othrayte/infra
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

Setup some example apps behing traefik

Browse Source
This commit is contained in:
Adrian Cowan
2025-04-25 21:27:31 +10:00
parent 793d77dce9
commit bdacd1d6a3
9 changed files with 435 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
1-nixos-node/configuration.nix
View File

@@ -38,6 +38,7 @@
enableDocker = true; enableDocker = true;
dropPrivileges = false; dropPrivileges = false;
settings = { settings = {
datacenter = "jaglan-beta";
server = { server = {
enabled = true; enabled = true;
bootstrap_expect = 1; bootstrap_expect = 1;
@@ -47,6 +48,18 @@
}; };
}; };
}; };
consul = {
enable = true;
webUi = true;
interface.bind = "tailscale0"; # Bind to the Tailscale interface
interface.advertise = "tailscale0"; # Advertise the Tailscale interface
extraConfig = {
bootstrap_expect = 1;
server = true;
client_addr = "127.0.0.1 100.79.223.55";
datacenter = "jaglan-beta";
};
};
openssh = { openssh = {
enable = true; enable = true;
settings.PermitRootLogin = "yes"; settings.PermitRootLogin = "yes";

6
1-nixos-node/terraform.tfstate
View File

@@ -1,7 +1,7 @@
{ {
"version": 4, "version": 4,
"terraform_version": "1.11.4", "terraform_version": "1.11.4",
"serial": 19, "serial": 58,
"lineage": "db7dcf21-a255-0ec4-c8b8-d4a7559b3768", "lineage": "db7dcf21-a255-0ec4-c8b8-d4a7559b3768",
"outputs": {}, "outputs": {},
"resources": [ "resources": [
@@ -14,9 +14,9 @@
{ {
"schema_version": 0, "schema_version": 0,
"attributes": { "attributes": {
"id": "2789544025373353248", "id": "4356981667558216389",
"triggers": { "triggers": {
"configuration_content": "{ config, lib, pkgs, ... }:\n{\n imports =\n [ # Include the results of the hardware scan.\n ./hardware-configuration.nix\n ];\n\n nixpkgs.config.allowUnfree = true;\n\n # Use the systemd-boot EFI boot loader.\n boot.loader.systemd-boot.enable = true;\n boot.loader.efi.canTouchEfiVariables = true;\n\n networking.hostName = \"jaglan-beta-m01\"; # Define your hostname.\n\n time.timeZone = \"Australia/Melbourne\";\n\n # List packages installed in system profile. To search, run:\n # $ nix search wget\n # environment.systemPackages = with pkgs; [\n # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.\n # wget\n # ];\n\n # Some programs need SUID wrappers, can be configured further or are\n # started in user sessions.\n # programs.mtr.enable = true;\n # programs.gnupg.agent = {\n # enable = true;\n # enableSSHSupport = true;\n # };\n\n # List services that you want to enable:\n services = {\n tailscale.enable = true;\n nomad = {\n enable = true;\n enableDocker = true;\n dropPrivileges = false;\n settings = {\n server = {\n enabled = true;\n bootstrap_expect = 1;\n };\n client = {\n enabled = true;\n };\n };\n };\n openssh = {\n enable = true;\n settings.PermitRootLogin = \"yes\";\n };\n };\n\n # Fix issue where nomad needs alloc_mounts to be writable\n systemd.tmpfiles.rules = [\n \"d /var/lib/alloc_mounts 0755 root root -\"\n ];\n\n # Open ports in the firewall. 464X are the default ports for Nomad.\n networking.firewall.allowedTCPPorts = [ 4646 4647 4648 ];\n\n # Copy the NixOS configuration file and link it from the resulting system\n # (/run/current-system/configuration.nix). This is useful in case you\n # accidentally delete configuration.nix.\n system.copySystemConfiguration = true;\n\n # Defines the initial NixOS version for compatibility with older application data.\n # Do NOT change this value after installation without careful consideration.\n system.stateVersion = \"24.11\"; # Did you read the comment?\n}\n" "configuration_content": "{ config, lib, pkgs, ... }:\n{\n imports =\n [ # Include the results of the hardware scan.\n ./hardware-configuration.nix\n ];\n\n nixpkgs.config.allowUnfree = true;\n\n # Use the systemd-boot EFI boot loader.\n boot.loader.systemd-boot.enable = true;\n boot.loader.efi.canTouchEfiVariables = true;\n\n networking.hostName = \"jaglan-beta-m01\"; # Define your hostname.\n\n time.timeZone = \"Australia/Melbourne\";\n\n # List packages installed in system profile. To search, run:\n # $ nix search wget\n # environment.systemPackages = with pkgs; [\n # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.\n # wget\n # ];\n\n # Some programs need SUID wrappers, can be configured further or are\n # started in user sessions.\n # programs.mtr.enable = true;\n # programs.gnupg.agent = {\n # enable = true;\n # enableSSHSupport = true;\n # };\n\n # List services that you want to enable:\n services = {\n tailscale.enable = true;\n nomad = {\n enable = true;\n enableDocker = true;\n dropPrivileges = false;\n settings = {\n datacenter = \"jaglan-beta\";\n server = {\n enabled = true;\n bootstrap_expect = 1;\n };\n client = {\n enabled = true;\n };\n };\n };\n consul = {\n enable = true;\n webUi = true;\n interface.bind = \"tailscale0\"; # Bind to the Tailscale interface\n interface.advertise = \"tailscale0\"; # Advertise the Tailscale interface\n extraConfig = {\n bootstrap_expect = 1;\n server = true;\n client_addr = \"127.0.0.1 100.79.223.55\";\n datacenter = \"jaglan-beta\";\n };\n };\n openssh = {\n enable = true;\n settings.PermitRootLogin = \"yes\";\n };\n };\n\n # Fix issue where nomad needs alloc_mounts to be writable\n systemd.tmpfiles.rules = [\n \"d /var/lib/alloc_mounts 0755 root root -\"\n ];\n\n # Open ports in the firewall. 464X are the default ports for Nomad.\n networking.firewall.allowedTCPPorts = [ 4646 4647 4648 ];\n\n # Copy the NixOS configuration file and link it from the resulting system\n # (/run/current-system/configuration.nix). This is useful in case you\n # accidentally delete configuration.nix.\n system.copySystemConfiguration = true;\n\n # Defines the initial NixOS version for compatibility with older application data.\n # Do NOT change this value after installation without careful consideration.\n system.stateVersion = \"24.11\"; # Did you read the comment?\n}\n"
} }
}, },
"sensitive_attributes": [] "sensitive_attributes": []

