egress-gateway/egress-gateway.nomad.hcl

[[ $c := merge .egress_gw . -]]

job "[[ .instance ]]" {

[[ template "common/job_start" $c ]]

  group "egress-gateway" {

    count = [[ $c.count ]]

    network {
      mode = "bridge"
    }

    # Terminating gateway definition
    service {
      name = "[[ .instance ]][[ $c.consul.suffix ]]"
      connect {
        gateway {
          proxy {}
          terminating {
[[- range $service, $def := .egress_gw.services ]]
            service {
              name    = "[[ $service ]]"
  [[- range $k, $v := $def ]]
              [[ $k ]] = [[ $v | toJSON ]]
  [[- end ]]
            }
[[- end ]]
          }
        }
        sidecar_task {
[[ template "common/resources" $c.consul.connect.resources ]]
        }
      }
    }

    # Dummy task to configure custom CA certificates
    # Needed because template is not supported in sidecar_task
    task "ca-certs" {
      driver = "exec"

      config {
        command = "/bin/true"
      }

      # The task will just quit immediatly, mark it as a prestart hook
      lifecycle {
        hook = "prestart"
      }
[[- range $k, $v := .egress_gw.ca_certs ]]

      template {
        data        =<<_EOF
[[ $v ]]
_EOF
        destination = "${NOMAD_ALLOC_DIR}/data/[[ $k ]].crt"
      }
[[- end ]]

      # Give just enough resources
      resources {
        cpu        = 10
        memory     = 10
        memory_max = 20
      }
    }
  }
}

# vim: syntax=hcl