nomad

HCL and Docker files for Nomad deployments
git clone https://git.in0rdr.ch/nomad.git
Log | Files | Refs | Pull requests |Archive

myheats-demo-stable.nomad (2531B)

      1 # This job uses the stable images from the registry
      2 # No build/prepare steps are done here, all is read from the image
      3 
      4 job "myheats-demo" {
      5   datacenters = ["dc1"]
      6 
      7   vault {}
      8 
      9   priority = 80
     10 
     11   group "server" {
     12     count = 1
     13 
     14     volume "tls" {
     15       type = "csi"
     16       source = "certbot"
     17       access_mode = "multi-node-multi-writer"
     18       attachment_mode = "file-system"
     19     }
     20 
     21     network {
     22       port "frontend_http" {
     23         # Nginx default image always listens on 80
     24         to = 80
     25       }
     26       port "api_http" {}
     27       port "proxy_https" {
     28         static = 44396
     29       }
     30     }
     31 
     32     task "nginx_proxy" {
     33       driver = "podman"
     34 
     35       config {
     36         image = "docker.io/library/nginx:stable-alpine"
     37         ports = ["proxy_https"]
     38         volumes = [
     39           # mount the templated config from the task directory to the container
     40           "local/nginx-proxy.conf:/etc/nginx/conf.d/default.conf",
     41         ]
     42       }
     43 
     44       volume_mount {
     45         volume = "tls"
     46         destination = "/etc/letsencrypt"
     47       }
     48 
     49       template {
     50         destination = "${NOMAD_TASK_DIR}/nginx-proxy.conf"
     51         data = file("./templates/nginx-proxy.conf.tmpl")
     52       }
     53 
     54       resources {
     55         memory = 50
     56         memory_max = 256
     57         cpu    = 200
     58       }
     59     }
     60 
     61     task "frontend" {
     62       driver = "podman"
     63 
     64       config {
     65         # All Vite env variables are backed into the image
     66         # - https://code.in0rdr.ch/myheats/file/Jenkinsfile.html
     67         # In library mode, all import.meta.env.* usage are statically replaced
     68         # when building for production (vite build):
     69         # - https://vite.dev/guide/build.html#library-mode
     70         image = "127.0.0.1:5000/myheats-frontend:latest"
     71 	force_pull = true
     72         ports = ["frontend_http"]
     73       }
     74 
     75       resources {
     76         memory = 100
     77         memory_max = 256
     78         cpu    = 300
     79       }
     80     }
     81 
     82     task "backend" {
     83       driver = "podman"
     84 
     85       config {
     86         image = "127.0.0.1:5000/myheats-api:latest"
     87         force_pull = true
     88         ports = ["api_http"]
     89         volumes = [
     90           # mount the templated config from the task directory to the container
     91           "secrets/backend-env:/app/.env.local",
     92         ]
     93       }
     94 
     95       template {
     96         # render sensitive env vars in a template from Vault secrets
     97         env = true
     98         destination = "${NOMAD_SECRETS_DIR}/backend-env"
     99         data = file("./templates/backend-env.local.tmpl")
    100       }
    101 
    102       resources {
    103         memory = 124
    104         memory_max = 512
    105         cpu    = 300
    106       }
    107     }
    108   }
    109 }