6
1-nixos-node/terraform.tfstate.backup
View File

@@ -1,7 +1,7 @@
{ {
"version": 4, "version": 4,
"terraform_version": "1.11.4", "terraform_version": "1.11.4",
"serial": 16, "serial": 55,
"lineage": "db7dcf21-a255-0ec4-c8b8-d4a7559b3768", "lineage": "db7dcf21-a255-0ec4-c8b8-d4a7559b3768",
"outputs": {}, "outputs": {},
"resources": [ "resources": [
@@ -14,9 +14,9 @@
{ {
"schema_version": 0, "schema_version": 0,
"attributes": { "attributes": {
"id": "3103386327037898205", "id": "971598338822699043",
"triggers": { "triggers": {
"configuration_content": "{ config, lib, pkgs, ... }:\n{\n imports =\n [ # Include the results of the hardware scan.\n ./hardware-configuration.nix\n ];\n\n nixpkgs.config.allowUnfree = true;\n\n # Use the systemd-boot EFI boot loader.\n boot.loader.systemd-boot.enable = true;\n boot.loader.efi.canTouchEfiVariables = true;\n\n networking.hostName = \"jaglan-beta-m01\"; # Define your hostname.\n\n time.timeZone = \"Australia/Melbourne\";\n\n # List packages installed in system profile. To search, run:\n # $ nix search wget\n # environment.systemPackages = with pkgs; [\n # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.\n # wget\n # ];\n\n # Some programs need SUID wrappers, can be configured further or are\n # started in user sessions.\n # programs.mtr.enable = true;\n # programs.gnupg.agent = {\n # enable = true;\n # enableSSHSupport = true;\n # };\n\n # List services that you want to enable:\n\n services.tailscale.enable = true;\n services.nomad = {\n enable = true;\n enableDocker = true;\n dropPrivileges = false;\n settings = {\n server = {\n enabled = true;\n bootstrap_expect = 1;\n };\n client = {\n enabled = true;\n };\n };\n };\n # Fix issue where nomad needs alloc_mounts to be writable\n systemd.tmpfiles.rules = [\n \"d /var/lib/alloc_mounts 0755 root root -\"\n ];\n\n # Enable the OpenSSH daemon.\n services.openssh.enable = true;\n services.openssh.settings.PermitRootLogin = \"yes\";\n\n # Open ports in the firewall. 464X are the default ports for Nomad.\n networking.firewall.allowedTCPPorts = [ 4646 4647 4648 ];\n\n # Copy the NixOS configuration file and link it from the resulting system\n # (/run/current-system/configuration.nix). This is useful in case you\n # accidentally delete configuration.nix.\n system.copySystemConfiguration = true;\n\n # Defines the initial NixOS version for compatibility with older application data.\n # Do NOT change this value after installation without careful consideration.\n system.stateVersion = \"24.11\"; # Did you read the comment?\n}\n" "configuration_content": "{ config, lib, pkgs, ... }:\n{\n imports =\n [ # Include the results of the hardware scan.\n ./hardware-configuration.nix\n ];\n\n nixpkgs.config.allowUnfree = true;\n\n # Use the systemd-boot EFI boot loader.\n boot.loader.systemd-boot.enable = true;\n boot.loader.efi.canTouchEfiVariables = true;\n\n networking.hostName = \"jaglan-beta-m01\"; # Define your hostname.\n\n time.timeZone = \"Australia/Melbourne\";\n\n # List packages installed in system profile. To search, run:\n # $ nix search wget\n # environment.systemPackages = with pkgs; [\n # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.\n # wget\n # ];\n\n # Some programs need SUID wrappers, can be configured further or are\n # started in user sessions.\n # programs.mtr.enable = true;\n # programs.gnupg.agent = {\n # enable = true;\n # enableSSHSupport = true;\n # };\n\n # List services that you want to enable:\n services = {\n tailscale.enable = true;\n nomad = {\n enable = true;\n enableDocker = true;\n dropPrivileges = false;\n settings = {\n datacenter = \"jaglan-beta\";\n server = {\n enabled = true;\n bootstrap_expect = 1;\n };\n client = {\n enabled = true;\n };\n };\n };\n consul = {\n enable = true;\n webUi = true;\n interface.bind = \"tailscale0\"; # Bind to the Tailscale interface\n interface.advertise = \"tailscale0\"; # Advertise the Tailscale interface\n extraConfig = {\n bootstrap_expect = 1;\n server = true;\n client_addr = \"100.79.223.55\";\n datacenter = \"jaglan-beta\";\n };\n };\n openssh = {\n enable = true;\n settings.PermitRootLogin = \"yes\";\n };\n };\n\n # Fix issue where nomad needs alloc_mounts to be writable\n systemd.tmpfiles.rules = [\n \"d /var/lib/alloc_mounts 0755 root root -\"\n ];\n\n # Open ports in the firewall. 464X are the default ports for Nomad.\n networking.firewall.allowedTCPPorts = [ 4646 4647 4648 ];\n\n # Copy the NixOS configuration file and link it from the resulting system\n # (/run/current-system/configuration.nix). This is useful in case you\n # accidentally delete configuration.nix.\n system.copySystemConfiguration = true;\n\n # Defines the initial NixOS version for compatibility with older application data.\n # Do NOT change this value after installation without careful consideration.\n system.stateVersion = \"24.11\"; # Did you read the comment?\n}\n"
} }
}, },
"sensitive_attributes": [] "sensitive_attributes": []

63
2-nomad-config/hello-world.nomad Normal file
View File

@@ -0,0 +1,63 @@
job "hello-world" {
group "servers" {
network {
port "www" {
to = -1
}
}
service {
name = "hello-world"
port = "www"
tags = [
"traefik.enable=true",
"traefik.http.routers.hello.rule=PathPrefix(`/hello`)",
"traefik.http.middlewares.strip-hello.stripPrefix.prefixes=/hello",
"traefik.http.routers.hello.middlewares=strip-hello",
]
check {
name = "alive"
type = "tcp"
port = "www"
interval = "10s"
timeout = "2s"
}
}
# Tasks are individual units of work that are run by Nomad.
task "web" {
# This particular task starts a simple web server within a Docker container
driver = "docker"
config {
image = "busybox:1"
command = "httpd"
args = ["-v", "-f", "-p", "${NOMAD_PORT_www}", "-h", "/local"]
ports = ["www"]
}
template {
data = <<-EOF
<h1>Hello, Nomad!</h1>
<ul>
<li>Task: {{env "NOMAD_TASK_NAME"}}</li>
<li>Group: {{env "NOMAD_GROUP_NAME"}}</li>
<li>Job: {{env "NOMAD_JOB_NAME"}}</li>
<li>Metadata value for foo: {{env "NOMAD_META_foo"}}</li>
<li>Currently running on port: {{env "NOMAD_PORT_www"}}</li>
</ul>
EOF
destination = "local/index.html"
}
# Specify the maximum resources required to run the task
resources {
cpu = 50
memory = 64
}
}
}
}

