Access staging cluster through IPv6

- for now DiploNAT is no longer used to transfer port
- and it is not yet capable of updating DNS AAAA record,
  so tricot is pinned to a single machine for now

1 files changed, 9 insertions, 2 deletions

diff --git a/app/frontend/deploy/frontend-tricot.hcl b/app/frontend/deploy/frontend-tricot.hcl
index 132fab5..7b9d81a 100644
--- a/app/frontend/deploy/frontend-tricot.hcl
+++ b/app/frontend/deploy/frontend-tricot.hcl
@@ -4,6 +4,11 @@ job "frontend" {
   priority = 90
 
   group "tricot" {
+    constraint {
+      attribute = "${attr.unique.hostname}"
+      value = "caribou"
+    }
+
     network {
       port "http_port" { static = 80 }
       port "https_port" { static = 443 }
@@ -58,6 +63,8 @@ TRICOT_CONSUL_HOST=https://localhost:8501
 TRICOT_CONSUL_CA_CERT=/etc/tricot/consul-ca.crt
 TRICOT_CONSUL_CLIENT_CERT=/etc/tricot/consul-client.crt
 TRICOT_CONSUL_CLIENT_KEY=/etc/tricot/consul-client.key
+TRICOT_HTTP_BIND_ADDR=[::]:80
+TRICOT_HTTPS_BIND_ADDR=[::]:443
 RUST_LOG=tricot=debug
 EOH
         destination = "secrets/env"
@@ -67,14 +74,14 @@ EOH
       service {
         name = "tricot-http"
         port = "http_port"
-        tags = [ "(diplonat (tcp_port 80))" ]
+        /* tags = [ "(diplonat (tcp_port 80))" ] */
         address_mode = "host"
       }
 
       service {
         name = "tricot-https"
         port = "https_port"
-        tags = [ "(diplonat (tcp_port 443))" ]
+        /* tags = [ "(diplonat (tcp_port 443))" ] */
         address_mode = "host"
       }
     }