Name: pot-task-driver
The Pot task driver provides an interface for using pot for dynamically running applications inside a FreeBSD Jail. You can download the external pot-task-driver here.
job "example" {
region = "global"
datacenters = ["dc1"]
type = "service"
group "group1" {
count = 1
task "task1" {
driver = "pot"
service {
tags = ["pot-jail", "metrics"]
name = "pot-example"
port = "http"
check {
type = "tcp"
name = "http"
interval = "5s"
timeout = "2s"
}
}
config {
image = "https://pot-registry.zapto.org/registry/"
pot = "FBSD121-nginx"
tag = "1.2"
command = "nginx"
args = ["-g","'daemon off;'"]
port_map = {
http = "80"
}
network_mode = "host"
copy = [ "/tmp/test.txt:/root/test.txt", "/tmp/test2.txt:/root/test2.txt" ]
mount = [ "/tmp/test:/root/test", "/tmp/test2:/root/test2" ]
mount_read_only = [ "/tmp/test2:/root/test2" ]
}
resources {
cpu = 200
memory = 128
network {
mbits = 10
port "http" {}
}
}
}
}
}task "nginx-pot" {
driver = "pot"
config {
image = "https://pot-registry.zapto.org/registry/"
pot = "FBSD121-nginx"
tag = "1.2"
command = "nginx"
args = ["-g","'daemon off;'"]
network_mode = "public-bridge"
port_map = {
http = "80"
}
copy = [
"/root/index.html:/usr/local/www/nginx-dist/index.html",
"/root/nginx.conf:/usr/local/etc/nginx/nginx.conf"
]
mount = [
"/tmp/test:/root/test",
]
mount_read_only = [
"/tmp/test2:/root/test2"
]
}
}The pot task driver supports the following parameters:
-
image- The url for the http registry from where to get the image. -
pot- Name of the image in the registry. -
tag- Version of the image. -
commad- (Optional) Command that is going to be executed once the jail is started. -
args- (Optional. Depends oncommad) Array of arguments to append to the command. -
network_mode- (Optional) Defines the network mode of the pot. Default: "public-bridge"Possible values are:
"public-bridge" pot creates an internal virtual network with a NAT table where all traffic is going to be sent.
"host" pot bounds the jail directly to a host port.
-
port_map- (Optional) Sets the port on which the application is listening inside of the jail. If not set, the application will inherit the port configuration from the image. -
copy- (Optional) Copies a file from the host machine to the pot jail in the given directory. -
mount- (Optional) Mounts a read/write folder from the host machine to the pot jail. -
mount_read_only- (Optional) Mounts a read only directory inside the pot jail.
pot-task-driver requires the following:
- 64-bit FreeBSD 12.0-RELEASE host .
- The FreeBSD's Nomad binary (available as a package).
- The pot-task-driver binary placed in the plugin_dir directory.
- Installing pot and following the install guide.
- Webserver from where to serve the images. (simple file server)
- Following lines need to be included in your rc.conf
nomad_user="root"
nomad_env="PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/sbin:/bin"