Add intents

This commit is contained in:
IamTheFij 2022-03-14 15:58:47 -07:00
parent 28c919e5b0
commit f5da89c55e
3 changed files with 71 additions and 1 deletions

View File

@ -37,3 +37,28 @@ resource "nomad_job" "grafana" {
jobspec = file("${path.module}/grafana.nomad") jobspec = file("${path.module}/grafana.nomad")
} }
resource "consul_config_entry" "prometheus_intent" {
name = "prometheus"
kind = "service-intentions"
config_json = jsonencode({
Sources = [
{
Action = "allow"
Name = "grafana"
Precedence = 9
Type = "consul"
},
]
})
}
# resource "consul_config_entry" "envoy_prometheus_bind" {
# name = "global"
# kind = "proxy-defaults"
#
# config_json = jsonencode({
# "envoy_prometheus_bind_addr" = "0.0.0.0:9102"
# })
# }

View File

@ -13,3 +13,26 @@ resource "nomad_job" "adminer" {
jobspec = file("${path.module}/adminer.nomad") jobspec = file("${path.module}/adminer.nomad")
} }
# NOTE: This may need to be moved to after the services are created
resource "consul_config_entry" "mysql_intents" {
name = "mysql"
kind = "service-intentions"
config_json = jsonencode({
Sources = [
{
Action = "allow"
Name = "adminer"
Precedence = 9
Type = "consul"
},
{
Action = "allow"
Name = "nextcloud"
Precedence = 9
Type = "consul"
},
]
})
}

View File

@ -71,9 +71,31 @@ resource "nomad_job" "whoami" {
enabled = true enabled = true
vars = { vars = {
"count" = "${2 * length(data.consul_service.read-nomad-cluster.service)}", "count" = "${2 * length(data.consul_service.read-nomad-cluster.service)}",
"base_hostname" = "${var.base_hostname}",
} }
} }
jobspec = file("${path.module}/whoami.nomad") jobspec = file("${path.module}/whoami.nomad")
} }
resource "consul_config_entry" "global_access" {
name = "*"
kind = "service-intentions"
config_json = jsonencode({
Sources = [
{
Action = "allow"
Name = "traefik"
Precedence = 6
Type = "consul"
},
{
Action = "deny"
Name = "*"
Precedence = 5
Type = "consul"
},
]
})
}