61
2-nomad-config/services.tf
View File

@@ -3,55 +3,14 @@ provider "nomad" {
address = "http://jaglan-beta-m01:4646" address = "http://jaglan-beta-m01:4646"
} }
# Define a Nomad job for a Hello World service resource "nomad_job" "hello_world" {
resource "nomad_job" "app" { jobspec = file("hello-world.nomad")
jobspec = <<EOT }
job "hello-world" {
group "servers" { resource "nomad_job" "traefik" {
network { jobspec = file("traefik.nomad")
port "www" { }
to = 8002
} resource "nomad_job" "webapp" {
} jobspec = file("webapp.nomad")
service {
provider = "nomad"
port = "www"
}
# Tasks are individual units of work that are run by Nomad.
task "web" {
# This particular task starts a simple web server within a Docker container
driver = "docker"
config {
image = "busybox:1"
command = "httpd"
args = ["-v", "-f", "-p", "$${NOMAD_PORT_www}", "-h", "/local"]
ports = ["www"]
}
template {
data = <<-EOF
<h1>Hello, Nomad!</h1>
<ul>
<li>Task: {{env "NOMAD_TASK_NAME"}}</li>
<li>Group: {{env "NOMAD_GROUP_NAME"}}</li>
<li>Job: {{env "NOMAD_JOB_NAME"}}</li>
<li>Metadata value for foo: {{env "NOMAD_META_foo"}}</li>
<li>Currently running on port: {{env "NOMAD_PORT_www"}}</li>
</ul>
EOF
destination = "local/index.html"
}
# Specify the maximum resources required to run the task
resources {
cpu = 50
memory = 64
}
}
}
} }
EOT
}

