82 lines
2.3 KiB
HCL
82 lines
2.3 KiB
HCL
[[- /* vim: syntax=hcl
|
|
This is a pgbouncer instance, designed to run as a sidecar with every application
|
|
needing postgres access. */ -]]
|
|
|
|
[[- if eq .postgres.pooler.engine "pgbouncer" ]]
|
|
task "pgbouncer" {
|
|
driver = "[[ .nomad.driver ]]"
|
|
user = 6432
|
|
|
|
lifecycle {
|
|
hook = "prestart"
|
|
sidecar = true
|
|
}
|
|
|
|
config {
|
|
image = "[[ .docker.repo ]][[ .docker.base_images.pgbouncer.image ]]"
|
|
pids_limit = 100
|
|
readonly_rootfs = true
|
|
command = "pgbouncer"
|
|
args = ["/secrets/pgbouncer.ini"]
|
|
}
|
|
|
|
[[ template "common/vault.policies" . ]]
|
|
|
|
template {
|
|
data =<<_EOT
|
|
[pgbouncer]
|
|
listen_addr = 127.0.0.1
|
|
listen_port = [[ .postgres.pooler.port ]]
|
|
unix_socket_dir =
|
|
pool_mode = [[ .postgres.pooler.mode ]]
|
|
auth_type = scram-sha-256
|
|
auth_file = /secrets/pgbouncer.users
|
|
ignore_startup_parameters = extra_float_digits
|
|
[[- if ne .postgres.pooler.mode "session" ]]
|
|
max_prepared_statements = 200
|
|
[[- end ]]
|
|
client_tls_sslmode = disable
|
|
[[- if regexp.Match "^(127\\.0\\.0\\.1|localhost)$" .postgres.host ]]
|
|
server_tls_sslmode = disable
|
|
[[- end ]]
|
|
|
|
[databases]
|
|
[[ $databases := coll.Slice ]]
|
|
[[- if has .postgres "database" -]]
|
|
[[- if isKind "slice" .postgres.database ]]
|
|
[[- $databases = .postgres.database ]]
|
|
[[- else if isKind "string" .postgres.database ]]
|
|
[[- $databases = coll.Slice .postgres.database ]]
|
|
[[- end ]]
|
|
[[- else ]]
|
|
[[- $databases = coll.Slice .instance ]]
|
|
[[- end ]]
|
|
[[- range $idx, $db := $databases ]]
|
|
[[ $db ]] = host=[[ $.postgres.host ]] port=[[ $.postgres.port ]] user=[[ $.postgres.user ]] password=[[ $.postgres.password ]]
|
|
[[- end ]]
|
|
_EOT
|
|
destination = "secrets/pgbouncer.ini"
|
|
uid = 106432
|
|
gid = 100000
|
|
perms = 400
|
|
change_mode = "signal"
|
|
change_signal = "SIGHUP"
|
|
}
|
|
|
|
template {
|
|
data =<<_EOT
|
|
"[[ .postgres.pooler.local_user ]]" "[[ .postgres.pooler.local_password ]]"
|
|
_EOT
|
|
destination = "secrets/pgbouncer.users"
|
|
uid = 106432
|
|
gid = 100000
|
|
perms = 400
|
|
change_mode = "signal"
|
|
change_signal = "SIGHUP"
|
|
}
|
|
|
|
[[ template "common/resources" .postgres.pooler.resources ]]
|
|
}
|
|
|
|
[[- end -]]
|