egress-gateway/egress-gateway.nomad.hcl

[[ $c := merge .egress_gw . -]]

job "[[ .instance ]]" {

[[ template "common/job_start" $c ]]

  group "egress-gateway" {

    count = [[ $c.count ]]

    network {
      mode = "bridge"
    }

    # Terminating gateway definition
    service {
      name = "[[ .instance ]][[ $c.consul.suffix ]]"
      connect {
        gateway {
          proxy {}
          terminating {
[[- range $service, $def := .egress_gw.services ]]
            service {
              name    = "[[ $service ]]"
  [[- range $k, $v := $def ]]
              [[ $k ]] = [[ $v | toJSON ]]
  [[- end ]]
            }
[[- end ]]
          }
        }
        sidecar_task {
          logs {
            disabled = [[ .consul.connect.logs.disabled | ternary "true" "false" ]]
          }
[[ template "common/resources" $c.consul.connect.resources ]]
        }
      }
    }

    # Dummy task to configure custom CA certificates
    # Needed because template is not supported in sidecar_task
    task "ca-certs" {
      # Use docker instead of exec as it's broken on EL8. See https://github.com/hashicorp/nomad/issues/20212
      driver = "docker"

      config {
        image           = "[[ .docker.repo ]][[ .docker.base_images.alpine.image ]]"
        readonly_rootfs = true
        pids_limit      = 10
        command         = "/bin/true"
      }

      # The task will just quit immediatly, mark it as a prestart hook
      lifecycle {
        hook = "prestart"
      }
[[- range $k, $v := .egress_gw.ca_certs ]]

      template {
        data        =<<_EOF
[[ $v ]]
_EOF
        destination = "${NOMAD_ALLOC_DIR}/data/[[ $k ]].crt"
      }
[[- end ]]

      # Give just enough resources
      resources {
        cpu        = 10
        memory     = 10
        memory_max = 20
      }
    }
  }
}

# vim: syntax=hcl
Cleanup 2023-10-08 16:31:31 +02:00			`[[ $c := merge .egress_gw . -]]`
Import job 2023-08-22 15:24:35 +02:00
Cleanup 2024-02-05 14:59:35 +01:00			`job "[[ .instance ]]" {`
Cleanup 2023-10-08 16:31:31 +02:00
Cleanup 2023-12-21 22:24:32 +01:00			`[[ template "common/job_start" $c ]]`
Import job 2023-08-22 15:24:35 +02:00
			`group "egress-gateway" {`

Cleanup 2024-02-05 14:59:35 +01:00			`count = [[ $c.count ]]`

Import job 2023-08-22 15:24:35 +02:00			`network {`
			`mode = "bridge"`
			`}`

			`# Terminating gateway definition`
			`service {`
Cleanup 2023-12-21 22:24:32 +01:00			`name = "[[ .instance ]][[ $c.consul.suffix ]]"`
Import job 2023-08-22 15:24:35 +02:00			`connect {`
			`gateway {`
			`proxy {}`
			`terminating {`
template cleanup 2023-08-29 22:23:57 +02:00			`[[- range $service, $def := .egress_gw.services ]]`
Import job 2023-08-22 15:24:35 +02:00			`service {`
Cleanup 2024-02-05 14:59:35 +01:00			`name = "[[ $service ]]"`
template cleanup 2023-08-29 22:23:57 +02:00			`[[- range $k, $v := $def ]]`
Import job 2023-08-22 15:24:35 +02:00			`[[ $k ]] = [[ $v \| toJSON ]]`
template cleanup 2023-08-29 22:23:57 +02:00			`[[- end ]]`
Import job 2023-08-22 15:24:35 +02:00			`}`
template cleanup 2023-08-29 22:23:57 +02:00			`[[- end ]]`
Various fixes 2023-08-22 15:35:50 +02:00			`}`
Import job 2023-08-22 15:24:35 +02:00			`}`
			`sidecar_task {`
[egress-gateway] Honor connect sidecar log collection setting 2024-05-11 21:50:37 +02:00			`logs {`
			`disabled = [[ .consul.connect.logs.disabled \| ternary "true" "false" ]]`
			`}`
Cleanup 2023-12-21 22:24:32 +01:00			`[[ template "common/resources" $c.consul.connect.resources ]]`
Import job 2023-08-22 15:24:35 +02:00			`}`
			`}`
			`}`

			`# Dummy task to configure custom CA certificates`
			`# Needed because template is not supported in sidecar_task`
Various fixes 2023-08-22 15:35:50 +02:00			`task "ca-certs" {`
Use docker instead of exec to work arround https://github.com/hashicorp/nomad/issues/20212 2024-04-22 11:33:59 +02:00			`# Use docker instead of exec as it's broken on EL8. See https://github.com/hashicorp/nomad/issues/20212`
			`driver = "docker"`
Import job 2023-08-22 15:24:35 +02:00
			`config {`
Use docker instead of exec to work arround https://github.com/hashicorp/nomad/issues/20212 2024-04-22 11:33:59 +02:00			`image = "[[ .docker.repo ]][[ .docker.base_images.alpine.image ]]"`
			`readonly_rootfs = true`
			`pids_limit = 10`
			`command = "/bin/true"`
Import job 2023-08-22 15:24:35 +02:00			`}`

Various fixes 2023-08-22 15:35:50 +02:00			`# The task will just quit immediatly, mark it as a prestart hook`
Import job 2023-08-22 15:24:35 +02:00			`lifecycle {`
			`hook = "prestart"`
			`}`
			`[[- range $k, $v := .egress_gw.ca_certs ]]`

			`template {`
			`data =<<_EOF`
			`[[ $v ]]`
			`_EOF`
			`destination = "${NOMAD_ALLOC_DIR}/data/[[ $k ]].crt"`
			`}`
Various fixes 2023-08-22 15:35:50 +02:00			`[[- end ]]`
Import job 2023-08-22 15:24:35 +02:00
			`# Give just enough resources`
			`resources {`
			`cpu = 10`
			`memory = 10`
			`memory_max = 20`
			`}`
			`}`
			`}`
			`}`

			`# vim: syntax=hcl`