118
2-nomad-config/terraform.tfstate
View File

@@ -1,14 +1,14 @@
{ {
"version": 4, "version": 4,
"terraform_version": "1.11.4", "terraform_version": "1.11.4",
"serial": 13, "serial": 84,
"lineage": "15e0900c-88bc-9754-4600-e3977d018ba0", "lineage": "15e0900c-88bc-9754-4600-e3977d018ba0",
"outputs": {}, "outputs": {},
"resources": [ "resources": [
{ {
"mode": "managed", "mode": "managed",
"type": "nomad_job", "type": "nomad_job",
"name": "app", "name": "hello_world",
"provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]",
"instances": [ "instances": [
{ {
@@ -23,9 +23,9 @@
"detach": true, "detach": true,
"hcl2": [], "hcl2": [],
"id": "hello-world", "id": "hello-world",
"jobspec": "job \"hello-world\" {\n group \"servers\" {\n network {\n port \"www\" {\n to = 8002\n }\n }\n\n service {\n provider = \"nomad\"\n port = \"www\"\n }\n\n # Tasks are individual units of work that are run by Nomad.\n task \"web\" {\n # This particular task starts a simple web server within a Docker container\n driver = \"docker\"\n\n config {\n image = \"busybox:1\"\n command = \"httpd\"\n args = [\"-v\", \"-f\", \"-p\", \"${NOMAD_PORT_www}\", \"-h\", \"/local\"]\n ports = [\"www\"]\n }\n\n template {\n data = \u003c\u003c-EOF\n \u003ch1\u003eHello, Nomad!\u003c/h1\u003e\n \u003cul\u003e\n \u003cli\u003eTask: {{env \"NOMAD_TASK_NAME\"}}\u003c/li\u003e\n \u003cli\u003eGroup: {{env \"NOMAD_GROUP_NAME\"}}\u003c/li\u003e\n \u003cli\u003eJob: {{env \"NOMAD_JOB_NAME\"}}\u003c/li\u003e\n \u003cli\u003eMetadata value for foo: {{env \"NOMAD_META_foo\"}}\u003c/li\u003e\n \u003cli\u003eCurrently running on port: {{env \"NOMAD_PORT_www\"}}\u003c/li\u003e\n \u003c/ul\u003e\n EOF\n destination = \"local/index.html\"\n }\n\n # Specify the maximum resources required to run the task\n resources {\n cpu = 50\n memory = 64\n }\n }\n }\n}\n", "jobspec": "job \"hello-world\" {\n group \"servers\" {\n network {\n port \"www\" {\n to = -1\n }\n }\n\n service {\n name = \"hello-world\"\n port = \"www\"\n \n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.hello.rule=PathPrefix(`/hello`)\",\n \"traefik.http.middlewares.strip-hello.stripPrefix.prefixes=/hello\",\n \"traefik.http.routers.hello.middlewares=strip-hello\",\n ]\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"www\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n \n\n # Tasks are individual units of work that are run by Nomad.\n task \"web\" {\n # This particular task starts a simple web server within a Docker container\n driver = \"docker\"\n\n config {\n image = \"busybox:1\"\n command = \"httpd\"\n args = [\"-v\", \"-f\", \"-p\", \"${NOMAD_PORT_www}\", \"-h\", \"/local\"]\n ports = [\"www\"]\n }\n\n template {\n data = \u003c\u003c-EOF\n \u003ch1\u003eHello, Nomad!\u003c/h1\u003e\n \u003cul\u003e\n \u003cli\u003eTask: {{env \"NOMAD_TASK_NAME\"}}\u003c/li\u003e\n \u003cli\u003eGroup: {{env \"NOMAD_GROUP_NAME\"}}\u003c/li\u003e\n \u003cli\u003eJob: {{env \"NOMAD_JOB_NAME\"}}\u003c/li\u003e\n \u003cli\u003eMetadata value for foo: {{env \"NOMAD_META_foo\"}}\u003c/li\u003e\n \u003cli\u003eCurrently running on port: {{env \"NOMAD_PORT_www\"}}\u003c/li\u003e\n \u003c/ul\u003e\n EOF\n destination = \"local/index.html\"\n }\n\n # Specify the maximum resources required to run the task\n resources {\n cpu = 50\n memory = 64\n }\n }\n }\n}",
"json": null, "json": null,
"modify_index": "1144", "modify_index": "1989",
"name": "hello-world", "name": "hello-world",
"namespace": "default", "namespace": "default",
