-
-
Save LtdJorge/22225ac6bfcfbd018be2dc9c1d6c1a2a to your computer and use it in GitHub Desktop.
Traefik 2.5 with Consul Connect on Nomad
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Simple example to deploy traefik with consul connect enabled. | |
| # For simplicity the job includes traefik as well as the backend service. | |
| # Please note that traefik currently only supports connect for HTTP. | |
| job "traefik-consul-connect-demo" { | |
| datacenters = ["dc1"] | |
| group "edge" { | |
| network { | |
| mode = "bridge" | |
| port "http" { | |
| to = 8080 | |
| } | |
| } | |
| service { | |
| name = "traefik-ingress" | |
| port = "http" | |
| connect { | |
| native = true | |
| } | |
| } | |
| task "traefik" { | |
| driver = "docker" | |
| config { | |
| image = "traefik:v2.5.2" | |
| args = [ | |
| # Enables connect support, otherwise only http connections would be tried | |
| "--providers.consulcatalog.connectaware=true", | |
| # Make the communication secure by default | |
| "--providers.consulcatalog.connectbydefault=true", | |
| "--providers.consulcatalog.exposedbydefault=false", | |
| "--entrypoints.http=true", | |
| "--entrypoints.http.address=:8080", | |
| # The service name below should match the nomad/consul service above | |
| # and is used for intentions in consul | |
| "--providers.consulcatalog.servicename=traefik-ingress", | |
| "--providers.consulcatalog.prefix=traefik", | |
| # Automatically configured by Nomad through CONSUL_* environment variables | |
| # as long as client consul.share_ssl is enabled | |
| # "--providers.consulcatalog.endpoint.address=<socket|address>" | |
| # "--providers.consulcatalog.endpoint.tls.ca=<path>" | |
| # "--providers.consulcatalog.endpoint.tls.cert=<path>" | |
| # "--providers.consulcatalog.endpoint.tls.key=<path>" | |
| # "--providers.consulcatalog.endpoint.token=<token>" | |
| ] | |
| } | |
| env { | |
| # Enable this if nomad is older than 1.1.3 | |
| # CONSUL_TLS_SERVER_NAME = "localhost" | |
| } | |
| } | |
| } | |
| group "backend" { | |
| network { | |
| mode = "bridge" | |
| } | |
| service { | |
| name = "whoami" | |
| port = 80 | |
| tags = [ | |
| "traefik.enable=true", | |
| "traefik.http.routers.whoami.rule=Host(`whoami.example.com`)" | |
| ] | |
| connect { | |
| sidecar_service {} | |
| } | |
| } | |
| # Note: For increased security the service should only listen on localhost | |
| # Otherwise it could be reachable from the outside world without going through connect | |
| task "whoami" { | |
| driver = "docker" | |
| config { | |
| image = "containous/whoami" | |
| } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment