91 lines
2.0 KiB
HCL
91 lines
2.0 KiB
HCL
job "[[ .instance ]]-controller" {
|
|
|
|
[[ $c := merge .democratic_csi . -]]
|
|
|
|
[[- template "common/job_start" $c ]]
|
|
|
|
[[- range $proto := coll.Slice "iscsi" "nfs" ]]
|
|
|
|
group "[[ $proto ]]-controller" {
|
|
|
|
[[ $c := merge $c.controller $c ]]
|
|
|
|
count = [[ $c.count ]]
|
|
|
|
[[ template "common/constraints" $c ]]
|
|
|
|
service {
|
|
name = "[[ $.instance ]]-[[ $proto ]]-controller[[ $.consul.suffix ]]"
|
|
[[ template "common/service_meta" $c ]]
|
|
}
|
|
|
|
restart {
|
|
interval = "5m"
|
|
attempts = 30
|
|
delay = "10s"
|
|
mode = "delay"
|
|
}
|
|
|
|
task "[[ $proto ]]-controller" {
|
|
|
|
driver = "[[ $c.nomad.driver ]]"
|
|
|
|
env {
|
|
NODE_EXTRA_CA_CERTS = "/local/ca.crt"
|
|
}
|
|
|
|
[[ template "common/file_env" $c ]]
|
|
|
|
vault {
|
|
policies = ["[[ $.instance ]][[ $.consul.suffix ]]"]
|
|
env = false
|
|
disable_file = true
|
|
}
|
|
|
|
config {
|
|
image = "[[ $.democratic_csi.image ]]"
|
|
|
|
args = [
|
|
"--csi-version=1.5.0",
|
|
"--csi-name=[[ $.democratic_csi.plugin_id ]].[[ $proto ]]",
|
|
"--driver-config-file=/secrets/config.yml",
|
|
"--log-level=info",
|
|
"--csi-mode=controller",
|
|
"--server-socket=/csi/csi.sock"
|
|
]
|
|
|
|
network_mode = "host"
|
|
privileged = true
|
|
userns_mode = "host"
|
|
}
|
|
|
|
template {
|
|
data =<<_EOF
|
|
[[ tmpl.Exec (printf "democratic_csi/%s/controller.yml.tpl" $proto) $c ]]
|
|
_EOF
|
|
destination = "secrets/config.yml"
|
|
}
|
|
|
|
# Load vault root CA into the trust store
|
|
template {
|
|
data = <<-EOF
|
|
{{ with secret "[[ $.vault.pki.issuer ]]/cert/ca" }}{{ .Data.certificate }}{{ end }}
|
|
EOF
|
|
destination = "local/ca.crt"
|
|
}
|
|
|
|
csi_plugin {
|
|
id = "[[ $.democratic_csi.plugin_id ]].[[ $proto ]]"
|
|
type = "controller"
|
|
mount_dir = "/csi"
|
|
health_timeout = "2m"
|
|
}
|
|
|
|
[[ template "common/resources" $c ]]
|
|
}
|
|
}
|
|
[[- end ]]
|
|
}
|
|
|
|
# vim: syntax=hcl
|