From bdacd1d6a3ff99c42af1a6c247705263f1e60e2a Mon Sep 17 00:00:00 2001 From: Adrian Cowan Date: Fri, 25 Apr 2025 21:27:31 +1000 Subject: [PATCH] Setup some example apps behing traefik --- 1-nixos-node/configuration.nix | 13 +++ 1-nixos-node/terraform.tfstate | 6 +- 1-nixos-node/terraform.tfstate.backup | 6 +- 2-nomad-config/hello-world.nomad | 63 ++++++++++++ 2-nomad-config/services.tf | 61 ++--------- 2-nomad-config/terraform.tfstate | 118 ++++++++++++++++++++- 2-nomad-config/terraform.tfstate.backup | 130 ++++++++++++++++++++++-- 2-nomad-config/traefik.nomad | 68 +++++++++++++ 2-nomad-config/webapp.nomad | 42 ++++++++ 9 files changed, 435 insertions(+), 72 deletions(-) create mode 100644 2-nomad-config/hello-world.nomad create mode 100644 2-nomad-config/traefik.nomad create mode 100644 2-nomad-config/webapp.nomad diff --git a/1-nixos-node/configuration.nix b/1-nixos-node/configuration.nix index 759b0e7..0828eaf 100644 --- a/1-nixos-node/configuration.nix +++ b/1-nixos-node/configuration.nix @@ -38,6 +38,7 @@ enableDocker = true; dropPrivileges = false; settings = { + datacenter = "jaglan-beta"; server = { enabled = true; bootstrap_expect = 1; @@ -47,6 +48,18 @@ }; }; }; + consul = { + enable = true; + webUi = true; + interface.bind = "tailscale0"; # Bind to the Tailscale interface + interface.advertise = "tailscale0"; # Advertise the Tailscale interface + extraConfig = { + bootstrap_expect = 1; + server = true; + client_addr = "127.0.0.1 100.79.223.55"; + datacenter = "jaglan-beta"; + }; + }; openssh = { enable = true; settings.PermitRootLogin = "yes"; diff --git a/1-nixos-node/terraform.tfstate b/1-nixos-node/terraform.tfstate index d1f77d7..4ccd92f 100644 --- a/1-nixos-node/terraform.tfstate +++ b/1-nixos-node/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.11.4", - "serial": 19, + "serial": 58, "lineage": "db7dcf21-a255-0ec4-c8b8-d4a7559b3768", "outputs": {}, "resources": [ @@ -14,9 +14,9 @@ { "schema_version": 0, "attributes": { - "id": "2789544025373353248", + "id": "4356981667558216389", "triggers": { - "configuration_content": "{ config, lib, pkgs, ... }:\n{\n imports =\n [ # Include the results of the hardware scan.\n ./hardware-configuration.nix\n ];\n\n nixpkgs.config.allowUnfree = true;\n\n # Use the systemd-boot EFI boot loader.\n boot.loader.systemd-boot.enable = true;\n boot.loader.efi.canTouchEfiVariables = true;\n\n networking.hostName = \"jaglan-beta-m01\"; # Define your hostname.\n\n time.timeZone = \"Australia/Melbourne\";\n\n # List packages installed in system profile. To search, run:\n # $ nix search wget\n # environment.systemPackages = with pkgs; [\n # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.\n # wget\n # ];\n\n # Some programs need SUID wrappers, can be configured further or are\n # started in user sessions.\n # programs.mtr.enable = true;\n # programs.gnupg.agent = {\n # enable = true;\n # enableSSHSupport = true;\n # };\n\n # List services that you want to enable:\n services = {\n tailscale.enable = true;\n nomad = {\n enable = true;\n enableDocker = true;\n dropPrivileges = false;\n settings = {\n server = {\n enabled = true;\n bootstrap_expect = 1;\n };\n client = {\n enabled = true;\n };\n };\n };\n openssh = {\n enable = true;\n settings.PermitRootLogin = \"yes\";\n };\n };\n\n # Fix issue where nomad needs alloc_mounts to be writable\n systemd.tmpfiles.rules = [\n \"d /var/lib/alloc_mounts 0755 root root -\"\n ];\n\n # Open ports in the firewall. 464X are the default ports for Nomad.