cluster/prod/app/core/deploy/diplonat.hcl


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68

job "core-diplonat" {
  datacenters = ["neptune", "scorpio", "bespin"]
  type = "system"
  priority = 90

  update {
    max_parallel = 2
    stagger = "1m"
  }

  group "diplonat" {
    task "diplonat" {
      driver = "docker"

      config {
        image = "lxpz/amd64_diplonat:6"
        network_mode = "host"
        readonly_rootfs = true
        privileged = true
        volumes = [
          "secrets:/etc/diplonat",
        ]
      }

      restart {
        interval = "5m"
        attempts = 10
        delay    = "15s"
        mode     = "delay"
      }

      template {
        data = "{{ key \"secrets/consul/consul.crt\" }}"
        destination = "secrets/consul.crt"
      }

      template {
        data = "{{ key \"secrets/consul/consul-client.crt\" }}"
        destination = "secrets/consul-client.crt"
      }

      template {
        data = "{{ key \"secrets/consul/consul-client.key\" }}"
        destination = "secrets/consul-client.key"
      }

      template {
        data = <<EOH
DIPLONAT_REFRESH_TIME=60
DIPLONAT_EXPIRATION_TIME=300
DIPLONAT_CONSUL_NODE_NAME={{ env "attr.unique.hostname" }}
DIPLONAT_CONSUL_URL=https://consul.service.prod.consul:8501
DIPLONAT_CONSUL_TLS_SKIP_VERIFY=true
DIPLONAT_CONSUL_CLIENT_CERT=/etc/diplonat/consul-client.crt
DIPLONAT_CONSUL_CLIENT_KEY=/etc/diplonat/consul-client.key
RUST_LOG=debug
EOH
        destination = "secrets/env"
        env = true
      }

      resources {
        memory = 100
        memory_max = 200
      }
    }
  }
}