myheats-demo.nomad (2109B)
1 job "myheats-demo" { 2 datacenters = ["dc1"] 3 4 priority = 80 5 6 vault {} 7 8 group "server" { 9 count = 1 10 11 volume "tls" { 12 type = "csi" 13 source = "certbot" 14 access_mode = "multi-node-multi-writer" 15 attachment_mode = "file-system" 16 } 17 18 network { 19 port "frontend_http" { 20 to = 80 21 } 22 port "api_http" {} 23 24 port "frontend_https" { 25 static = 44396 26 } 27 port "api_https" { 28 static = 44407 29 } 30 } 31 32 task "nginx" { 33 driver = "podman" 34 35 config { 36 image = "docker.io/library/nginx:stable-alpine" 37 ports = ["frontend_https", "api_https"] 38 volumes = [ 39 # mount the templated config from the task directory to the container 40 "local/myheats-demo.conf:/etc/nginx/conf.d/myheats-demo.conf", 41 ] 42 } 43 44 volume_mount { 45 volume = "tls" 46 destination = "/etc/letsencrypt" 47 } 48 49 template { 50 destination = "${NOMAD_TASK_DIR}/myheats-demo.conf" 51 data = file("./templates/nginx.conf.tmpl") 52 } 53 54 resources { 55 memory = 50 56 memory_max = 256 57 cpu = 200 58 } 59 } 60 61 task "frontend" { 62 driver = "podman" 63 64 config { 65 image = "127.0.0.1:5000/myheats-nginx:latest" 66 force_pull = true 67 ports = ["frontend_http"] 68 } 69 70 resources { 71 memory = 100 72 memory_max = 256 73 cpu = 300 74 } 75 } 76 77 task "backend" { 78 driver = "podman" 79 80 config { 81 image = "127.0.0.1:5000/myheats:latest" 82 force_pull = true 83 ports = ["api_http"] 84 volumes = [ 85 # mount the templated config from the task directory to the container 86 "secrets/env:/app/.env.local", 87 ] 88 } 89 90 template { 91 # render sensitive env vars in a template from Vault secrets 92 env = true 93 destination = "${NOMAD_SECRETS_DIR}/env" 94 data = file("./templates/backend-env.local.tmpl") 95 } 96 97 resources { 98 memory = 50 99 memory_max = 128 100 cpu = 200 101 } 102 } 103 } 104 }