Merge pull request #23 from wenzel-felix/advancedexample

Advanced example & dependency fix

examples/advanced-setup/main.tf

@@ -1,6 +1,61 @@
 module "hetzner-nomad-consul" {
     source = "../../"
     hetzner_token = var.hetzner_token
+    nomad_client_count = 1
+}
+
+terraform {
+  required_providers {
+    cloudflare = {
+      source  = "cloudflare/cloudflare"
+      version = "~> 3.0"
+    }
+    hcloud = {
+      source  = "hetznercloud/hcloud"
+      version = "1.36.2"
+    }
+  }
+}
+
+provider "hcloud" {
+  token = var.hetzner_token
+}
+
+data "hcloud_server" "client-0" {
+  name = [for key, value in module.hetzner-nomad-consul.server_info: key if length(regexall("client-0.*", key)) > 0][0]
+}
+
+resource "hcloud_firewall" "traefik" {
+  name = "traefik"
+
+  rule {
+    direction = "in"
+    protocol  = "tcp"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+    port = "8081"
+  }
+    rule {
+    direction = "in"
+    protocol  = "tcp"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+    port = "80"
+  }
+}
+
+resource "hcloud_firewall_attachment" "traefik" {
+  depends_on = [
+    module.hetzner-nomad-consul
+  ]
+  firewall_id = hcloud_firewall.traefik.id
+  server_ids = [
+    data.hcloud_server.client-0.id
+  ]
 }
 
 output "server_info" {
@@ -13,4 +68,28 @@ output "nomad_token" {
 
 output "nomad_address" {
   value = module.hetzner-nomad-consul.nomad_address
-}
+}
+
+provider "cloudflare" {
+  api_token = var.cloudflare_token
+}
+
+resource "cloudflare_record" "nomad" {
+  zone_id = var.cloudflare_zone_id
+  name    = "nomad"
+  type    = "A"
+  proxied = true
+  value   = split(":", split("//", module.hetzner-nomad-consul.nomad_address)[1])[0]
+}
+
+locals {
+  traefik_ip = [for key, value in module.hetzner-nomad-consul.server_info: value.public_ip if length(regexall("client-0.*", key)) > 0][0]
+}
+
+resource "cloudflare_record" "traefik" {
+  zone_id = var.cloudflare_zone_id
+  name    = "traefik"
+  type    = "A"
+  proxied = true
+  value   = local.traefik_ip
+}

examples/advanced-setup/nomad/jobs/demo-webapp.nomad

@@ -0,0 +1,43 @@
+job "demo-webapp" {
+  datacenters = ["dc1"]
+
+  group "demo" {
+    count = 2
+
+    network {
+      port "http" {
+        static = 8888
+      }
+    }
+
+    service {
+      name = "demo-webapp"
+      port = "http"
+
+      tags = [
+        "traefik.enable=true",
+        "traefik.http.routers.http.rule=Path(`/`)",
+      ]
+
+      check {
+        type     = "http"
+        path     = "/health"
+        interval = "2s"
+        timeout  = "2s"
+      }
+    }
+
+    task "server" {
+      driver = "docker"
+
+      config {
+        image        = "hashicorp/http-echo"
+        network_mode = "host"
+        args = [
+          "-listen", ":8888",
+          "-text", "Hello World!",
+        ]
+      }
+    }
+  }
+}

examples/advanced-setup/nomad/jobs/traefik.nomad

@@ -0,0 +1,79 @@
+job "traefik" {
+  region      = "global"
+  datacenters = ["dc1"]
+  type        = "service"
+
+  group "traefik" {
+    count = 1
+
+    network {
+      port "http" {
+        static = 80
+      }
+
+      port "api" {
+        static = 8081
+      }
+    }
+
+    service {
+      name = "traefik"
+
+      check {
+        name     = "alive"
+        type     = "tcp"
+        port     = "http"
+        interval = "10s"
+        timeout  = "2s"
+      }
+    }
+
+    task "traefik" {
+      constraint {
+        attribute = "${attr.unique.hostname}"
+        operator  = "regexp"
+        value     = "client-0.*"
+      }
+      driver = "docker"
+
+      config {
+        image        = "traefik:v2.2"
+        network_mode = "host"
+
+        volumes = [
+          "local/traefik.toml:/etc/traefik/traefik.toml",
+        ]
+      }
+
+      template {
+        data = <<EOF
+[entryPoints]
+    [entryPoints.http]
+    address = ":80"
+    [entryPoints.traefik]
+    address = ":8081"
+
+[api]
+    dashboard = true
+    insecure  = true
+
+# Enable Consul Catalog configuration backend.
+[providers.consulCatalog]
+    prefix           = "traefik"
+    exposedByDefault = false
+
+    [providers.consulCatalog.endpoint]
+      address = "127.0.0.1:8500"
+      scheme  = "http"
+EOF
+
+        destination = "local/traefik.toml"
+      }
+
+      resources {
+        cpu    = 100
+        memory = 128
+      }
+    }
+  }
+}

