76 lines
1.6 KiB
HCL
76 lines
1.6 KiB
HCL
[[ $c := merge .egress_gw . -]]
|
|
|
|
job "[[ .instance ]]" {
|
|
|
|
[[ template "common/job_start" $c ]]
|
|
|
|
group "egress-gateway" {
|
|
|
|
count = [[ $c.count ]]
|
|
|
|
network {
|
|
mode = "bridge"
|
|
}
|
|
|
|
# Terminating gateway definition
|
|
service {
|
|
name = "[[ .instance ]][[ $c.consul.suffix ]]"
|
|
connect {
|
|
gateway {
|
|
proxy {}
|
|
terminating {
|
|
[[- range $service, $def := .egress_gw.services ]]
|
|
service {
|
|
name = "[[ $service ]]"
|
|
[[- range $k, $v := $def ]]
|
|
[[ $k ]] = [[ $v | toJSON ]]
|
|
[[- end ]]
|
|
}
|
|
[[- end ]]
|
|
}
|
|
}
|
|
sidecar_task {
|
|
[[ template "common/resources" $c.consul.connect.resources ]]
|
|
}
|
|
}
|
|
}
|
|
|
|
# Dummy task to configure custom CA certificates
|
|
# Needed because template is not supported in sidecar_task
|
|
task "ca-certs" {
|
|
# Use docker instead of exec as it's broken on EL8. See https://github.com/hashicorp/nomad/issues/20212
|
|
driver = "docker"
|
|
|
|
config {
|
|
image = "[[ .docker.repo ]][[ .docker.base_images.alpine.image ]]"
|
|
readonly_rootfs = true
|
|
pids_limit = 10
|
|
command = "/bin/true"
|
|
}
|
|
|
|
# The task will just quit immediatly, mark it as a prestart hook
|
|
lifecycle {
|
|
hook = "prestart"
|
|
}
|
|
[[- range $k, $v := .egress_gw.ca_certs ]]
|
|
|
|
template {
|
|
data =<<_EOF
|
|
[[ $v ]]
|
|
_EOF
|
|
destination = "${NOMAD_ALLOC_DIR}/data/[[ $k ]].crt"
|
|
}
|
|
[[- end ]]
|
|
|
|
# Give just enough resources
|
|
resources {
|
|
cpu = 10
|
|
memory = 10
|
|
memory_max = 20
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
# vim: syntax=hcl
|