\n networking.firewall.allowedTCPPorts = [ 4646 4647 4648 ];\n\n # Copy the NixOS configuration file and link it from the resulting system\n # (/run/current-system/configuration.nix). This is useful in case you\n # accidentally delete configuration.nix.\n system.copySystemConfiguration = true;\n\n # Defines the initial NixOS version for compatibility with older application data.\n # Do NOT change this value after installation without careful consideration.\n system.stateVersion = \"24.11\"; # Did you read the comment?\n}\n" + "configuration_content": "{ config, lib, pkgs, ... }:\n{\n imports =\n [ # Include the results of the hardware scan.\n ./hardware-configuration.nix\n ];\n\n nixpkgs.config.allowUnfree = true;\n\n # Use the systemd-boot EFI boot loader.\n boot.loader.systemd-boot.enable = true;\n boot.loader.efi.canTouchEfiVariables = true;\n\n networking.hostName = \"jaglan-beta-m01\"; # Define your hostname.\n\n time.timeZone = \"Australia/Melbourne\";\n\n # List packages installed in system profile. To search, run:\n # $ nix search wget\n # environment.systemPackages = with pkgs; [\n # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.\n # wget\n # ];\n\n # Some programs need SUID wrappers, can be configured further or are\n # started in user sessions.\n # programs.mtr.enable = true;\n # programs.gnupg.agent = {\n # enable = true;\n # enableSSHSupport = true;\n # };\n\n # List services that you want to enable:\n services = {\n tailscale.enable = true;\n nomad = {\n enable = true;\n enableDocker = true;\n dropPrivileges = false;\n settings = {\n datacenter = \"jaglan-beta\";\n server = {\n enabled = true;\n bootstrap_expect = 1;\n };\n client = {\n enabled = true;\n };\n };\n };\n consul = {\n enable = true;\n webUi = true;\n interface.bind = \"tailscale0\"; # Bind to the Tailscale interface\n interface.advertise = \"tailscale0\"; # Advertise the Tailscale interface\n extraConfig = {\n bootstrap_expect = 1;\n server = true;\n client_addr = \"127.0.0.1 100.79.223.55\";\n datacenter = \"jaglan-beta\";\n };\n };\n openssh = {\n enable = true;\n settings.PermitRootLogin = \"yes\";\n };\n };\n\n # Fix issue where nomad needs alloc_mounts to be writable\n systemd.tmpfiles.rules = [\n \"d /var/lib/alloc_mounts 0755 root root -\"\n ];\n\n # Open ports in the firewall. 464X are the default ports for Nomad.\n networking.firewall.allowedTCPPorts = [ 4646 4647 4648 ];\n\n # Copy the NixOS configuration file and link it from the resulting system\n # (/run/current-system/configuration.nix). This is useful in case you\n # accidentally delete configuration.nix.\n system.copySystemConfiguration = true;\n\n # Defines the initial NixOS version for compatibility with older application data.\n # Do NOT change this value after installation without careful consideration.\n system.stateVersion = \"24.11\"; # Did you read the comment?\n}\n" } }, "sensitive_attributes": [] diff --git a/1-nixos-node/terraform.tfstate.backup b/1-nixos-node/terraform.tfstate.backup index c1b3a10..dfb9b08 100644 --- a/1-nixos-node/terraform.tfstate.backup +++ b/1-nixos-node/terraform.tfstate.backup @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.11.4", - "serial": 16, + "serial": 55, "lineage": "db7dcf21-a255-0ec4-c8b8-d4a7559b3768", "outputs": {}, "resources": [ @@ -14,9 +14,9 @@ { "schema_version": 0, "attributes": { - "id": "3103386327037898205", + "id": "971598338822699043", "triggers": { - "configuration_content": "{ config, lib, pkgs, ... }:\n{\n imports =\n [ # Include the results of the hardware scan.\n ./hardware-configuration.nix\n ];\n\n nixpkgs.config.allowUnfree = true;\n\n # Use the systemd-boot EFI boot loader.