "${var.base_hostname}", } } jobspec = file("${path.module}/whoami.nomad") } + +resource "consul_config_entry" "global_access" { + name = "*" + kind = "service-intentions" + + config_json = jsonencode({ + Sources = [ + { + Action = "allow" + Name = "traefik" + Precedence = 6 + Type = "consul" + }, + { + Action = "deny" + Name = "*" + Precedence = 5 + Type = "consul" + }, + ] + }) +} +