2023-10-08 16:24:28 +02:00
|
|
|
[[ $c := merge .democratic_csi.controller . -]]
|
2023-08-21 20:16:35 +02:00
|
|
|
|
2023-10-08 16:24:28 +02:00
|
|
|
job "[[ .democratic_csi.instance ]]-controller" {
|
|
|
|
|
2023-12-15 15:08:02 +01:00
|
|
|
[[- template "common/job_start" $c ]]
|
2023-08-21 20:16:35 +02:00
|
|
|
|
|
|
|
[[- range $proto := slice "iscsi" "nfs" ]]
|
2023-08-21 22:52:52 +02:00
|
|
|
|
2023-11-10 09:38:51 +01:00
|
|
|
group "[[ $proto ]]-controller" {
|
2023-08-21 20:16:35 +02:00
|
|
|
|
2023-08-21 22:52:52 +02:00
|
|
|
count = [[ $.democratic_csi.controller.count ]]
|
2023-08-21 20:16:35 +02:00
|
|
|
|
2023-12-01 09:57:47 +01:00
|
|
|
restart {
|
|
|
|
interval = "5m"
|
|
|
|
attempts = 30
|
|
|
|
delay = "10s"
|
|
|
|
mode = "delay"
|
|
|
|
}
|
|
|
|
|
2023-08-21 22:52:52 +02:00
|
|
|
task "[[ $proto ]]-controller" {
|
2023-08-21 20:16:35 +02:00
|
|
|
|
2023-10-08 16:24:28 +02:00
|
|
|
driver = [[ $c.nomad.driver | toJSON ]]
|
2023-08-21 20:16:35 +02:00
|
|
|
|
|
|
|
env {
|
|
|
|
NODE_EXTRA_CA_CERTS = "/local/ca.crt"
|
2023-12-15 15:08:02 +01:00
|
|
|
[[ template "common/env" $c.env ]]
|
2023-08-21 20:16:35 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
vault {
|
2023-10-08 16:24:28 +02:00
|
|
|
policies = ["democratic-csi[[ $c.consul.suffix ]]"]
|
2023-08-21 20:16:35 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
config {
|
2023-08-21 22:52:52 +02:00
|
|
|
image = [[ $.democratic_csi.image | toJSON ]]
|
2023-08-21 20:16:35 +02:00
|
|
|
|
|
|
|
args = [
|
|
|
|
"--csi-version=1.5.0",
|
2023-09-03 17:43:31 +02:00
|
|
|
"--csi-name=[[ $.democratic_csi.plugin_id ]].[[ $proto ]]",
|
2023-08-21 20:16:35 +02:00
|
|
|
"--driver-config-file=/secrets/config.yml",
|
|
|
|
"--log-level=info",
|
|
|
|
"--csi-mode=controller",
|
|
|
|
"--server-socket=/csi/csi.sock"
|
|
|
|
]
|
|
|
|
|
|
|
|
network_mode = "host"
|
|
|
|
privileged = true
|
|
|
|
userns_mode = "host"
|
|
|
|
}
|
|
|
|
|
|
|
|
template {
|
|
|
|
data =<<_EOF
|
2023-08-21 22:52:52 +02:00
|
|
|
[[ tmpl.Exec (printf "democratic_csi/%s/controller.yml.tpl" $proto) $ ]]
|
2023-08-21 20:16:35 +02:00
|
|
|
_EOF
|
|
|
|
destination = "secrets/config.yml"
|
|
|
|
}
|
|
|
|
|
|
|
|
# Load vault root CA into the trust store
|
|
|
|
template {
|
|
|
|
data = <<-EOF
|
2023-10-08 16:24:28 +02:00
|
|
|
{{ with secret "[[ $c.consul.suffix ]]pki/root/cert/ca" }}{{ .Data.certificate }}{{ end }}
|
2023-08-21 20:16:35 +02:00
|
|
|
EOF
|
|
|
|
destination = "local/ca.crt"
|
|
|
|
}
|
|
|
|
|
|
|
|
csi_plugin {
|
2023-09-03 17:43:31 +02:00
|
|
|
id = "[[ $.democratic_csi.plugin_id ]].[[ $proto ]]"
|
2023-08-21 20:16:35 +02:00
|
|
|
type = "controller"
|
|
|
|
mount_dir = "/csi"
|
|
|
|
}
|
|
|
|
|
2023-12-15 15:08:02 +01:00
|
|
|
[[ template "common/resources" $.democratic_csi.controller.resources ]]
|
2023-08-21 20:16:35 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
[[- end ]]
|
|
|
|
}
|
|
|
|
|
|
|
|
# vim: syntax=hcl
|