nomad

HCL and Docker files for Nomad deployments
git clone https://git.in0rdr.ch/nomad.git
Log | Files | Refs | Pull requests |Archive | README

myheats-demo-stable.nomad (2709B)

      1 # This job uses the stable images from the registry
      2 # No build/prepare steps are done here, all is read from the image
      3 
      4 job "myheats-demo" {
      5   datacenters = ["dc1"]
      6 
      7   vault {}
      8 
      9   priority = 80
     10 
     11   constraint {
     12     # image only built for arm
     13     attribute = "${attr.cpu.arch}"
     14     value     = "arm64"
     15   }
     16 
     17   group "server" {
     18     count = 1
     19 
     20     volume "tls" {
     21       type = "csi"
     22       source = "certbot"
     23       access_mode = "multi-node-multi-writer"
     24       attachment_mode = "file-system"
     25     }
     26 
     27     network {
     28       port "frontend_http" {
     29         # Nginx default image always listens on 80
     30         to = 80
     31       }
     32       port "api_http" {}
     33       port "proxy_https" {
     34         static = 44396
     35       }
     36     }
     37 
     38     task "nginx_proxy" {
     39       driver = "podman"
     40 
     41       config {
     42         image = "docker.io/library/nginx:stable-alpine"
     43         ports = ["proxy_https"]
     44         volumes = [
     45           # mount the templated config from the task directory to the container
     46           "local/nginx-proxy.conf:/etc/nginx/conf.d/default.conf",
     47         ]
     48       }
     49 
     50       volume_mount {
     51         volume = "tls"
     52         destination = "/etc/letsencrypt"
     53       }
     54 
     55       template {
     56         destination = "${NOMAD_TASK_DIR}/nginx-proxy.conf"
     57         data = file("./templates/nginx-proxy.conf.tmpl")
     58       }
     59 
     60       resources {
     61         memory = 50
     62         memory_max = 256
     63         cpu    = 200
     64       }
     65     }
     66 
     67     task "frontend" {
     68       driver = "podman"
     69 
     70       config {
     71         # All Vite env variables are backed into the image
     72         # - https://code.in0rdr.ch/myheats/file/Jenkinsfile.html
     73         # In library mode, all import.meta.env.* usage are statically replaced
     74         # when building for production (vite build):
     75         # - https://vite.dev/guide/build.html#library-mode
     76         image = "127.0.0.1:5000/myheats-frontend:93e00d65e00f498f8987b38986c7345a5ed41068"
     77 	force_pull = true
     78         ports = ["frontend_http"]
     79       }
     80 
     81       resources {
     82         memory = 100
     83         memory_max = 256
     84         cpu    = 300
     85       }
     86     }
     87 
     88     task "backend" {
     89       driver = "podman"
     90 
     91       config {
     92         image = "127.0.0.1:5000/myheats-api:93e00d65e00f498f8987b38986c7345a5ed41068"
     93         force_pull = true
     94         ports = ["api_http"]
     95         volumes = [
     96           # mount the templated config from the task directory to the container
     97           "secrets/backend-env:/app/.env.local",
     98         ]
     99       }
    100 
    101       template {
    102         # render sensitive env vars in a template from Vault secrets
    103         env = true
    104         destination = "${NOMAD_SECRETS_DIR}/backend-env"
    105         data = file("./templates/backend-env.local.tmpl")
    106       }
    107 
    108       resources {
    109         memory = 124
    110         memory_max = 512
    111         cpu    = 300
    112       }
    113     }
    114   }
    115 }