"policy_override": null, "policy_override": null,
@@ -57,6 +57,116 @@
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0=" "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0="
} }
] ]
},
{
"mode": "managed",
"type": "nomad_job",
"name": "traefik",
"provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"allocation_ids": [],
"datacenters": [
"*"
],
"deployment_id": null,
"deployment_status": null,
"deregister_on_destroy": true,
"deregister_on_id_change": true,
"detach": true,
"hcl2": [],
"id": "traefik",
"jobspec": "job \"traefik\" {\n group \"traefik\" {\n network {\n port \"http\" {\n static = 8080\n }\n\n port \"api\" {\n static = 8081\n }\n }\n\n service {\n name = \"traefik\"\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"http\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n task \"traefik\" {\n driver = \"docker\"\n\n config {\n image = \"traefik:v3.3\"\n network_mode = \"host\"\n\n volumes = [\n \"local/traefik.toml:/etc/traefik/traefik.toml\",\n ]\n }\n\n template {\n data = \u003c\u003cEOF\n[entryPoints]\n [entryPoints.http]\n address = \":8080\"\n [entryPoints.traefik]\n address = \":8081\"\n\n[api]\n dashboard = true\n insecure = true\n\n# Enable Consul Catalog configuration backend.\n[providers.consulCatalog]\n prefix = \"traefik\"\n exposedByDefault = false\n\n [providers.consulCatalog.endpoint]\n address = \"127.0.0.1:8500\"\n scheme = \"http\"\nEOF\n\n destination = \"local/traefik.toml\"\n }\n\n resources {\n cpu = 100\n memory = 128\n }\n }\n }\n}\n",
"json": null,
"modify_index": "1509",
"name": "traefik",
"namespace": "default",
"policy_override": null,
"purge_on_destroy": null,
"read_allocation_ids": false,
"region": "global",
"rerun_if_dead": false,
"status": "running",
"task_groups": [
{
"count": 1,
"meta": {},
"name": "traefik",
"task": [
{
"driver": "docker",
"meta": {},
"name": "traefik",
"volume_mounts": []
}
],
"volumes": []
}
],
"timeouts": null,
"type": "service"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0="
}
]
},
{
"mode": "managed",
"type": "nomad_job",
"name": "webapp",
"provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"allocation_ids": [],
"datacenters": [
"*"
],
"deployment_id": null,
"deployment_status": null,
"deregister_on_destroy": true,
"deregister_on_id_change": true,
"detach": true,
"hcl2": [],
"id": "demo-webapp",
"jobspec": "job \"demo-webapp\" {\n group \"demo\" {\n count = 3\n\n network {\n port \"http\"{\n to = -1\n }\n }\n\n service {\n name = \"demo-webapp\"\n port = \"http\"\n\n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.http.rule=Path(`/myapp`)\",\n ]\n\n check {\n type = \"http\"\n path = \"/\"\n interval = \"2s\"\n timeout = \"2s\"\n }\n }\n\n task \"server\" {\n env {\n PORT = \"${NOMAD_PORT_http}\"\n NODE_IP = \"${NOMAD_IP_http}\"\n }\n\n driver = \"docker\"\n\n config {\n image = \"hashicorp/demo-webapp-lb-guide\"\n ports = [\"http\"]\n }\n }\n }\n}",
"json": null,
"modify_index": "1847",
"name": "demo-webapp",
"namespace": "default",
"policy_override": null,
"purge_on_destroy": null,
"read_allocation_ids": false,
"region": "global",
"rerun_if_dead": false,
"status": "running",
"task_groups": [
{
"count": 3,
"meta": {},
"name": "demo",
"task": [
{
"driver": "docker",
"meta": {},
"name": "server",
"volume_mounts": []
}
],
"volumes": []
}
],
"timeouts": null,
"type": "service"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0="
}
]
} }
], ],
"check_results": null "check_results": null

