diff --git a/.secrets.baseline b/.secrets.baseline index cc41aac..28f363c 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -100,10 +100,10 @@ "filename": "cache.nomad", "hashed_secret": "d969831eb8a99cff8c02e681f43289e5d3d69664", "is_verified": false, - "line_number": 187, + "line_number": 99, "is_secret": false } ] }, - "generated_at": "2022-05-30T08:18:31Z" + "generated_at": "2022-06-17T14:17:04Z" } diff --git a/cache.nomad b/cache.nomad index cbf13a1..cfb670d 100644 --- a/cache.nomad +++ b/cache.nomad @@ -24,30 +24,23 @@ job "cache" { canary = 1 } migrate { - # Specifies the number of task groups that can be migrated at the same - # time. This number must be less than the total count for the group as - # (count - max_parallel) will be left running during migrations. max_parallel = 1 - - # Specifies the mechanism in which allocations health is determined. The - # potential values are "checks" or "task_states". health_check = "checks" - - # Specifies the minimum time the allocation must be in the healthy state - # before it is marked as healthy and unblocks further allocations from being - # migrated. This is specified using a label suffix like "30s" or "15m". min_healthy_time = "10s" - - # Specifies the deadline in which the allocation must be marked as healthy - # after which the allocation is automatically transitioned to unhealthy. This - # is specified using a label suffix like "2m" or "1h". healthy_deadline = "5m" } group "cache" { count = 1 + volume "REDIS" { + type = "csi" + source = "REDIS" + attachment_mode = "file-system" + access_mode = "single-node-reader-only" + read_only = true + per_alloc = true + } network { port "db" { - static = 6379 to = 6379 } } @@ -63,226 +56,57 @@ job "cache" { interval = "10s" timeout = "2s" } - } - # The "restart" stanza configures a group's behavior on task failure. If - # left unspecified, a default restart policy is used based on the job type. - # - # For more information and examples on the "restart" stanza, please see - # the online documentation at: - # - # https://www.nomadproject.io/docs/job-specification/restart - # restart { - # The number of attempts to run the job within the specified interval. + attempts = 2 interval = "30m" - # The "delay" parameter specifies the duration to wait before restarting - # a task after it has failed. delay = "15s" - # The "mode" parameter controls what happens when a task has restarted - # "attempts" times within the interval. "delay" mode delays the next - # restart until the next interval. "fail" mode does not restart the task - # if "attempts" has been hit within the interval. mode = "fail" } - # The "ephemeral_disk" stanza instructs Nomad to utilize an ephemeral disk - # instead of a hard disk requirement. Clients using this stanza should - # not specify disk requirements in the resources stanza of the task. All - # tasks in this group will share the same ephemeral disk. - # - # For more information and examples on the "ephemeral_disk" stanza, please - # see the online documentation at: - # - # https://www.nomadproject.io/docs/job-specification/ephemeral_disk - # ephemeral_disk { - # When sticky is true and the task group is updated, the scheduler - # will prefer to place the updated allocation on the same node and - # will migrate the data. This is useful for tasks that store data - # that should persist across allocation updates. - # sticky = true - # - # Setting migrate to true results in the allocation directory of a - # sticky allocation directory to be migrated. - # migrate = true - # - # The "size" parameter specifies the size in MB of shared ephemeral disk - # between tasks in the group. + sticky = true + migrate = true size = 300 } - # The "affinity" stanza enables operators to express placement preferences - # based on node attributes or metadata. - # - # For more information and examples on the "affinity" stanza, please - # see the online documentation at: - # - # https://www.nomadproject.io/docs/job-specification/affinity - # affinity { attribute = "${node.datacenter}" - - value = "dc1" - - weight = 100 } - - # The "spread" stanza allows operators to increase the failure tolerance of - # their applications by specifying a node attribute that allocations - # should be spread over. - # - # For more information and examples on the "spread" stanza, please - # see the online documentation at: - # - # https://www.nomadproject.io/docs/job-specification/spread - # - # spread { - # attribute specifies the name of a node attribute or metadata - # attribute = "${node.datacenter}" - - - # targets can be used to define desired percentages of allocations - # for each targeted attribute value. - # - # target "us-east1" { - # percent = 60 - # } - # target "us-west1" { - # percent = 40 - # } - # } - - # The "task" stanza creates an individual unit of work, such as a Docker - # container, web application, or batch processing. - # - # For more information and examples on the "task" stanza, please see - # the online documentation at: - # - # https://www.nomadproject.io/docs/job-specification/task - # task "redis" { # The "driver" parameter specifies the task driver that should be used to # run the task. driver = "docker" - # The "config" stanza specifies the driver configuration, which is passed - # directly to the driver to start the task. The details of configurations - # are specific to each driver, so please see specific driver - # documentation for more information. config { image = "public.ecr.aws/ubuntu/redis:latest" ports = ["db"] } + volume_mount { + volume = "REDIS" + destination = "${NOMAD_ALLOC_DIR}/volume" + } env { TZ = "Europe/Rome" REDIS_PASSWORD = "temp" } - # The "artifact" stanza instructs Nomad to download an artifact from a - # remote source prior to starting the task. This provides a convenient - # mechanism for downloading configuration files or data needed to run the - # task. It is possible to specify the "artifact" stanza multiple times to - # download multiple artifacts. - # - # For more information and examples on the "artifact" stanza, please see - # the online documentation at: - # - # https://www.nomadproject.io/docs/job-specification/artifact - # - # artifact { - # source = "http://foo.com/artifact.tar.gz" - # options { - # checksum = "md5:c4aa853ad2215426eb7d70a21922e794" - # } - # } - - # The "logs" stanza instructs the Nomad client on how many log files and - # the maximum size of those logs files to retain. Logging is enabled by - # default, but the "logs" stanza allows for finer-grained control over - # the log rotation and storage configuration. - # - # For more information and examples on the "logs" stanza, please see - # the online documentation at: - # - # https://www.nomadproject.io/docs/job-specification/logs - # logs { max_files = 10 max_file_size = 15 } - - # The "resources" stanza describes the requirements a task needs to - # execute. Resource requirements include memory, cpu, and more. - # This ensures the task will execute on a machine that contains enough - # resource capacity. - # - # For more information and examples on the "resources" stanza, please see - # the online documentation at: - # - # https://www.nomadproject.io/docs/job-specification/resources - # resources { - cpu = 500 # 500 MHz - memory = 256 # 256MB + cpu = 50 # 500 MHz + memory = 125 # 256MB } - - - # The "template" stanza instructs Nomad to manage a template, such as - # a configuration file or script. This template can optionally pull data - # from Consul or Vault to populate runtime configuration data. - # - # For more information and examples on the "template" stanza, please see - # the online documentation at: - # - # https://www.nomadproject.io/docs/job-specification/template - # - # template { - # data = "---\nkey: {{ key \"service/my-key\" }}" - # destination = "local/file.yml" - # change_mode = "signal" - # change_signal = "SIGHUP" - # } - - # The "template" stanza can also be used to create environment variables - # for tasks that prefer those to config files. The task will be restarted - # when data pulled from Consul or Vault changes. - # - # template { - # data = "KEY={{ key \"service/my-key\" }}" - # destination = "local/file.env" - # env = true - # } - - # The "vault" stanza instructs the Nomad client to acquire a token from - # a HashiCorp Vault server. The Nomad servers must be configured and - # authorized to communicate with Vault. By default, Nomad will inject - # The token into the job via an environment variable and make the token - # available to the "template" stanza. The Nomad client handles the renewal - # and revocation of the Vault token. - # - # For more information and examples on the "vault" stanza, please see - # the online documentation at: - # - # https://www.nomadproject.io/docs/job-specification/vault - # - # vault { - # policies = ["cdn", "frontend"] - # change_mode = "signal" - # change_signal = "SIGHUP" - # } - - # Controls the timeout between signalling a task it will be killed - # and killing the task. If not set a default is used. - # kill_timeout = "20s" } } }