brodul / nomad-vultr-example
Setup of Nomad on Vultr with Traefik reverse proxy
๐ฅ Clone
https://github.com/brodul/nomad-vultr-example.git
Nomad on Vultr
An example repo of running Hashicorp Nomad on Vultr with Traefik as a reverse proxy.
Slides can be found here:
https://2ly.link/1xvZY
Create a Vultr account
Create a Vultr account and get a Vultr token.
Terraform apply
First, ensure you have Terraform installed. Then, follow these steps:
- Initialize Terraform:
terraform init- Plan your infrastructure:
terraform plan- Apply the changes:
terraform applyAfter applying, a hostfile.txt will be generated, which can be utilized for debugging and inspection using tools like pssh.
Configuration
Bootstrap ACL
Follow these steps to configure Bootstrap ACL:
- Set the Nomad address:
export NOMAD_ADDR="http://$(head -n 1 hosts.txt):4646"- Bootstrap Nomad:
nomad acl bootstrapIf there is an error wait for a bit (5min), so that the cluster builds up.
- Store the bootstrap token:
echo "BOOTSTRAP_SECRET_ID" > bootstrap.token
export NOMAD_TOKEN=$(cat bootstrap.token)- View Nomad server members:
nomad server membersTraefik Policy and Token
Apply policy for Traefik to access Nomad jobs:
nomad acl policy apply traefik traefik_acl_policy.nomad.hclGenerate a token for Traefik:
nomad acl token create -name traefik_token -policy traefik
export TRAEFIK_TOKEN="TRAEFIK_SECRET_ID"Set Traefik Token and Deploy
Set the token and deploy Traefik:
nomad var put -namespace default nomad/jobs/traefik-system/traefik/server token=$TRAEFIK_TOKEN address=$NOMAD_ADDR
nomad job run traefik.nomad.hclDeploy Whoami
Deploy Whoami service:
nomad job run whoami.nomad.hclWarning
For production environments, consider implementing mTLS between clients and servers. Additionally, ensure better ACL configurations for sensitive variables like the Traefik token. Traefik is listening to only one server.
Contact
If you have any questions, suggestions, or feedback, feel free to reach out to me:Email: andraz โค brodnik AT brodul โค org