# Vars # name = string* # image = string* # service_port = int # ingress = bool # sticky_disk = bool # args = json(list[str]) # resources = dict(cpu = int, mem = int) # env = json(dict(str: any)) # templates = json(list(dict( # data = str, # dest = str, # change_mode = str, # change_signal = str, # left_delimiter = str, # right_delimiter = str, # ))) # host_volumes = json(list(dict( # name = str, # dest = str, # read_only = bool, # ))) # healthcheck = "/" # upstreams = json(list(dict( # destination_name = str, # local_bind_port = int # ))) # mysql = bool # redis = bool # vault = bool job "[[.name]]" { region = "global" datacenters = ["dc1"] type = "service" group "[[.name]]" { [[ with .count ]]count = [[ . ]][[ end ]] network { mode = "bridge" [[ if not (empty .service_port) -]] port "main" { [[ if default false .ingress -]] host_network = "loopback" [[ end -]] to = [[ .service_port ]] } [[ end -]] } [[ if default false .sticky_disk ]] ephemeral_disk { migrate = true sticky = true } [[ end ]] [[ with .host_volumes -]] [[ range $v := . | parseJSON -]] volume "[[ $v.name ]]" { type = "host" read_only = [[ $v.read_only ]] source = "[[ $v.name ]]" } [[ end ]] [[ end -]] [[ if not (empty .service_port) ]] service { name = "[[.name | replace "_" "-"]]" port = "main" [[ if default false .ingress ]] connect { sidecar_service { proxy { local_service_port = [[ .service_port ]] [[ if default false .mysql -]] upstreams { destination_name = "mysql-server" local_bind_port = 4040 } [[ end -]] [[ if default false .redis -]] upstreams { destination_name = "redis" local_bind_port = 6379 } [[ end -]] [[ with .upstreams -]] [[range $u := . | parseJSON -]] upstreams { destination_name = "[[ $u.destination_name ]]" local_bind_port = [[ $u.local_bind_port ]] } [[ end ]] [[ end -]] } } sidecar_task { resources { cpu = 50 memory = 20 memory_max = 50 } } } [[ end ]] [[ if not (eq .healthcheck "") -]] check { type = "http" path = "[[ or .healthcheck "/" ]]" port = "main" interval = "10s" timeout = "10s" } [[ end -]] tags = [ [[ if default false .ingress -]] "traefik.enable=true", "traefik.http.routers.[[.name]].entryPoints=websecure", [[ if not (empty .ingress_rule) -]] "traefik.http.routers.[[.name]].rule=[[.ingress_rule]]", [[ end -]] [[ end -]] ] } [[ end -]] task "[[.name]]" { driver = "docker" config { image = "[[.image]]" [[ if not (empty .service_port) -]] ports = ["main"] [[ end -]] [[ if not (empty .args) -]] args = ["[[ .args | parseJSON | join `", "` ]]"] [[ end -]] [[ with .templates -]] [[ range $t := . | parseJSON -]] mount { type = "bind" target = "[[ $t.dest ]]" source = "local/[[ $t.dest ]]" } [[ end ]] [[ end -]] } [[ if default false .vault -]] vault { policies = [ "access-tables", "nomad-task", ] } [[ end -]] [[ with .env -]] env = { [[ range $k, $v := . | parseJSON -]] "[[$k]]" = "[[$v]]" [[ end -]] } [[ end -]] [[ with .host_volumes -]] [[ range $v := . | parseJSON -]] volume_mount { volume = "[[ $v.name ]]" destination = "[[ $v.dest ]]" read_only = [[ $v.read_only ]] } [[ end ]] [[ end -]] [[ with .templates -]] [[ range $t := . | parseJSON -]] template { data = <