forked from GuyBarros/nomad_jobs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhcp-boundary-worker.nomad
118 lines (103 loc) · 2.55 KB
/
hcp-boundary-worker.nomad
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
variable "boundary_version" {
type = string
default = "0.9.0"
}
variable "boundary_checksum" {
type = string
default = "e97c8b93e23326c5cd0cf0a65cc79790d80dcafd175d577175698b0c091da992"
}
job "boundary-worker" {
region = "global"
datacenters = ["eu-west-2a","eu-west-2b","eu-west-2c"]
type = "service"
group "boundary-worker" {
count = 3
constraint {
operator = "distinct_hosts"
value = "true"
}
network {
port "api" {
static = 9200
}
port "cluster" {
static = 9201
}
port "worker" {
static = 9202
}
}
vault {
policies = ["superuser"]
}
task "boundary-worker.service" {
driver = "raw_exec"
constraint {
attribute = "${meta.type}"
value = "server"
}
resources {
cpu = 2000
memory = 1024
}
artifact {
source = "https://releases.hashicorp.com/boundary/${var.boundary_version}/boundary_${var.boundary_version}_linux_amd64.zip"
destination = "./tmp/"
options {
checksum = "sha256:${var.boundary_checksum}"
}
}
template {
data = <<EOF
listener "tcp" {
purpose = "proxy"
address = "{{ env "attr.unique.network.ip-address" }}:9202"
tls_disable = true
}
worker {
name = "local-worker-{{ env "NOMAD_ALLOC_INDEX" }}"
description = "Worker on {{ env "attr.unique.hostname" }}"
public_addr = "{{ env "attr.unique.platform.aws.public-ipv4" }}"
controllers = [
{{ range service "boundary-controller" }}
"{{ .Address }}:9201",
{{ end }}
]
}
kms "transit" {
purpose = "worker-auth"
address = "https://vault.service.consul:8200"
disable_renewal = "true"
// Key configuration
key_name = "worker-auth"
mount_path = "transit/"
namespace = "boundary/"
}
EOF
destination = "./tmp/boundary.d/config.hcl"
}
config {
command = "/tmp/boundary"
args = ["server", "-config=tmp/boundary.d/config.hcl"]
}
service {
name = "boundary-worker"
tags = ["boundary-worker","worker-${NOMAD_ALLOC_INDEX}"]
port = "worker"
check {
name = "alive"
type = "tcp"
interval = "10s"
timeout = "2s"
}
}
}
}
update {
max_parallel = 1
min_healthy_time = "5s"
healthy_deadline = "3m"
auto_revert = false
canary = 0
}
}