examples/advanced-setup/nomad/main.tf

@@ -7,128 +7,12 @@ resource "nomad_job" "demo-webapp" {
   depends_on = [
     nomad_job.traefik
   ]
-  jobspec = <<EOT
-job "demo-webapp" {
-  datacenters = ["dc1"]
-
-  group "demo" {
-    count = 1
-
-    network {
-      port  "http"{
-        static = 8888
-      }
-    }
-
-    service {
-      name = "demo-webapp"
-      port = "http"
-
-      tags = [
-        "traefik.enable=true",
-        "traefik.http.routers.http.rule=Path(`/`)",
-      ]
-
-      check {
-        type     = "http"
-        path     = "/health"
-        interval = "2s"
-        timeout  = "2s"
-      }
-    }
-
-    task "server" {
-      driver = "docker"
-
-      config {
-        image = "hashicorp/http-echo"
-        network_mode = "host"
-        args  = [
-          "-listen", ":8888",
-          "-text", "Hello World!",
-        ]
-      }
-    }
+  jobspec = file("jobs/demo-webapp.nomad")
+  lifecycle {
+    replace_triggered_by = [nomad_job.traefik]
   }
 }
-EOT
-}
 
 resource "nomad_job" "traefik" {
-  jobspec = <<EOT
-job "traefik" {
-  region      = "global"
-  datacenters = ["dc1"]
-  type        = "service"
-
-  group "traefik" {
-    count = 1
-
-    network {
-      port "http" {
-        static = 8080
-      }
-
-      port "api" {
-        static = 8081
-      }
-    }
-
-    service {
-      name = "traefik"
-
-      check {
-        name     = "alive"
-        type     = "tcp"
-        port     = "http"
-        interval = "10s"
-        timeout  = "2s"
-      }
-    }
-
-    task "traefik" {
-      driver = "docker"
-
-      config {
-        image        = "traefik:v2.2"
-        network_mode = "host"
-
-        volumes = [
-          "local/traefik.toml:/etc/traefik/traefik.toml",
-        ]
-      }
-
-      template {
-        data = <<EOF
-[entryPoints]
-    [entryPoints.http]
-    address = ":8080"
-    [entryPoints.traefik]
-    address = ":8081"
-
-[api]
-    dashboard = true
-    insecure  = true
-
-# Enable Consul Catalog configuration backend.
-[providers.consulCatalog]
-    prefix           = "traefik"
-    exposedByDefault = false
-
-    [providers.consulCatalog.endpoint]
-      address = "127.0.0.1:8500"
-      scheme  = "http"
-EOF
-
-        destination = "local/traefik.toml"
-      }
-
-      resources {
-        cpu    = 100
-        memory = 128
-      }
-    }
-  }
+  jobspec = file("jobs/traefik.nomad")
 }
-EOT
-}

examples/advanced-setup/test.auto.tfvars.example

@@ -1 +1,3 @@
-hetzner_token = "<your token>"
+hetzner_token = "<your token>"
+cloudflare_token = "<your token>"
+cloudflare_zone_id = "<your zone id>"

examples/advanced-setup/variables.tf

@@ -1,4 +1,14 @@
 variable "hetzner_token" {
   type        = string
   description = "Hetzner Cloud API Token"
+}
+
+variable "cloudflare_token" {
+  type = string
+  description = "Cloudflare API Token"
+}
+
+variable "cloudflare_zone_id" {
+  type = string
+  description = "Cloudflare Zone ID"
 }

main.tf

@@ -321,9 +321,12 @@ resource "hcloud_firewall" "default" {
   }
 }
 
-resource "hcloud_firewall_attachment" "fw_ref" {
+resource "hcloud_firewall_attachment" "default" {
+  depends_on = [
+    hcloud_server.main
+  ]
   firewall_id = hcloud_firewall.default.id
-  label_selectors  = ["nomad-server", "nomad-client"]
+  label_selectors = [ "nomad-server", "nomad-client" ]
 }
 
 resource "hcloud_load_balancer" "app_load_balancer" {