71 lines
1.7 KiB
HCL
71 lines
1.7 KiB
HCL
[[ $c := merge .democratic_csi.controller . -]]
|
|
|
|
job "[[ .democratic_csi.instance ]]-controller" {
|
|
|
|
[[- template "common/job_start.tpl" $c ]]
|
|
|
|
[[- range $proto := slice "iscsi" "nfs" ]]
|
|
|
|
group "[[ $proto ]]-controller" {
|
|
|
|
count = [[ $.democratic_csi.controller.count ]]
|
|
|
|
task "[[ $proto ]]-controller" {
|
|
|
|
driver = [[ $c.nomad.driver | toJSON ]]
|
|
|
|
env {
|
|
NODE_EXTRA_CA_CERTS = "/local/ca.crt"
|
|
[[ template "common/env.tpl" $c.env ]]
|
|
}
|
|
|
|
vault {
|
|
policies = ["democratic-csi[[ $c.consul.suffix ]]"]
|
|
}
|
|
|
|
config {
|
|
image = [[ $.democratic_csi.image | toJSON ]]
|
|
|
|
args = [
|
|
"--csi-version=1.5.0",
|
|
"--csi-name=[[ $.democratic_csi.plugin_id ]].[[ $proto ]]",
|
|
"--driver-config-file=/secrets/config.yml",
|
|
"--log-level=info",
|
|
"--csi-mode=controller",
|
|
"--server-socket=/csi/csi.sock"
|
|
]
|
|
|
|
network_mode = "host"
|
|
privileged = true
|
|
userns_mode = "host"
|
|
}
|
|
|
|
template {
|
|
data =<<_EOF
|
|
[[ tmpl.Exec (printf "democratic_csi/%s/controller.yml.tpl" $proto) $ ]]
|
|
_EOF
|
|
destination = "secrets/config.yml"
|
|
}
|
|
|
|
# Load vault root CA into the trust store
|
|
template {
|
|
data = <<-EOF
|
|
{{ with secret "[[ $c.consul.suffix ]]pki/root/cert/ca" }}{{ .Data.certificate }}{{ end }}
|
|
EOF
|
|
destination = "local/ca.crt"
|
|
}
|
|
|
|
csi_plugin {
|
|
id = "[[ $.democratic_csi.plugin_id ]].[[ $proto ]]"
|
|
type = "controller"
|
|
mount_dir = "/csi"
|
|
}
|
|
|
|
[[ template "common/resources.tpl" $.democratic_csi.controller.resources ]]
|
|
}
|
|
}
|
|
[[- end ]]
|
|
}
|
|
|
|
# vim: syntax=hcl
|