130
2-nomad-config/terraform.tfstate.backup
View File

@@ -1,14 +1,67 @@
{ {
"version": 4, "version": 4,
"terraform_version": "1.11.4", "terraform_version": "1.11.4",
"serial": 11, "serial": 82,
"lineage": "15e0900c-88bc-9754-4600-e3977d018ba0", "lineage": "15e0900c-88bc-9754-4600-e3977d018ba0",
"outputs": {}, "outputs": {},
"resources": [ "resources": [
{ {
"mode": "managed", "mode": "managed",
"type": "nomad_job", "type": "nomad_job",
"name": "app", "name": "hello_world",
"provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"allocation_ids": [],
"datacenters": [],
"deployment_id": null,
"deployment_status": null,
"deregister_on_destroy": true,
"deregister_on_id_change": true,
"detach": true,
"hcl2": [],
"id": "hello-world",
"jobspec": "job \"hello-world\" {\n group \"servers\" {\n network {\n port \"www\" {\n to = -1\n }\n }\n\n service {\n name = \"hello-world\"\n port = \"www\"\n \n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.hello.rule=PathPrefix(`/hello`)\",\n \"traefik.http.middlewares.strip-hello.stripPrefix.prefixes=/hello\",\n \"traefik.http.routers.foo.middlewares=strip-hello\",\n ]\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"www\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n \n\n # Tasks are individual units of work that are run by Nomad.\n task \"web\" {\n # This particular task starts a simple web server within a Docker container\n driver = \"docker\"\n\n config {\n image = \"busybox:1\"\n command = \"httpd\"\n args = [\"-v\", \"-f\", \"-p\", \"${NOMAD_PORT_www}\", \"-h\", \"/local\"]\n ports = [\"www\"]\n }\n\n template {\n data = \u003c\u003c-EOF\n \u003ch1\u003eHello, Nomad!\u003c/h1\u003e\n \u003cul\u003e\n \u003cli\u003eTask: {{env \"NOMAD_TASK_NAME\"}}\u003c/li\u003e\n \u003cli\u003eGroup: {{env \"NOMAD_GROUP_NAME\"}}\u003c/li\u003e\n \u003cli\u003eJob: {{env \"NOMAD_JOB_NAME\"}}\u003c/li\u003e\n \u003cli\u003eMetadata value for foo: {{env \"NOMAD_META_foo\"}}\u003c/li\u003e\n \u003cli\u003eCurrently running on port: {{env \"NOMAD_PORT_www\"}}\u003c/li\u003e\n \u003c/ul\u003e\n EOF\n destination = \"local/index.html\"\n }\n\n # Specify the maximum resources required to run the task\n resources {\n cpu = 50\n memory = 64\n }\n }\n }\n}",
"json": null,
"modify_index": "1981",
"name": "hello-world",
"namespace": "default",
"policy_override": null,
"purge_on_destroy": null,
"read_allocation_ids": false,
"region": "global",
"rerun_if_dead": false,
"status": "running",
"task_groups": [
{
"count": 1,
"meta": {},
"name": "servers",
"task": [
{
"driver": "docker",
"meta": {},
"name": "web",
"volume_mounts": []
}
],
"volumes": []
}
],
"timeouts": null,
"type": "service"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0="
}
]
},
{
"mode": "managed",
"type": "nomad_job",
"name": "traefik",
"provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]", "provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]",
"instances": [ "instances": [
{ {
@@ -24,32 +77,87 @@
"deregister_on_id_change": true, "deregister_on_id_change": true,
"detach": true, "detach": true,
"hcl2": [], "hcl2": [],
"id": "hello-world", "id": "traefik",
"jobspec": "job \"hello-world\" {\n # Specifies the datacenter where this job should be run\n # This can be omitted and it will default to [\"*\"]\n datacenters = [\"*\"]\n\n meta {\n # User-defined key/value pairs that can be used in your jobs.\n # You can also use this meta block within Group and Task levels.\n foo = \"bar\"\n }\n\n # A group defines a series of tasks that should be co-located\n # on the same client (host). All tasks within a group will be\n # placed on the same host.\n group \"servers\" {\n\n # Specifies the number of instances of this group that should be running.\n # Use this to scale or parallelize your job.\n # This can be omitted and it will default to 1.\n count = 1\n\n network {\n port \"www\" {\n to = 8002\n }\n }\n\n service {\n provider = \"nomad\"\n port = \"www\"\n }\n\n # Tasks are individual units of work that are run by Nomad.