Bertrand Lanson
23c99407ba
All checks were successful
development / Check commit compliance (push) Successful in 29s
156 lines
3.5 KiB
Django/Jinja
156 lines
3.5 KiB
Django/Jinja
job "{{ hashistack_ingress_job_name }}" {
|
|
datacenters = {{ hashistack_ingress_datacenters }}
|
|
type = "service"
|
|
priority = 85
|
|
namespace = {{ hashistack_ingress_namespace }}
|
|
|
|
group "haproxy" {
|
|
network {
|
|
mode = "bridge"
|
|
port "http" {
|
|
to = 80
|
|
static = 80
|
|
}
|
|
port "https" {
|
|
to = 443
|
|
static = 443
|
|
}
|
|
port "stats" {
|
|
to = 9000
|
|
}
|
|
}
|
|
|
|
{% if hashistack_ingress_enable_http %}
|
|
service {
|
|
name = "haproxy-http"
|
|
provider = "{{ "consul" if hashistack_ingress_enable_consul_service else "nomad"}}"
|
|
port = "http"
|
|
task = "loadbalancer"
|
|
check {
|
|
type = "http"
|
|
port = "stats"
|
|
path = "/health"
|
|
interval = "10s"
|
|
timeout = "2s"
|
|
}
|
|
tags = []
|
|
}
|
|
{% endif %}
|
|
|
|
{% if hashistack_ingress_enable_https %}
|
|
service {
|
|
name = "haproxy-https"
|
|
provider = "{{ "consul" if hashistack_ingress_enable_consul_service else "nomad"}}"
|
|
port = "https"
|
|
task = "loadbalancer"
|
|
check {
|
|
type = "http"
|
|
port = "stats"
|
|
path = "/health"
|
|
interval = "10s"
|
|
timeout = "2s"
|
|
}
|
|
tags = []
|
|
}
|
|
{% endif %}
|
|
|
|
service {
|
|
name = "haproxy-stats"
|
|
provider = "{{ "consul" if hashistack_ingress_enable_consul_service else "nomad"}}"
|
|
port = "stats"
|
|
task = "loadbalancer"
|
|
check {
|
|
type = "http"
|
|
port = "stats"
|
|
path = "/health"
|
|
interval = "10s"
|
|
timeout = "2s"
|
|
}
|
|
tags = []
|
|
}
|
|
|
|
|
|
|
|
{% if hashistack_ingress_enable_prometheus_metrics %}
|
|
service {
|
|
name = "loadbalancer-exporter"
|
|
port = "prometheus-exporter"
|
|
task = "loadbalancer"
|
|
tags = []
|
|
}
|
|
{% endif %}
|
|
|
|
task "keepalived" {
|
|
driver = "docker"
|
|
lifecycle {
|
|
hook = "poststart"
|
|
sidecar = true
|
|
}
|
|
config {
|
|
image = "{{ hashistack_ingress_keepalived_image }}:{{ hashistack_ingress_virtual_ip_keepalived_version }}"
|
|
network_mode = "host"
|
|
cap_add = [
|
|
"NET_ADMIN",
|
|
"NET_BROADCAST",
|
|
"NET_RAW"
|
|
]
|
|
mount {
|
|
type = "bind"
|
|
source = "secrets/keepalived.conf"
|
|
target = "/etc/keepalived/keepalived.conf"
|
|
}
|
|
mount {
|
|
type = "bind"
|
|
source = "secrets/chk_haproxy.sh"
|
|
target = "/etc/keepalived/scripts.d/chk_haproxy.sh"
|
|
}
|
|
mount {
|
|
type = "bind"
|
|
target = "/var/run/docker.sock"
|
|
source = "/var/run/docker.sock"
|
|
readonly = true
|
|
}
|
|
}
|
|
template {
|
|
data = <<-EOT
|
|
{% include "keepalived.conf.j2" %}
|
|
EOT
|
|
destination = "secrets/keepalived.conf"
|
|
}
|
|
template {
|
|
data = <<-EOT
|
|
{% include "chk_haproxy.sh.j2" %}
|
|
EOT
|
|
destination = "secrets/chk_haproxy.sh"
|
|
perms = "755"
|
|
}
|
|
resources {
|
|
cpu = 50
|
|
memory = 10
|
|
}
|
|
}
|
|
|
|
task "loadbalancer" {
|
|
driver = "docker"
|
|
config {
|
|
image = "{{ hashistack_ingress_haproxy_image }}:{{ hashistack_ingress_virtual_ip_haproxy_version }}"
|
|
mount {
|
|
type = "bind"
|
|
source = "secrets/haproxy.cfg"
|
|
target = "/usr/local/etc/haproxy/haproxy.cfg"
|
|
}
|
|
}
|
|
template {
|
|
data = <<-EOT
|
|
{% include "haproxy.cfg.j2" %}
|
|
EOT
|
|
destination = "secrets/haproxy.cfg"
|
|
}
|
|
resources {
|
|
cpu = 128
|
|
memory = 256
|
|
}
|
|
}
|
|
}
|
|
}
|