Remove traefik for now as it's not a pack

2023-07-26 22:49:04 +02:00 · 2023-07-26 22:49:04 +02:00 · e01f49a311
parent 85aedb206c
commit e01f49a311
1 changed files with 0 additions and 271 deletions
--- a/packs/traefik/traefik.nomad.hcl
+++ b/packs/traefik/traefik.nomad.hcl
@ -1,271 +0,0 @@
-job "traefik" {
-  datacenters = ["dc1"]
-  namespace   = local.conf.namespace
-
-  group "traefik" {
-    count          = local.conf.traefik_count
-    shutdown_delay = "6s"
-
-    # Un volume NFS est utilisé pour stocker les certificats Let's Encrypt
-    volume "traefik" {
-      type            = "csi"
-      source          = "traefik${local.conf.env_suffix}"
-      attachment_mode = "file-system"
-      access_mode     = "single-node-writer"
-      # Traefik ne permet pas de partager le fichier acme.json entre plusieurs instances
-      # On va donc utiliser un volume séparé pour chaque instance (traefik[0] et traefik[1])
-      per_alloc = true
-    }
-
-    network {
-      mode = "bridge"
-
-      # Traefik utilise un compte non privilégié, et donc ne peut pas binder sur les ports < 1024
-      # On va donc le faire écouter sur les ports 5080 et 5443 et ces ports seronts exposés à l'extérieur sur les ports 80 et 443
-      port "http" {
-        static = 80
-        to     = 5080
-      }
-      port "https" {
-        static = 443
-        to     = 5443
-      }
-      port "syslog" {
-        static = 514
-        to     = 5514
-      }
-      port "metrics" {}
-    }
-
-    service {
-      name = "traefik-sidecar${local.conf.env_suffix}"
-      port = "https"
-      # Pour joindre proxyout et MariaDB via une terminating gateway
-      connect {
-        sidecar_service {
-          proxy {
-            upstreams {
-              destination_name = "proxyout"
-              local_bind_port  = 3128
-            }
-            upstreams {
-              destination_name = "db-mysql"
-              local_bind_port  = 3306
-            }
-          }
-        }
-        sidecar_task {
-          resources {
-            cpu    = local.conf.sidecar_cpu
-            memory = local.conf.sidecar_memory
-          }
-        }
-      }
-    }
-
-    # Définition du service, et des checks
-    service {
-      name = "traefik"
-      port = "https"
-      task = "traefik"
-
-      meta {
-        metrics-port = "${NOMAD_HOST_PORT_metrics}"
-        alloc        = "${NOMAD_ALLOC_INDEX}"
-      }
-
-      check_restart {
-        limit = 3
-        grace = "10s"
-      }
-
-      check {
-        type     = "tcp"
-        port     = "http"
-        interval = "10s"
-        timeout  = "2s"
-      }
-
-      check {
-        type     = "tcp"
-        port     = "https"
-        interval = "10s"
-        timeout  = "2s"
-      }
-
-      # Traefik peut se connecter nativement au service mesh de Consul
-      connect {
-        native = true
-      }
-
-      # On permet de rendre l'API et le dashboard de Traefik accessible via lui même
-      # On on obtient un certificat auprès de Let's Encrypt pour ces vhosts
-      tags = [
-        "traefik.enable=true",
-        "traefik.http.routers.traefik-api.rule=Host(`traefik${env_suffix}.service.${local.conf.ct_domain}`,`${local.conf.tools_vhost}`) && PathPrefix(`/api`,`/traefik`)",
-        "traefik.http.routers.traefik-api.entryPoints=https",
-        "traefik.http.routers.traefik-api.service=api@internal",
-        "traefik.http.routers.traefik-api.tls=true",
-        "traefik.http.routers.traefik-api.tls.certresolver=le",
-
-        "traefik.http.routers.traefik-ping.rule=Host(`traefik${env_suffix}.service.${local.conf.ct_domain}`,`${local.conf.tools_vhost}`) && Path(`/ping`) && Method(`GET`)",
-        "traefik.http.routers.traefik-ping.entryPoints=https",
-        "traefik.http.routers.traefik-ping.service=ping@internal",
-        "traefik.http.routers.traefik-ping.tls=true",
-        "traefik.http.routers.traefik-ping.tls.certresolver=le",
-        "traefik.http.routers.traefik-ping.middlewares=${local.conf.traefik_ping_middlewares}",
-
-        "traefik.http.middlewares.traefik-path.replacepathregex.regex=^/traefik/(.*)",
-        "traefik.http.middlewares.traefik-path.replacepathregex.replacement=/dashboard/$${1}",
-        "traefik.http.routers.traefik-api.middlewares=${local.conf.traefik_api_middlewares},traefik-path",
-      ]
-    }
-
-    task "llng-handler" {