\n task \"web\" {\n # This particular task starts a simple web server within a Docker container\n driver = \"docker\"\n\n config {\n image = \"busybox:1\"\n command = \"httpd\"\n args = [\"-v\", \"-f\", \"-p\", \"${NOMAD_PORT_www}\", \"-h\", \"/local\"]\n ports = [\"www\"]\n }\n\n template {\n data = \u003c\u003c-EOF\n \u003ch1\u003eHello, Nomad!\u003c/h1\u003e\n \u003cul\u003e\n \u003cli\u003eTask: {{env \"NOMAD_TASK_NAME\"}}\u003c/li\u003e\n \u003cli\u003eGroup: {{env \"NOMAD_GROUP_NAME\"}}\u003c/li\u003e\n \u003cli\u003eJob: {{env \"NOMAD_JOB_NAME\"}}\u003c/li\u003e\n \u003cli\u003eMetadata value for foo: {{env \"NOMAD_META_foo\"}}\u003c/li\u003e\n \u003cli\u003eCurrently running on port: {{env \"NOMAD_PORT_www\"}}\u003c/li\u003e\n \u003c/ul\u003e\n EOF\n destination = \"local/index.html\"\n }\n\n # Specify the maximum resources required to run the task\n resources {\n cpu = 50\n memory = 64\n }\n }\n }\n}\n", "jobspec": "job \"traefik\" {\n group \"traefik\" {\n network {\n port \"http\" {\n static = 8080\n }\n\n port \"api\" {\n static = 8081\n }\n }\n\n service {\n name = \"traefik\"\n\n check {\n name = \"alive\"\n type = \"tcp\"\n port = \"http\"\n interval = \"10s\"\n timeout = \"2s\"\n }\n }\n\n task \"traefik\" {\n driver = \"docker\"\n\n config {\n image = \"traefik:v3.3\"\n network_mode = \"host\"\n\n volumes = [\n \"local/traefik.toml:/etc/traefik/traefik.toml\",\n ]\n }\n\n template {\n data = \u003c\u003cEOF\n[entryPoints]\n [entryPoints.http]\n address = \":8080\"\n [entryPoints.traefik]\n address = \":8081\"\n\n[api]\n dashboard = true\n insecure = true\n\n# Enable Consul Catalog configuration backend.\n[providers.consulCatalog]\n prefix = \"traefik\"\n exposedByDefault = false\n\n [providers.consulCatalog.endpoint]\n address = \"127.0.0.1:8500\"\n scheme = \"http\"\nEOF\n\n destination = \"local/traefik.toml\"\n }\n\n resources {\n cpu = 100\n memory = 128\n }\n }\n }\n}\n",
"json": null, "json": null,
"modify_index": "1133", "modify_index": "1509",
"name": "hello-world", "name": "traefik",
"namespace": "default", "namespace": "default",
"policy_override": null, "policy_override": null,
"purge_on_destroy": null, "purge_on_destroy": null,
"read_allocation_ids": false, "read_allocation_ids": false,
"region": "global", "region": "global",
"rerun_if_dead": false, "rerun_if_dead": false,
"status": "pending", "status": "running",
"task_groups": [ "task_groups": [
{ {
"count": 1, "count": 1,
"meta": {}, "meta": {},
"name": "servers", "name": "traefik",
"task": [ "task": [
{ {
"driver": "docker", "driver": "docker",
"meta": {}, "meta": {},
"name": "web", "name": "traefik",
"volume_mounts": null "volume_mounts": []
} }
], ],
"volumes": null "volumes": []
}
],
"timeouts": null,
"type": "service"
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0="
}
]
},
{
"mode": "managed",
"type": "nomad_job",
"name": "webapp",
"provider": "provider[\"registry.terraform.io/hashicorp/nomad\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"allocation_ids": [],
"datacenters": [
"*"
],
"deployment_id": null,
"deployment_status": null,
"deregister_on_destroy": true,
"deregister_on_id_change": true,
"detach": true,
"hcl2": [],
"id": "demo-webapp",
"jobspec": "job \"demo-webapp\" {\n group \"demo\" {\n count = 3\n\n network {\n port \"http\"{\n to = -1\n }\n }\n\n service {\n name = \"demo-webapp\"\n port = \"http\"\n\n tags = [\n \"traefik.enable=true\",\n \"traefik.http.routers.http.rule=Path(`/myapp`)\",\n ]\n\n check {\n type = \"http\"\n path = \"/\"\n interval = \"2s\"\n timeout = \"2s\"\n }\n }\n\n task \"server\" {\n env {\n PORT = \"${NOMAD_PORT_http}\"\n NODE_IP = \"${NOMAD_IP_http}\"\n }\n\n driver = \"docker\"\n\n config {\n image = \"hashicorp/demo-webapp-lb-guide\"\n ports = [\"http\"]\n }\n }\n }\n}",
"json": null,
"modify_index": "1847",
"name": "demo-webapp",
"namespace": "default",
"policy_override": null,
"purge_on_destroy": null,
"read_allocation_ids": false,
"region": "global",
"rerun_if_dead": false,
"status": "running",
"task_groups": [
{
"count": 3,
"meta": {},
"name": "demo",
"task": [
{
"driver": "docker",
"meta": {},
"name": "server",
"volume_mounts": []
}
],
"volumes": []
} }
], ],
"timeouts": null, "timeouts": null,