\n boot.loader.systemd-boot.enable = true;\n boot.loader.efi.canTouchEfiVariables = true;\n\n networking.hostName = \"jaglan-beta-m01\"; # Define your hostname.\n\n time.timeZone = \"Australia/Melbourne\";\n\n # List packages installed in system profile. To search, run:\n # $ nix search wget\n # environment.systemPackages = with pkgs; [\n # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.\n # wget\n # ];\n\n # Some programs need SUID wrappers, can be configured further or are\n # started in user sessions.\n # programs.mtr.enable = true;\n # programs.gnupg.agent = {\n # enable = true;\n # enableSSHSupport = true;\n # };\n\n # List services that you want to enable:\n\n services.tailscale.enable = true;\n services.nomad = {\n enable = true;\n enableDocker = true;\n dropPrivileges = false;\n settings = {\n server = {\n enabled = true;\n bootstrap_expect = 1;\n };\n client = {\n enabled = true;\n };\n };\n };\n # Fix issue where nomad needs alloc_mounts to be writable\n systemd.tmpfiles.rules = [\n \"d /var/lib/alloc_mounts 0755 root root -\"\n ];\n\n # Enable the OpenSSH daemon.\n services.openssh.enable = true;\n services.openssh.settings.PermitRootLogin = \"yes\";\n\n # Open ports in the firewall. 464X are the default ports for Nomad.\n networking.firewall.allowedTCPPorts = [ 4646 4647 4648 ];\n\n # Copy the NixOS configuration file and link it from the resulting system\n # (/run/current-system/configuration.nix). This is useful in case you\n # accidentally delete configuration.nix.\n system.copySystemConfiguration = true;\n\n # Defines the initial NixOS version for compatibility with older application data.\n # Do NOT change this value after installation without careful consideration.\n system.stateVersion = \"24.11\"; # Did you read the comment?\n}\n" + "configuration_content": "{ config, lib, pkgs, ... }:\n{\n imports =\n [ # Include the results of the hardware scan.\n ./hardware-configuration.nix\n ];\n\n nixpkgs.config.allowUnfree = true;\n\n # Use the systemd-boot EFI boot loader.\n boot.loader.systemd-boot.enable = true;\n boot.loader.efi.canTouchEfiVariables = true;\n\n networking.hostName = \"jaglan-beta-m01\"; # Define your hostname.\n\n time.timeZone = \"Australia/Melbourne\";\n\n # List packages installed in system profile. To search, run:\n # $ nix search wget\n # environment.systemPackages = with pkgs; [\n # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.\n # wget\n # ];\n\n # Some programs need SUID wrappers, can be configured further or are\n # started in user sessions.\n # programs.mtr.enable = true;\n # programs.gnupg.agent = {\n # enable = true;\n # enableSSHSupport = true;\n # };\n\n # List services that you want to enable:\n services = {\n tailscale.enable = true;\n nomad = {\n enable = true;\n enableDocker = true;\n dropPrivileges = false;\n settings = {\n datacenter = \"jaglan-beta\";\n server = {\n enabled = true;\n bootstrap_expect = 1;\n };\n client = {\n enabled = true;\n };\n };\n };\n consul = {\n enable = true;\n webUi = true;\n interface.bind = \"tailscale0\"; # Bind to the Tailscale interface\n interface.advertise = \"tailscale0\"; # Advertise the Tailscale interface\n extraConfig = {\n bootstrap_expect = 1;\n server = true;\n client_addr = \"100.79.223.55\";\n datacenter = \"jaglan-beta\";\n };\n };\n openssh = {\n enable = true;\n settings.PermitRootLogin = \"yes\";\n };\n };\n\n # Fix issue where nomad needs alloc_mounts to be writable\n systemd.tmpfiles.rules = [\n \"d /var/lib/alloc_mounts 0755 root root -\"\n ];\n\n # Open ports in the firewall. 464X are the default ports for Nomad.\n networking.firewall.allowedTCPPorts = [ 4646 4647 4648 ];\n\n # Copy the NixOS configuration file and link it from the resulting system\n # (/run/current-system/configuration.nix). This is useful in case you\n # accidentally delete configuration.nix.\n system.copySystemConfiguration = true;\n\n # Defines the initial NixOS version for compatibility with older application data.\n # Do NOT change this value after installation without careful consideration.\n system.stateVersion = \"24.11\"; # Did you read the comment?\n}\n" } }, "sensitive_attributes": [] diff --git a/2-nomad-config/hello-world.nomad b/2-nomad-config/hello-world.nomad new file mode 100644 index 0000000..e19e619 --- /dev/null +++ b/2-nomad-config/hello-world.nomad @@ -0,0 +1,63 @@ +job "hello-world" { + group "servers" { + network { + port "www" { + to = -1 + } + } + + service { + name = "hello-world" + port = "www" + + tags = [ + "traefik.enable=true", + "traefik.http.routers.hello.rule=PathPrefix(`/hello`)", + "traefik.http.middlewares.strip-hello.stripPrefix.prefixes=/hello", + "traefik.http.routers.hello.middlewares=strip-hello", + ] + + check { + name = "alive" + type = "tcp" + port = "www" + interval = "10s" + timeout = "2s" + } + } + + + # Tasks are individual units of work that are run by Nomad. + task "web" { + # This particular task starts a simple web server within a Docker container + driver = "docker" + + config { + image = "busybox:1" + command = "httpd" + args = ["-v", "-f", "-p", "${NOMAD_PORT_www}", "-h", "/local"] + ports = ["www"] + } + + template { + data = <<-EOF +

Hello, Nomad!

+ + EOF + destination = "local/index.html" + } + + # Specify the maximum resources required to run the task + resources { + cpu = 50 + memory = 64 + } + } + } +} \ No newline at end of file diff --git a/2-nomad-config/services.tf b/2-nomad-config/services.tf index f78c9ea..cf68ba5 100644 --- a/2-nomad-config/services.tf +++ b/2-nomad-config/services.tf @@ -3,55 +3,14 @@ provider "nomad" { address = "http://jaglan-beta-m01:4646" } -# Define a Nomad job for a Hello World service -resource "nomad_job" "app" { - jobspec = <Hello, Nomad! - - EOF - destination = "local/index.html" - } - - # Specify the maximum resources required to run the task - resources { - cpu = 50 - memory = 64 - } - } - } +resource "nomad_job" "hello_world" { + jobspec = file("hello-world.nomad") +} + +resource "nomad_job" "traefik" { + jobspec = file("traefik.nomad") +} + +resource "nomad_job" "webapp" { + jobspec = file("webapp.nomad") } -EOT -} \ No newline at end of file diff --git a/2-nomad-config/terraform.tfstate b/2-nomad-config/terraform.tfstate index bfc9b36..30f5e42 100644 --- a/2-nomad-config/terraform.tfstate +++ b/2-nomad-config/terraform.tfstate @@ -1,14 +1,14 @@ { "version": 4, "terraform_version": "1.11.4", - "serial": 13, + "serial": 84, "lineage": "15e0900c-88bc-9754-4600-e3977d018ba0", "outputs": {}, "resources": [ { "mode": "managed", "type": "nomad_job", - "name": "app", + "name": "hello_world", "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", "instances": [ { @@ -23,9 +23,9 @@ "detach": true, "hcl2": [], "id": "hello-world", - "jobspec": "job \"hello-world\" {\n group \"servers\" {\n network {\n port \"www\" {\n to = 8002\n }\n }\n\n service {\n provider = \"nomad\"\n port = \"www\"\n }\n\n # Tasks are individual units of work that are run by Nomad.\n task \"web\" {\n # This particular task starts a simple web server within a Docker container\n driver = \"docker\"\n\n config {\n image = \"busybox:1\"\n command = \"httpd\"\n args = [\"-v\", \"-f\", \"-p\", \"${NOMAD_PORT_www}\", \"-h\", \"/local\"]\n ports = [\"www\"]\n }\n\n template {\n data = \u003c\u003c-EOF\n \u003ch1\u003eHello, Nomad!