aboutsummaryrefslogblamecommitdiff
path: root/cluster/prod/app/garage/deploy/garage.hcl
blob: 0a89a89168cd12cccce9dfe3613312e3ccebbb37 (plain) (tree)
1
2
3
4
5
6
7
8
9
10
              
                                                  


                 




                             




                                  
                                    
                                  

     




                              



                       
                                      






                                                 
                                










                                            














                                                               
                 
                     
                         


                  

                          



























                                                                                 




                                          
                           
         

                             
                           
                                                                
               
                                  
                      







                                   








                                                                                  


               


                         
                                                                                                              


                                                                                                       
                                                               
                             
         

                             
                           
                                                                
               
                                  
                      







                                   
                                                                                  
               



                                     

                          


         



                                     
                           
         

                             
                           
                                                                
               
                                  
                      







                                   








                                                                                  



       
job "garage" {
  datacenters = [ "neptune", "bespin", "scorpio" ]
  type = "system"
  priority = 80

  update {
    max_parallel = 1
    min_healthy_time  = "60s"
  }

  group "garage" {
    network {
      port "s3" { static = 3900 }
      port "rpc" { static = 3901 }
      port "web" { static = 3902 }
      port "admin" { static = 3903 }
      port "k2v" { static = 3904 }
    }

    update {
      max_parallel = 1
      min_healthy_time = "30s"
      healthy_deadline = "5m"
    }

    task "server" {
      driver = "docker"
      config {
        image = "dxflrs/garage:v0.8.2"
        command = "/garage"
        args = [ "server" ]
        network_mode = "host"
        volumes = [
          "/mnt/storage/garage/data:/data",
          "/mnt/ssd/garage/meta:/meta",
          "secrets/garage.toml:/etc/garage.toml",
          "secrets:/etc/garage",
        ]
        logging {
          type = "journald"
        }
      }

      template {
        data = file("../config/garage.toml")
        destination = "secrets/garage.toml"
      }

      template {
        data = "{{ key \"secrets/consul/consul-ca.crt\" }}"
        destination = "secrets/consul-ca.crt"
      }

      template {
        data = "{{ key \"secrets/consul/consul-client.crt\" }}"
        destination = "secrets/consul-client.crt"
      }

      template {
        data = "{{ key \"secrets/consul/consul-client.key\" }}"
        destination = "secrets/consul-client.key"
      }

      resources {
        memory = 1000
        memory_max = 3000
        cpu = 1000
      }

      kill_timeout = "20s"

      restart {
        interval = "30m"
        attempts = 10
        delay    = "15s"
        mode     = "delay"
      }

      #### Configuration for service ports: admin port (internal use only)

      service {
        port = "admin"
        address_mode = "host"
        name = "garage-admin"
        # Check that Garage is alive and answering TCP connections
        check {
          type = "tcp"
          interval = "60s"
          timeout = "5s"
          check_restart {
            limit = 3
            grace = "90s"
            ignore_warnings = false
          }
        }
      }

      #### Configuration for service ports: externally available ports (API, web)

      service {
        tags = [
          "garage_api",
          "tricot garage.deuxfleurs.fr",
          "tricot *.garage.deuxfleurs.fr",
          "tricot-site-lb",
        ]
        port = "s3"
        address_mode = "host"
        name = "garage-api"
        # Check 1: Garage is alive and answering TCP connections
        check {
          name = "garage-api-live"
          type = "tcp"
          interval = "60s"
          timeout = "5s"
          check_restart {
            limit = 3
            grace = "90s"
            ignore_warnings = false
          }
        }
        # Check 2: Garage is in a healthy state and requests should be routed here
        check {
          name = "garage-api-healthy"
          port = "admin"
          type = "http"
          path = "/health"
          interval = "60s"
          timeout = "5s"
        }
      }

      service {
        tags = [
            "garage-web",
            "tricot * 1",
            "tricot-add-header Content-Security-Policy default-src https: 'unsafe-inline'; object-src 'none'",
            "tricot-add-header Strict-Transport-Security max-age=63072000; includeSubDomains; preload",
            "tricot-add-header X-Frame-Options SAMEORIGIN",
            "tricot-add-header X-XSS-Protection 1; mode=block",
            "tricot-add-header X-Content-Type-Options nosniff",
            "tricot-site-lb",
        ]
        port = "web"
        address_mode = "host"
        name = "garage-web"
        # Check 1: Garage is alive and answering TCP connections
        check {
          name = "garage-web-live"
          type = "tcp"
          interval = "60s"
          timeout = "5s"
          check_restart {
            limit = 3
            grace = "90s"
            ignore_warnings = false
          }
        }
        # Check 2: Garage is in a healthy state and requests should be routed here
        check {
          name = "garage-web-healthy"
          port = "admin"
          type = "http"
          path = "/health"
          interval = "60s"
          timeout = "5s"
        }
      }

      service {
        tags = [
          "garage_k2v",
          "tricot k2v.deuxfleurs.fr",
          "tricot-site-lb",
        ]
        port = "k2v"
        address_mode = "host"
        name = "garage-k2v"
        # Check 1: Garage is alive and answering TCP connections
        check {
          name = "garage-k2v-live"
          type = "tcp"
          interval = "60s"
          timeout = "5s"
          check_restart {
            limit = 3
            grace = "90s"
            ignore_warnings = false
          }
        }
        # Check 2: Garage is in a healthy state and requests should be routed here
        check {
          name = "garage-k2v-healthy"
          port = "admin"
          type = "http"
          path = "/health"
          interval = "60s"
          timeout = "5s"
        }
      }
    }
  }
}