democratic_csi/controller.nomad.hcl

job "[[ .instance ]]-controller" {

[[ $c := merge .democratic_csi . -]]

[[- template "common/job_start" $c ]]

[[- range $proto := coll.Slice "iscsi" "nfs" ]]

  group "[[ $proto ]]-controller" {

[[ $c := merge $c.controller $c ]]

    count = [[ $c.count ]]

[[ template "common/constraints" $c ]]

    service {
      name = "[[ $.instance ]]-[[ $proto ]]-controller[[ $.consul.suffix ]]"
[[ template "common/service_meta" $c ]]
    }

    restart {
      interval         = "5m"
      attempts         = 30
      delay            = "10s"
      mode             = "delay"
    }

    task "[[ $proto ]]-controller" {

      driver = "[[ $c.nomad.driver ]]"

      env {
        NODE_EXTRA_CA_CERTS = "/local/ca.crt"
      }

[[ template "common/file_env" $c ]]

      vault {
        policies     = ["[[ $.instance ]][[ $.consul.suffix ]]"]
        env          = false
        disable_file = true
      }

      config {
        image = "[[ $.democratic_csi.image ]]"

        args = [
          "--csi-version=1.5.0",
          "--csi-name=[[ $.democratic_csi.plugin_id ]].[[ $proto ]]",
          "--driver-config-file=/secrets/config.yml",
          "--log-level=info",
          "--csi-mode=controller",
          "--server-socket=/csi/csi.sock"
        ]

        network_mode = "host"
        privileged   = true
        userns_mode  = "host"
      }

      template {
        data        =<<_EOF
[[ tmpl.Exec (printf "democratic_csi/%s/controller.yml.tpl" $proto) $c ]]
_EOF
        destination = "secrets/config.yml"
      }

      # Load vault root CA into the trust store
      template {
        data = <<-EOF
          {{ with secret "[[ $.vault.pki.issuer ]]/cert/ca" }}{{ .Data.certificate }}{{ end }}
        EOF
        destination = "local/ca.crt"
      }

      csi_plugin {
        id             = "[[ $.democratic_csi.plugin_id ]].[[ $proto ]]"
        type           = "controller"
        mount_dir      = "/csi"
        health_timeout = "2m"
      }

[[ template "common/resources" $c ]]
    }
  }
[[- end ]]
}

# vim: syntax=hcl