\u003c/h1\u003e\n \u003cul\u003e\n \u003cli\u003eTask: {{env \"NOMAD_TASK_NAME\"}}\u003c/li\u003e\n \u003cli\u003eGroup: {{env \"NOMAD_GROUP_NAME\"}}\u003c/li\u003e\n \u003cli\u003eJob: {{env \"NOMAD_JOB_NAME\"}}\u003c/li\u003e\n \u003cli\u003eMetadata value for foo: {{env \"NOMAD_META_foo\"}}\u003c/li\u003e\n \u003cli\u003eCurrently running on port: {{env \"NOMAD_PORT_www\"}}\u003c/li\u003e\n \u003c/ul\u003e\n EOF\n destination = \"local/index.html\"\n }\n\n # Specify the maximum resources required to run the task\n resources {\n cpu = 50\n memory = 64\n }\n }\n }\n}\n", + "jobspec": "job \"hello-world\" {\n group \"servers\" {\n network {\n port \"www\" {\n to = -1\n }\n }\n\n service {\n name = \"hello-world\"\n port = \"www\"\n \n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.hello.rule=PathPrefix(`/hello`)\",\n \"traefik.http.middlewares.strip-hello.stripPrefix.prefixes=/hello\",\n \"traefik.http.routers.hello.middlewares=strip-hello\",\n ]\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"www\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n \n\n # Tasks are individual units of work that are run by Nomad.\n task \"web\" {\n # This particular task starts a simple web server within a Docker container\n driver = \"docker\"\n\n config {\n image = \"busybox:1\"\n command = \"httpd\"\n args = [\"-v\", \"-f\", \"-p\", \"${NOMAD_PORT_www}\", \"-h\", \"/local\"]\n ports = [\"www\"]\n }\n\n template {\n data = \u003c\u003c-EOF\n \u003ch1\u003eHello, Nomad!\u003c/h1\u003e\n \u003cul\u003e\n \u003cli\u003eTask: {{env \"NOMAD_TASK_NAME\"}}\u003c/li\u003e\n \u003cli\u003eGroup: {{env \"NOMAD_GROUP_NAME\"}}\u003c/li\u003e\n \u003cli\u003eJob: {{env \"NOMAD_JOB_NAME\"}}\u003c/li\u003e\n \u003cli\u003eMetadata value for foo: {{env \"NOMAD_META_foo\"}}\u003c/li\u003e\n \u003cli\u003eCurrently running on port: {{env \"NOMAD_PORT_www\"}}\u003c/li\u003e\n \u003c/ul\u003e\n EOF\n destination = \"local/index.html\"\n }\n\n # Specify the maximum resources required to run the task\n resources {\n cpu = 50\n memory = 64\n }\n }\n }\n}", "json": null, - "modify_index": "1144", + "modify_index": "1989", "name": "hello-world", "namespace": "default", "policy_override": null, @@ -57,6 +57,116 @@ "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0=" } ] + }, + { + "mode": "managed", + "type": "nomad_job", + "name": "traefik", + "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "allocation_ids": [], + "datacenters": [ + "*" + ], + "deployment_id": null, + "deployment_status": null, + "deregister_on_destroy": true, + "deregister_on_id_change": true, + "detach": true, + "hcl2": [], + "id": "traefik", + "jobspec": "job \"traefik\" {\n group \"traefik\" {\n network {\n port \"http\" {\n static = 8080\n }\n\n port \"api\" {\n static = 8081\n }\n }\n\n service {\n name = \"traefik\"\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"http\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n task \"traefik\" {\n driver = \"docker\"\n\n config {\n image = \"traefik:v3.3\"\n network_mode = \"host\"\n\n volumes = [\n \"local/traefik.toml:/etc/traefik/traefik.toml\",\n ]\n }\n\n template {\n data = \u003c\u003cEOF\n[entryPoints]\n [entryPoints.http]\n address = \":8080\"\n [entryPoints.traefik]\n address = \":8081\"\n\n[api]\n dashboard = true\n insecure = true\n\n# Enable Consul Catalog configuration backend.