Adapte to use sidecar_service tpl
This commit is contained in:
parent
7361de7b5a
commit
e0e33e90cb
|
@ -13,33 +13,14 @@ job "acme-to-vault" {
|
||||||
name = "acme-to-vault[[ .env.suffix ]]"
|
name = "acme-to-vault[[ .env.suffix ]]"
|
||||||
port = 8787
|
port = 8787
|
||||||
|
|
||||||
connect {
|
[[ template "common/sidecar_service.tpl" dict "ctx" . "task" .acme ]]
|
||||||
sidecar_service {
|
|
||||||
proxy {
|
|
||||||
[[- if has .proxy "service_name" ]]
|
|
||||||
upstreams {
|
|
||||||
destination_name = "proxyout"
|
|
||||||
local_bind_port = 3128
|
|
||||||
}
|
|
||||||
[[- end ]]
|
|
||||||
[[- if has .acme.vault "service_name" ]]
|
|
||||||
upstreams {
|
|
||||||
destination_name = [[ .acme.vault.service_name | toJSON ]]
|
|
||||||
local_bind_port = 8200
|
|
||||||
}
|
|
||||||
[[- end ]]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
sidecar_task {
|
|
||||||
[[ template "common/resources.tpl" .envoy ]]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
tags = [
|
tags = [
|
||||||
"[[ .env.traefik ]].enable=true",
|
[[- $traefik := merge .acme.traefik .traefik ]]
|
||||||
"[[ .env.traefik ]].http.routers.acme-to-vault[[ .env.suffix ]].rule=PathPrefix(`/.well-known/acme-challenge/`)",
|
"[[ .traefik.instance ]].enable=true",
|
||||||
"[[ .env.traefik ]].http.routers.acme-to-vault[[ .env.suffix ]].priority=2000",
|
"[[ .traefik.instance ]].http.routers.acme-to-vault[[ .env.suffix ]].rule=PathPrefix(`/.well-known/acme-challenge/`)",
|
||||||
"[[ .env.traefik ]].http.routers.acme-to-vault[[ .env.suffix ]].entryPoints=[[ join .acme.traefik.entrypoints "," ]]"
|
"[[ .traefik.instance ]].http.routers.acme-to-vault[[ .env.suffix ]].priority=2000",
|
||||||
|
"[[ .traefik.instance ]].http.routers.acme-to-vault[[ .env.suffix ]].entryPoints=[[ join $traefik.entrypoints "," ]]"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -2,7 +2,7 @@ Kind = "service-intentions"
|
||||||
Name = "acme-to-vault[[ .env.suffix ]]"
|
Name = "acme-to-vault[[ .env.suffix ]]"
|
||||||
Sources = [
|
Sources = [
|
||||||
{
|
{
|
||||||
Name = "[[ .env.traefik ]]"
|
Name = "[[ .traefik.instance ]]"
|
||||||
Permissions = [
|
Permissions = [
|
||||||
{
|
{
|
||||||
Action = "allow"
|
Action = "allow"
|
||||||
|
|
2
deps/common
vendored
2
deps/common
vendored
|
@ -1 +1 @@
|
||||||
Subproject commit 9771ed3768f99c8ded685733867b877490ec77e8
|
Subproject commit ac730df65c70e71daf5a04e701b71abbc3c064ee
|
|
@ -19,8 +19,6 @@ acme:
|
||||||
# Vault related settings
|
# Vault related settings
|
||||||
vault:
|
vault:
|
||||||
addr: http://localhost:8200
|
addr: http://localhost:8200
|
||||||
# If you define service_name, then the addr will be ignored, and vault access will be done through the service mesh
|
|
||||||
# service_name: vault-mesh
|
|
||||||
|
|
||||||
# The root in the KV store where the ACME account key and metadata will be stored
|
# The root in the KV store where the ACME account key and metadata will be stored
|
||||||
kv_account_root: kv/service/acme-to-vault/account
|
kv_account_root: kv/service/acme-to-vault/account
|
||||||
|
|
Loading…
Reference in New Issue
Block a user