From 7bf1467cb14856985e32b048943e4ad726c0384e Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Thu, 16 Mar 2023 15:52:05 +0100 Subject: add albatros --- cluster/staging/app/ci/deploy/albatros.hcl | 90 ++++++++++++++++++++++++++++++ cluster/staging/app/ci/deploy/builder.hcl | 19 +++++-- 2 files changed, 105 insertions(+), 4 deletions(-) create mode 100644 cluster/staging/app/ci/deploy/albatros.hcl diff --git a/cluster/staging/app/ci/deploy/albatros.hcl b/cluster/staging/app/ci/deploy/albatros.hcl new file mode 100644 index 0000000..cf32b08 --- /dev/null +++ b/cluster/staging/app/ci/deploy/albatros.hcl @@ -0,0 +1,90 @@ +job "albatros" { + datacenters = ["neptune", "jupiter", "corrin", "bespin"] + type = "service" + priority = 90 + + constraint { + attribute = "${attr.cpu.arch}" + value = "amd64" + } + + group "main" { + network { + port "http" { to = 8080 } + } + + task "controller" { + driver = "docker" + config { + image = "dxflrs/albatros:28f44e5778235ef4eb88ad9050aeddbe80f3129d" + ports = [ "http" ] + volumes = [ + "secrets/certs:/var/run/secrets/albatros" + ] + } + env { + ALBATROS_URL = "https://albatros.staging.deuxfleurs.org" + NOMAD_ADDR = "https://nomad.service.staging.consul:4646" + NOMAD_CACERT = "/var/run/secrets/albatros/nomad-ca.crt" + NOMAD_CLIENT_CERT = "/var/run/secrets/albatros/nomad-client.crt" + NOMAD_CLIENT_KEY = "/var/run/secrets/albatros/nomad-client.key" + CONSUL_HTTP_ADDR = "https://consul.service.staging.consul:8500" + CONSUL_CACERT = "/var/run/secrets/albatros/consul-ca.crt" + CONSUL_CLIENT_CERT = "/var/run/secrets/albatros/consul-client.crt" + CONSUL_CLIENT_KEY = "/var/run/secrets/albatros/consul-client.key" + } + + template { + data = "{{ key \"secrets/consul/consul-ca.crt\" }}" + destination = "secrets/certs/consul-ca.crt" + } + template { + data = "{{ key \"secrets/consul/consul-client.crt\" }}" + destination = "secrets/certs/consul-client.crt" + } + template { + data = "{{ key \"secrets/consul/consul-client.key\" }}" + destination = "secrets/certs/consul-client.key" + } + + template { + data = "{{ key \"secrets/nomad/nomad-ca.crt\" }}" + destination = "secrets/certs/nomad-ca.crt" + } + template { + data = "{{ key \"secrets/nomad/nomad-client.crt\" }}" + destination = "secrets/certs/nomad-client.crt" + } + template { + data = "{{ key \"secrets/nomad/nomad-client.key\" }}" + destination = "secrets/certs/nomad-client.key" + } + + resources { + cpu = 200 + memory = 200 + } + + service { + name = "albatros" + tags = [ + "albatros", + "tricot albatros.staging.deuxfleurs.org", + "d53-cname albatros.staging.deuxfleurs.org", + ] + port = "http" + check { + type = "tcp" + port = "http" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } + } + } + } +} diff --git a/cluster/staging/app/ci/deploy/builder.hcl b/cluster/staging/app/ci/deploy/builder.hcl index a7b3ddf..ad7a716 100644 --- a/cluster/staging/app/ci/deploy/builder.hcl +++ b/cluster/staging/app/ci/deploy/builder.hcl @@ -6,8 +6,8 @@ job "builder" { priority = 100 parameterized { - payload = "forbidden" - meta_required = [ "REPO_URL", "COMMIT", "BRANCH" ] + payload = "optional" + meta_required = [ "REPO_URL", "COMMIT", "BRANCH", "FLAVOR" ] } reschedule { @@ -22,10 +22,15 @@ job "builder" { args = [ "/tmp/builder.sh" ] volumes = [ "local/builder.sh:/tmp/builder.sh", - "local/nix.conf:/etc/nix/nix.conf" + "local/nix.conf:/etc/nix/nix.conf", + "local/secrets:/var/run/secrets/albatros", ] } + dispatch_payload { + file = "secrets/secret.txt" + } + template { data = <