\n[providers.consulCatalog]\n prefix = \"traefik\"\n exposedByDefault = false\n\n [providers.consulCatalog.endpoint]\n address = \"127.0.0.1:8500\"\n scheme = \"http\"\nEOF\n\n destination = \"local/traefik.toml\"\n }\n\n resources {\n cpu = 100\n memory = 128\n }\n }\n }\n}\n", + "json": null, + "modify_index": "1509", + "name": "traefik", + "namespace": "default", + "policy_override": null, + "purge_on_destroy": null, + "read_allocation_ids": false, + "region": "global", + "rerun_if_dead": false, + "status": "running", + "task_groups": [ + { + "count": 1, + "meta": {}, + "name": "traefik", + "task": [ + { + "driver": "docker", + "meta": {}, + "name": "traefik", + "volume_mounts": [] + } + ], + "volumes": [] + } + ], + "timeouts": null, + "type": "service" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0=" + } + ] + }, + { + "mode": "managed", + "type": "nomad_job", + "name": "webapp", + "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "allocation_ids": [], + "datacenters": [ + "*" + ], + "deployment_id": null, + "deployment_status": null, + "deregister_on_destroy": true, + "deregister_on_id_change": true, + "detach": true, + "hcl2": [], + "id": "demo-webapp", + "jobspec": "job \"demo-webapp\" {\n group \"demo\" {\n count = 3\n\n network {\n port \"http\"{\n to = -1\n }\n }\n\n service {\n name = \"demo-webapp\"\n port = \"http\"\n\n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.http.rule=Path(`/myapp`)\",\n ]\n\n check {\n type = \"http\"\n path = \"/\"\n interval = \"2s\"\n timeout = \"2s\"\n }\n }\n\n task \"server\" {\n env {\n PORT = \"${NOMAD_PORT_http}\"\n NODE_IP = \"${NOMAD_IP_http}\"\n }\n\n driver = \"docker\"\n\n config {\n image = \"hashicorp/demo-webapp-lb-guide\"\n ports = [\"http\"]\n }\n }\n }\n}", + "json": null, + "modify_index": "1847", + "name": "demo-webapp", + "namespace": "default", + "policy_override": null, + "purge_on_destroy": null, + "read_allocation_ids": false, + "region": "global", + "rerun_if_dead": false, + "status": "running", + "task_groups": [ + { + "count": 3, + "meta": {}, + "name": "demo", + "task": [ + { + "driver": "docker", + "meta": {}, + "name": "server", + "volume_mounts": [] + } + ], + "volumes": [] + } + ], + "timeouts": null, + "type": "service" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0=" + } + ] } ], "check_results": null diff --git a/2-nomad-config/terraform.tfstate.backup b/2-nomad-config/terraform.tfstate.backup index 35a4f72..aba870b 100644 --- a/2-nomad-config/terraform.tfstate.backup +++ b/2-nomad-config/terraform.tfstate.backup @@ -1,14 +1,67 @@ { "version": 4, "terraform_version": "1.11.4", - "serial": 11, + "serial": 82, "lineage": "15e0900c-88bc-9754-4600-e3977d018ba0", "outputs": {}, "resources": [ { "mode": "managed", "type": "nomad_job", - "name": "app", + "name": "hello_world", + "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "allocation_ids": [], + "datacenters": [], + "deployment_id": null, + "deployment_status": null, + "deregister_on_destroy": true, + "deregister_on_id_change": true, + "detach": true, + "hcl2": [], + "id": "hello-world", + "jobspec": "job \"hello-world\" {\n group \"servers\" {\n network {\n port \"www\" {\n to = -1\n }\n }\n\n service {\n name = \"hello-world\"\n port = \"www\"\n \n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.hello.rule=PathPrefix(`/hello`)\",\n \"traefik.http.middlewares.strip-hello.stripPrefix.prefixes=/hello\",\n \"traefik.http.routers.foo.middlewares=strip-hello\",\n ]\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"www\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n \n\n # Tasks are individual units of work that are run by Nomad.