hcp-ansible/roles/hashistack_ingress/templates/ingress.job.hcl.j2

156 lines
3.5 KiB
Plaintext
Raw Normal View History

job "{{ hashistack_ingress_job_name }}" {
datacenters = {{ hashistack_ingress_datacenters }}
type = "service"
priority = 85
namespace = {{ hashistack_ingress_namespace }}
group "haproxy" {
network {
mode = "bridge"
port "http" {
to = 80
static = 80
}
port "https" {
to = 443
static = 443
}
port "stats" {
to = 9000
}
}
{% if hashistack_ingress_enable_http %}
service {
name = "haproxy-http"
provider = "{{ "consul" if hashistack_ingress_enable_consul_service else "nomad"}}"
port = "http"
task = "loadbalancer"
check {
type = "http"
port = "stats"
path = "/health"
interval = "10s"
timeout = "2s"
}
tags = []
}
{% endif %}
{% if hashistack_ingress_enable_https %}
service {
name = "haproxy-https"
provider = "{{ "consul" if hashistack_ingress_enable_consul_service else "nomad"}}"
port = "https"
task = "loadbalancer"
check {
type = "http"
port = "stats"
path = "/health"
interval = "10s"
timeout = "2s"
}
tags = []
}
{% endif %}
service {
name = "haproxy-stats"
provider = "{{ "consul" if hashistack_ingress_enable_consul_service else "nomad"}}"
port = "stats"
task = "loadbalancer"
check {
type = "http"
port = "stats"
path = "/health"
interval = "10s"
timeout = "2s"
}
tags = []
}
{% if hashistack_ingress_enable_prometheus_metrics %}
service {
name = "loadbalancer-exporter"
port = "prometheus-exporter"
task = "loadbalancer"
tags = []
}
{% endif %}
task "keepalived" {
driver = "docker"
lifecycle {
hook = "poststart"
sidecar = true
}
config {
image = "{{ hashistack_ingress_keepalived_image }}:{{ hashistack_ingress_virtual_ip_keepalived_version }}"
network_mode = "host"
cap_add = [
"NET_ADMIN",
"NET_BROADCAST",
"NET_RAW"
]
mount {
type = "bind"
source = "secrets/keepalived.conf"
target = "/etc/keepalived/keepalived.conf"
}
mount {
type = "bind"
source = "secrets/chk_haproxy.sh"
target = "/etc/keepalived/scripts.d/chk_haproxy.sh"
}
mount {
type = "bind"
target = "/var/run/docker.sock"
source = "/var/run/docker.sock"
readonly = true
}
}
template {
data = <<-EOT
{% include "keepalived.conf.j2" %}
EOT
destination = "secrets/keepalived.conf"
}
template {
data = <<-EOT
{% include "chk_haproxy.sh.j2" %}
EOT
destination = "secrets/chk_haproxy.sh"
perms = "755"
}
resources {
cpu = 50
memory = 10
}
}
task "loadbalancer" {
driver = "docker"
config {
image = "{{ hashistack_ingress_haproxy_image }}:{{ hashistack_ingress_virtual_ip_haproxy_version }}"
mount {
type = "bind"
source = "secrets/haproxy.cfg"
target = "/usr/local/etc/haproxy/haproxy.cfg"
}
}
template {
data = <<-EOT
{% include "haproxy.cfg.j2" %}
EOT
destination = "secrets/haproxy.cfg"
}
resources {
cpu = 128
memory = 256
}
}
}
}