-      driver = "docker"
-      config {
-        image = local.conf.llng_handler_image
-        volumes = [
-          "secrets/lemonldap-ng.ini:/etc/lemonldap-ng/lemonldap-ng.ini:ro",
-        ]
-      }
-      lifecycle {
-        hook    = "prestart"
-        sidecar = true
-      }
-      vault {
-        policies = ["traefik${local.conf.env_suffix}"]
-      }
-      template {
-        data        = file("templates/lemonldap-ng.ini.tpl")
-        destination = "secrets/lemonldap-ng.ini"
-        perms       = "0400"
-        uid         = 100048
-        gid         = 100048
-      }
-
-      env {
-        LLNG_DB_USER      = local.conf.llng_db_user
-        LLNG_DB_NAME      = local.conf.llng_db_name
-        LLNG_HANDLER_PORT = local.conf.llng_handler_port
-      }
-      resources {
-        cpu    = local.conf.llng_handler_cpu
-        memory = local.conf.llng_handler_memory
-      }
-    }
-
-    task "metrics-proxy" {
-      driver = "docker"
-      config {
-        image = "oci.ehtrace.com/metrics-proxy:latest"
-      }
-      lifecycle {
-        hook    = "poststart"
-        sidecar = true
-      }
-      vault {
-        policies = ["metrics${local.conf.env_suffix}"]
-      }
-      env {
-        METRICS_URL = "http://localhost:9500/metrics"
-        PKI_PATH    = local.conf.monitoring_vault_pki_path
-      }
-      template {
-        data        = file("../common/templates/metrics/cert.tpl")
-        destination = "secrets/metrics.bundle.pem"
-      }
-      template {
-        data        = file("../common/templates/metrics/ca.tpl")
-        destination = "local/monitoring.ca.pem"
-      }
-      resources {
-        cpu    = 10
-        memory = 12
-      }
-    }
-
-    task "traefik" {
-      driver = "docker"
-
-      # La tâche nécessite une policy vault, qui servira à
-      # - obtenir un token Consul (pour consulter le catalogue)
-      # - obtenir la clé d'API Gandi pour les challenges ACME DNS-01
-      vault {
-        policies = ["traefik${local.conf.env_suffix}"]
-      }
-
-      # On monte le volume NFS sur /storage
-      volume_mount {
-        volume      = "traefik"
-        destination = "/storage"
-      }
-
-      config {
-        image = local.conf.traefik_image
-        volumes = [
-          "local/traefik.yml:/etc/traefik/traefik.yml:ro",
-          "local/plugins:/plugins-storage"
-        ]
-      }
-
-      env {
-        # Les appels à l'API Gandi doivent passer par le proxy sortant
-        HTTPS_PROXY       = "http://localhost:3128"
-        HTTP_PROXY        = "http://localhost:3128"
-        NO_PROXY          = local.conf.traefik_no_proxy
-        LLNG_HANDLER_PORT = local.conf.llng_handler_port
-      }
-
-      # Ce fichier contient la clé d'API de Gandi
-      template {
-        data        = <<-EOF
-          GANDIV5_API_KEY={{ with secret "kv/common/letsencrypt" }}{{ .Data.data.GANDIV5_API_KEY }}{{ end }}
-        EOF
-        destination = "secrets/env"
-        env         = true
-        perms       = "0400"
-        uid         = 100000
-        gid         = 100000
-      }
-
-      # Main traefik configuration
-      template {
-        data        = file("./templates/traefik.yml.tpl")
-        destination = "local/traefik.yml"
-        perms       = "0400"
-        uid         = 100000
-        gid         = 100000
-      }
-
-      # Traefik config is split into several other config files
-      dynamic "template" {
-        for_each = fileset("templates/config/", "*.yml.tpl")
-        content {
-          data          = file("templates/config/${template.value}")
-          destination   = "secrets/config/${replace(template.value, ".tpl", "")}"
-          perms         = "0400"
-          uid           = 100000
-          gid           = 100000
-          change_mode   = "signal"
-          change_signal = "SIGHUP"
-        }
-      }
-
-      resources {
-        cpu    = local.conf.traefik_cpu
-        memory = local.conf.traefik_memory
-      }
-    }
-  }
-}
-
-variable "env" {
-  type = string
-}
-locals {
-  defaults   = yamldecode(file("vars/defaults.yml"))
-  global_env = yamldecode(fileexists("../common/vars/${var.env}.yml") ? file("../common/vars/${var.env}.yml") : "a: b")
-  job_env    = yamldecode(fileexists("vars/${var.env}.yml") ? file("vars/${var.env}.yml") : "a: b")
-  conf       = merge(local.defaults, local.global_env, local.job_env)
-}