\n task \"web\" {\n # This particular task starts a simple web server within a Docker container\n driver = \"docker\"\n\n config {\n image = \"busybox:1\"\n command = \"httpd\"\n args = [\"-v\", \"-f\", \"-p\", \"${NOMAD_PORT_www}\", \"-h\", \"/local\"]\n ports = [\"www\"]\n }\n\n template {\n data = \u003c\u003c-EOF\n \u003ch1\u003eHello, Nomad!\u003c/h1\u003e\n \u003cul\u003e\n \u003cli\u003eTask: {{env \"NOMAD_TASK_NAME\"}}\u003c/li\u003e\n \u003cli\u003eGroup: {{env \"NOMAD_GROUP_NAME\"}}\u003c/li\u003e\n \u003cli\u003eJob: {{env \"NOMAD_JOB_NAME\"}}\u003c/li\u003e\n \u003cli\u003eMetadata value for foo: {{env \"NOMAD_META_foo\"}}\u003c/li\u003e\n \u003cli\u003eCurrently running on port: {{env \"NOMAD_PORT_www\"}}\u003c/li\u003e\n \u003c/ul\u003e\n EOF\n destination = \"local/index.html\"\n }\n\n # Specify the maximum resources required to run the task\n resources {\n cpu = 50\n memory = 64\n }\n }\n }\n}", + "json": null, + "modify_index": "1981", + "name": "hello-world", + "namespace": "default", + "policy_override": null, + "purge_on_destroy": null, + "read_allocation_ids": false, + "region": "global", + "rerun_if_dead": false, + "status": "running", + "task_groups": [ + { + "count": 1, + "meta": {}, + "name": "servers", + "task": [ + { + "driver": "docker", + "meta": {}, + "name": "web", + "volume_mounts": [] + } + ], + "volumes": [] + } + ], + "timeouts": null, + "type": "service" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0=" + } + ] + }, + { + "mode": "managed", + "type": "nomad_job", + "name": "traefik", "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", "instances": [ { @@ -24,32 +77,87 @@ "deregister_on_id_change": true, "detach": true, "hcl2": [], - "id": "hello-world", - "jobspec": "job \"hello-world\" {\n # Specifies the datacenter where this job should be run\n # This can be omitted and it will default to [\"*\"]\n datacenters = [\"*\"]\n\n meta {\n # User-defined key/value pairs that can be used in your jobs.\n # You can also use this meta block within Group and Task levels.\n foo = \"bar\"\n }\n\n # A group defines a series of tasks that should be co-located\n # on the same client (host). All tasks within a group will be\n # placed on the same host.\n group \"servers\" {\n\n # Specifies the number of instances of this group that should be running.\n # Use this to scale or parallelize your job.\n # This can be omitted and it will default to 1.\n count = 1\n\n network {\n port \"www\" {\n to = 8002\n }\n }\n\n service {\n provider = \"nomad\"\n port = \"www\"\n }\n\n # Tasks are individual units of work that are run by Nomad.\n task \"web\" {\n # This particular task starts a simple web server within a Docker container\n driver = \"docker\"\n\n config {\n image = \"busybox:1\"\n command = \"httpd\"\n args = [\"-v\", \"-f\", \"-p\", \"${NOMAD_PORT_www}\", \"-h\", \"/local\"]\n ports = [\"www\"]\n }\n\n template {\n data = \u003c\u003c-EOF\n \u003ch1\u003eHello, Nomad!\u003c/h1\u003e\n \u003cul\u003e\n \u003cli\u003eTask: {{env \"NOMAD_TASK_NAME\"}}\u003c/li\u003e\n \u003cli\u003eGroup: {{env \"NOMAD_GROUP_NAME\"}}\u003c/li\u003e\n \u003cli\u003eJob: {{env \"NOMAD_JOB_NAME\"}}\u003c/li\u003e\n \u003cli\u003eMetadata value for foo: {{env \"NOMAD_META_foo\"}}\u003c/li\u003e\n \u003cli\u003eCurrently running on port: {{env \"NOMAD_PORT_www\"}}\u003c/li\u003e\n \u003c/ul\u003e\n EOF\n destination = \"local/index.html\"\n }\n\n # Specify the maximum resources required to run the task\n resources {\n cpu = 50\n memory = 64\n }\n }\n }\n}\n", + "id": "traefik", + "jobspec": "job \"traefik\" {\n group \"traefik\" {\n network {\n port \"http\" {\n static = 8080\n }\n\n port \"api\" {\n static = 8081\n }\n }\n\n service {\n name = \"traefik\"\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"http\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n task \"traefik\" {\n driver = \"docker\"\n\n config {\n image = \"traefik:v3.3\"\n network_mode = \"host\"\n\n volumes = [\n \"local/traefik.toml:/etc/traefik/traefik.toml\",\n ]\n }\n\n template {\n data = \u003c\u003cEOF\n[entryPoints]\n [entryPoints.http]\n address = \":8080\"\n [entryPoints.traefik]\n address = \":8081\"\n\n[api]\n dashboard = true\n insecure = true\n\n# Enable Consul Catalog configuration backend.\n[providers.consulCatalog]\n prefix = \"traefik\"\n exposedByDefault = false\n\n [providers.consulCatalog.endpoint]\n address = \"127.0.0.1:8500\"\n scheme = \"http\"\nEOF\n\n destination = \"local/traefik.toml\"\n }\n\n resources {\n cpu = 100\n memory = 128\n }\n }\n }\n}\n", "json": null, - "modify_index": "1133", - "name": "hello-world", + "modify_index": "1509", + "name": "traefik", "namespace": "default", "policy_override": null, "purge_on_destroy": null, "read_allocation_ids": false, "region": "global", "rerun_if_dead": false, - "status": "pending", + "status": "running", "task_groups": [ { "count": 1, "meta": {}, - "name": "servers", + "name": "traefik", "task": [ { "driver": "docker", "meta": {}, - "name": "web", - "volume_mounts": null + "name": "traefik", + "volume_mounts": [] } ], - "volumes": null + "volumes": [] + } + ], + "timeouts": null, + "type": "service" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0=" + } + ] + }, + { + "mode": "managed", + "type": "nomad_job", + "name": "webapp", + "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "allocation_ids": [], + "datacenters": [ + "*" + ], + "deployment_id": null, + "deployment_status": null, + "deregister_on_destroy": true, + "deregister_on_id_change": true, + "detach": true, + "hcl2": [], + "id": "demo-webapp", + "jobspec": "job \"demo-webapp\" {\n group \"demo\" {\n count = 3\n\n network {\n port \"http\"{\n to = -1\n }\n }\n\n service {\n name = \"demo-webapp\"\n port = \"http\"\n\n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.http.rule=Path(`/myapp`)\",\n ]\n\n check {\n type = \"http\"\n path = \"/\"\n interval = \"2s\"\n timeout = \"2s\"\n }\n }\n\n task \"server\" {\n env {\n PORT = \"${NOMAD_PORT_http}\"\n NODE_IP = \"${NOMAD_IP_http}\"\n }\n\n driver = \"docker\"\n\n config {\n image = \"hashicorp/demo-webapp-lb-guide\"\n ports = [\"http\"]\n }\n }\n }\n}", + "json": null, + "modify_index": "1847", + "name": "demo-webapp", + "namespace": "default", + "policy_override": null, + "purge_on_destroy": null, + "read_allocation_ids": false, + "region": "global", + "rerun_if_dead": false, + "status": "running", + "task_groups": [ + { + "count": 3, + "meta": {}, + "name": "demo", + "task": [ + { + "driver": "docker", + "meta": {}, + "name": "server", + "volume_mounts": [] + } + ], + "volumes": [] } ], "timeouts": null, diff --git a/2-nomad-config/traefik.nomad b/2-nomad-config/traefik.nomad new file mode 100644 index 0000000..4a75af0 --- /dev/null +++ b/2-nomad-config/traefik.nomad @@ -0,0 +1,68 @@ +job "traefik" { + group "traefik" { + network { + port "http" { + static = 8080 + } + + port "api" { + static = 8081 + } + } + + service { + name = "traefik" + + check { + name = "alive" + type = "tcp" + port = "http" + interval = "10s" + timeout = "2s" + } + } + + task "traefik" { + driver = "docker" + + config { + image = "traefik:v3.3" + network_mode = "host" + + volumes = [ + "local/traefik.toml:/etc/traefik/traefik.toml", + ] + } + + template { + data = <