68
2-nomad-config/traefik.nomad Normal file
View File

@@ -0,0 +1,68 @@
job "traefik" {
group "traefik" {
network {
port "http" {
static = 8080
}
port "api" {
static = 8081
}
}
service {
name = "traefik"
check {
name = "alive"
type = "tcp"
port = "http"
interval = "10s"
timeout = "2s"
}
}
task "traefik" {
driver = "docker"
config {
image = "traefik:v3.3"
network_mode = "host"
volumes = [
"local/traefik.toml:/etc/traefik/traefik.toml",
]
}
template {
data = <<EOF
[entryPoints]
[entryPoints.http]
address = ":8080"
[entryPoints.traefik]
address = ":8081"
[api]
dashboard = true
insecure = true
# Enable Consul Catalog configuration backend.
[providers.consulCatalog]
prefix = "traefik"
exposedByDefault = false
[providers.consulCatalog.endpoint]
address = "127.0.0.1:8500"
scheme = "http"
EOF
destination = "local/traefik.toml"
}
resources {
cpu = 100
memory = 128
}
}
}
}

42
2-nomad-config/webapp.nomad Normal file
View File

@@ -0,0 +1,42 @@
job "demo-webapp" {
group "demo" {
count = 3
network {
port "http"{
to = -1
}
}
service {
name = "demo-webapp"
port = "http"
tags = [
"traefik.enable=true",
"traefik.http.routers.http.rule=Path(`/myapp`)",
]
check {
type = "http"
path = "/"
interval = "2s"
timeout = "2s"
}
}
task "server" {
env {
PORT = "${NOMAD_PORT_http}"
NODE_IP = "${NOMAD_IP_http}"
}
driver = "docker"
config {
image = "hashicorp/demo-webapp-lb-guide"
ports = ["http"]
}
}
}
}