Adapte to use sidecar_service tpl
This commit is contained in:
parent
7361de7b5a
commit
e0e33e90cb
|
@ -13,33 +13,14 @@ job "acme-to-vault" {
|
|||
name = "acme-to-vault[[ .env.suffix ]]"
|
||||
port = 8787
|
||||
|
||||
connect {
|
||||
sidecar_service {
|
||||
proxy {
|
||||
[[- if has .proxy "service_name" ]]
|
||||
upstreams {
|
||||
destination_name = "proxyout"
|
||||
local_bind_port = 3128
|
||||
}
|
||||
[[- end ]]
|
||||
[[- if has .acme.vault "service_name" ]]
|
||||
upstreams {
|
||||
destination_name = [[ .acme.vault.service_name | toJSON ]]
|
||||
local_bind_port = 8200
|
||||
}
|
||||
[[- end ]]
|
||||
}
|
||||
}
|
||||
sidecar_task {
|
||||
[[ template "common/resources.tpl" .envoy ]]
|
||||
}
|
||||
}
|
||||
[[ template "common/sidecar_service.tpl" dict "ctx" . "task" .acme ]]
|
||||
|
||||
tags = [
|
||||
"[[ .env.traefik ]].enable=true",
|
||||
"[[ .env.traefik ]].http.routers.acme-to-vault[[ .env.suffix ]].rule=PathPrefix(`/.well-known/acme-challenge/`)",
|
||||
"[[ .env.traefik ]].http.routers.acme-to-vault[[ .env.suffix ]].priority=2000",
|
||||
"[[ .env.traefik ]].http.routers.acme-to-vault[[ .env.suffix ]].entryPoints=[[ join .acme.traefik.entrypoints "," ]]"
|
||||
[[- $traefik := merge .acme.traefik .traefik ]]
|
||||
"[[ .traefik.instance ]].enable=true",
|
||||
"[[ .traefik.instance ]].http.routers.acme-to-vault[[ .env.suffix ]].rule=PathPrefix(`/.well-known/acme-challenge/`)",
|
||||
"[[ .traefik.instance ]].http.routers.acme-to-vault[[ .env.suffix ]].priority=2000",
|
||||
"[[ .traefik.instance ]].http.routers.acme-to-vault[[ .env.suffix ]].entryPoints=[[ join $traefik.entrypoints "," ]]"
|
||||
]
|
||||
}
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@ Kind = "service-intentions"
|
|||
Name = "acme-to-vault[[ .env.suffix ]]"
|
||||
Sources = [
|
||||
{
|
||||
Name = "[[ .env.traefik ]]"
|
||||
Name = "[[ .traefik.instance ]]"
|
||||
Permissions = [
|
||||
{
|
||||
Action = "allow"
|
||||
|
|
|
@ -1 +1 @@
|
|||
Subproject commit 9771ed3768f99c8ded685733867b877490ec77e8
|
||||
Subproject commit ac730df65c70e71daf5a04e701b71abbc3c064ee
|
|
@ -19,8 +19,6 @@ acme:
|
|||
# Vault related settings
|
||||
vault:
|
||||
addr: http://localhost:8200
|
||||
# If you define service_name, then the addr will be ignored, and vault access will be done through the service mesh
|
||||
# service_name: vault-mesh
|
||||
|
||||
# The root in the KV store where the ACME account key and metadata will be stored
|
||||
kv_account_root: kv/service/acme-to-vault/account
|
||||
|
|
Loading…
Reference in New Issue