nomad

HCL and Docker files for Nomad deployments
git clone https://git.in0rdr.ch/nomad.git
Log | Files | Refs | Pull requests |Archive

commit 4796ec7e990d7cf3091b4802a7cc5a91a625a7cb
parent 378ea8df73b721314efa6f03b37a81f2ba9b6e55
Author: Andreas Gruhler <andreas.gruhler@adfinis.com>
Date:   Thu, 31 Oct 2024 08:57:04 +0100

feat(myheats): single frontend/api addr

Diffstat:
Mhcl/default/myheats-demo/myheats-demo.nomad | 73+++++++++++++++++++++++++++++++++++++++++++------------------------------
Mhcl/default/myheats-demo/templates/frontend-env.local.tmpl | 4++--
Ahcl/default/myheats-demo/templates/nginx-frontend.conf.tmpl | 8++++++++
Ahcl/default/myheats-demo/templates/nginx-proxy.conf.tmpl | 27+++++++++++++++++++++++++++
Dhcl/default/myheats-demo/templates/nginx.conf.tmpl | 35-----------------------------------
5 files changed, 80 insertions(+), 67 deletions(-)

diff --git a/hcl/default/myheats-demo/myheats-demo.nomad b/hcl/default/myheats-demo/myheats-demo.nomad @@ -1,13 +1,14 @@ job "myheats-demo" { datacenters = ["dc1"] - priority = 80 - vault {} + priority = 80 + group "server" { count = 1 + # /alloc/data ephemeral_disk { size = 500 } @@ -21,27 +22,24 @@ job "myheats-demo" { network { port "frontend_http" { + # Nginx default image always listens on 80 to = 80 } port "api_http" {} - - port "frontend_https" { + port "proxy_https" { static = 44396 } - port "api_https" { - static = 44407 - } } - task "nginx" { + task "nginx_proxy" { driver = "podman" config { image = "docker.io/library/nginx:stable-alpine" - ports = ["frontend_https", "api_https"] + ports = ["proxy_https"] volumes = [ # mount the templated config from the task directory to the container - "local/myheats-demo.conf:/etc/nginx/conf.d/myheats-demo.conf", + "local/nginx-proxy.conf:/etc/nginx/conf.d/default.conf", ] } @@ -51,8 +49,8 @@ job "myheats-demo" { } template { - destination = "${NOMAD_TASK_DIR}/myheats-demo.conf" - data = file("./templates/nginx.conf.tmpl") + destination = "${NOMAD_TASK_DIR}/nginx-proxy.conf" + data = file("./templates/nginx-proxy.conf.tmpl") } resources { @@ -73,20 +71,25 @@ job "myheats-demo" { data = file("./templates/frontend-env.local.tmpl") } - env { - VERSION = "master" + artifact { + source = "https://code.in0rdr.ch/myheats/archive/myheats-master.tar.gz" + destination = "local/myheats.tar.gz" + options { + archive = false + filename = "myheats.tar.gz" + } + mode = "file" } config { image = "docker.io/node:18-alpine" command = "/bin/sh" - args = ["-c", <<EOT - echo "Downloading and building MyHeats version '$VERSION'.." - # TODO: use Nomad artefact - wget -qO /tmp/myheats.tar.gz https://code.in0rdr.ch/myheats/archive/myheats-$VERSION.tar.gz - tar --strip-components=1 -C /alloc/data -xvf /tmp/myheats.tar.gz - cd /alloc/data - npm ci && npm run build + args = [ "-c", <<EOT + mkdir -p /alloc/data/myheats && rm -rf /alloc/data/myheats/* + tar --strip-components=1 -C /alloc/data/myheats -xvf /local/myheats.tar.gz + cd /alloc/data/myheats + npm ci + npm run build EOT ] volumes = [ @@ -96,9 +99,9 @@ job "myheats-demo" { } resources { - memory = 50 - memory_max = 256 - cpu = 200 + memory = 256 + memory_max = 512 + cpu = 300 } lifecycle { @@ -110,17 +113,25 @@ job "myheats-demo" { task "frontend" { driver = "podman" + template { + destination = "${NOMAD_TASK_DIR}/nginx-frontend.conf" + data = file("./templates/nginx-frontend.conf.tmpl") + } + config { - image = "127.0.0.1:5000/myheats-nginx:latest" + image = "docker.io/nginx:alpine" ports = ["frontend_http"] command = "/bin/sh" args = ["-c", <<EOT echo "Copyng new distribution from workdir" rm -rf /usr/share/nginx/html/* - cp -r /alloc/data/dist/* /usr/share/nginx/html/ + cp -r /alloc/data/myheats/dist/* /usr/share/nginx/html/ nginx -g 'daemon off;' EOT ] + volumes = [ + "local/nginx-frontend.conf:/etc/nginx/conf.d/default.conf", + ] } resources { @@ -134,7 +145,9 @@ job "myheats-demo" { driver = "podman" config { - image = "127.0.0.1:5000/myheats-api:latest" + image = "docker.io/node:18-alpine" + command = "/bin/sh" + args = ["-c", "cd /alloc/data/myheats && npm run api"] force_pull = true ports = ["api_http"] volumes = [ @@ -151,9 +164,9 @@ job "myheats-demo" { } resources { - memory = 50 - memory_max = 128 - cpu = 200 + memory = 124 + memory_max = 512 + cpu = 300 } } } diff --git a/hcl/default/myheats-demo/templates/frontend-env.local.tmpl b/hcl/default/myheats-demo/templates/frontend-env.local.tmpl @@ -1,5 +1,5 @@ # Full URI to backend http API -VITE_API_URI=https://api-myheats-demo.p0c.ch +VITE_API_URI=https://myheats-demo.p0c.ch # Backend API http port VITE_API_PORT=443 # Application window title @@ -7,7 +7,7 @@ VITE_APP_DOC_TITLE='MyHeats Demo' # Cookie TTL in seconds (session ttl in the admin/judges frontend), 60m VITE_SESSION_TTL=259200 #72h # Full URI to backend websocket API -VITE_WS_URI=wss://api-myheats-demo.p0c.ch +VITE_WS_URI=wss://myheats-demo.p0c.ch # Backend API websocket port VITE_WS_PORT=443 # Locale for frontend date formatting diff --git a/hcl/default/myheats-demo/templates/nginx-frontend.conf.tmpl b/hcl/default/myheats-demo/templates/nginx-frontend.conf.tmpl @@ -0,0 +1,8 @@ +server { + listen 80; + + location / { + root /usr/share/nginx/html; + try_files $uri /index.html; + } +} diff --git a/hcl/default/myheats-demo/templates/nginx-proxy.conf.tmpl b/hcl/default/myheats-demo/templates/nginx-proxy.conf.tmpl @@ -0,0 +1,27 @@ +server { + listen {{ env "NOMAD_PORT_proxy_https" }} ssl; + + ssl_certificate /etc/letsencrypt/live/myheats-demo.p0c.ch/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/myheats-demo.p0c.ch/privkey.pem; + + location / { + proxy_pass http://{{ env "NOMAD_ADDR_frontend_http" }}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + location /v1 { + proxy_pass http://{{ env "NOMAD_ADDR_api_http" }}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # WebSocket proxying + # https://nginx.org/en/docs/http/websocket.html + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } +} diff --git a/hcl/default/myheats-demo/templates/nginx.conf.tmpl b/hcl/default/myheats-demo/templates/nginx.conf.tmpl @@ -1,35 +0,0 @@ -server { - listen {{ env "NOMAD_PORT_frontend_https" }} ssl; - - ssl_certificate /etc/letsencrypt/live/myheats-demo.p0c.ch/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/myheats-demo.p0c.ch/privkey.pem; - - location / { - proxy_pass http://{{ env "NOMAD_ADDR_frontend_http" }}; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - } -} - -server { - listen {{ env "NOMAD_PORT_api_https" }} ssl; - - ssl_certificate /etc/letsencrypt/live/api-myheats-demo.p0c.ch/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/api-myheats-demo.p0c.ch/privkey.pem; - - location / { - proxy_pass http://{{ env "NOMAD_ADDR_api_http" }}; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # WebSocket proxying - # https://nginx.org/en/docs/http/websocket.html - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - } -}