Adapte to use sidecar_service tpl

2023-08-27 22:32:46 +02:00 · 2023-08-27 22:32:46 +02:00 · e0e33e90cb
parent 7361de7b5a
commit e0e33e90cb
4 changed files with 8 additions and 29 deletions
--- a/acme-to-vault.nomad.hcl
+++ b/acme-to-vault.nomad.hcl
@ -13,33 +13,14 @@ job "acme-to-vault" {
      name = "acme-to-vault[[ .env.suffix ]]"
      port = 8787

-      connect {
-        sidecar_service {
-          proxy {
-            [[- if has .proxy "service_name" ]]
-            upstreams {
-              destination_name = "proxyout"
-              local_bind_port  = 3128
-            }
-            [[- end ]]
-            [[- if has .acme.vault "service_name" ]]
-            upstreams {
-              destination_name = [[ .acme.vault.service_name | toJSON ]]
-              local_bind_port  = 8200
-            }
-            [[- end ]]
-          }
-        }
-        sidecar_task {
-[[ template "common/resources.tpl" .envoy ]]
-        }
-      }
+[[ template "common/sidecar_service.tpl" dict "ctx" . "task" .acme ]]

      tags = [
-        "[[ .env.traefik ]].enable=true",
-        "[[ .env.traefik ]].http.routers.acme-to-vault[[ .env.suffix ]].rule=PathPrefix(`/.well-known/acme-challenge/`)",
-        "[[ .env.traefik ]].http.routers.acme-to-vault[[ .env.suffix ]].priority=2000",
-        "[[ .env.traefik ]].http.routers.acme-to-vault[[ .env.suffix ]].entryPoints=[[ join .acme.traefik.entrypoints "," ]]"
+        [[- $traefik := merge .acme.traefik .traefik ]]
+        "[[ .traefik.instance ]].enable=true",
+        "[[ .traefik.instance ]].http.routers.acme-to-vault[[ .env.suffix ]].rule=PathPrefix(`/.well-known/acme-challenge/`)",
+        "[[ .traefik.instance ]].http.routers.acme-to-vault[[ .env.suffix ]].priority=2000",
+        "[[ .traefik.instance ]].http.routers.acme-to-vault[[ .env.suffix ]].entryPoints=[[ join $traefik.entrypoints "," ]]"
      ]
    }

--- a/consul/config/service-intentions/acme-to-vault.hcl
+++ b/consul/config/service-intentions/acme-to-vault.hcl
@ -2,7 +2,7 @@ Kind = "service-intentions"
 Name = "acme-to-vault[[ .env.suffix ]]"
 Sources = [
  {
-    Name = "[[ .env.traefik ]]"
+    Name = "[[ .traefik.instance ]]"
    Permissions = [
      {
        Action = "allow"
--- a/deps/common
+++ b/deps/common
@ -1 +1 @@
-Subproject commit 9771ed3768f99c8ded685733867b877490ec77e8
+Subproject commit ac730df65c70e71daf5a04e701b71abbc3c064ee
--- a/variables.yml
+++ b/variables.yml
@ -19,8 +19,6 @@ acme:
  # Vault related settings
  vault:
    addr: http://localhost:8200
-    # If you define service_name, then the addr will be ignored, and vault access will be done through the service mesh
-    # service_name: vault-mesh

    # The root in the KV store where the ACME account key and metadata will be stored
    kv_account_root: kv/service/acme-to-vault/account