diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index dfca3e4..f894cc3 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -47,8 +47,9 @@ jobs: - name: Deploy to Nomad run: | + SHA=$(git rev-parse --short HEAD) nomad job validate ${SERVICE_NAME}.nomad - nomad job run ${SERVICE_NAME}.nomad + nomad job run -var="image_tag=${SHA}" ${SERVICE_NAME}.nomad env: NOMAD_ADDR: "https://nomad.i80.dk:4646" diff --git a/devops-dash.nomad b/devops-dash.nomad index d16f9c8..1ebd8b7 100644 --- a/devops-dash.nomad +++ b/devops-dash.nomad @@ -1,19 +1,61 @@ +variable "service_name" { + description = "Service name for consistent naming" + type = string + default = "devops-dash" +} + +variable "image_tag" { + description = "Docker image tag to deploy" + type = string + default = "latest" +} + job "devops-dash" { datacenters = ["dc1"] type = "service" - constraint { - attribute = "${node.unique.name}" - value = "autobox.i80.dk" + meta { + uuid = uuidv4() + service_name = var.service_name + } + + update { + stagger = "30s" + max_parallel = 1 + auto_revert = true + progress_deadline = "15m" } group "devops-dash" { count = 1 + constraint { + attribute = "${node.unique.name}" + value = "autobox.i80.dk" + } + + update { + canary = 1 + auto_promote = true + min_healthy_time = "15s" + healthy_deadline = "10m" + progress_deadline = "15m" + auto_revert = true + } + network { port "http" {} } + reschedule { + attempts = 5 + interval = "10m" + delay = "30s" + delay_function = "exponential" + max_delay = "120s" + unlimited = false + } + # host volume disabled until autobox is configured. # To enable: add to /etc/nomad.d/client.hcl on autobox: # host_volume "devops-mcp-data" { @@ -28,6 +70,30 @@ job "devops-dash" { # source = "devops-mcp-data" # } + service { + provider = "consul" + name = var.service_name + port = "http" + + tags = [ + "traefik.enable=true", + "traefik.http.routers.${var.service_name}.rule=Host(`dash.i80.dk`)", + "traefik.http.routers.${var.service_name}.tls=true", + "traefik.http.middlewares.${var.service_name}-limit.ratelimit.burst=20", + "traefik.http.middlewares.${var.service_name}-limit.ratelimit.period=1m", + "traefik.http.routers.${var.service_name}.middlewares=${var.service_name}-limit" + ] + + check { + name = "http_health_check" + type = "http" + port = "http" + path = "/health" + interval = "10s" + timeout = "5s" + } + } + task "devops-dash" { driver = "docker" @@ -38,7 +104,7 @@ job "devops-dash" { # } config { - image = "registry.i80.dk/gitea/devops-dash:latest" + image = "registry.i80.dk/gitea/devops-dash:${var.image_tag}" ports = ["http"] force_pull = true @@ -57,11 +123,11 @@ EOH } env { - PORT = "${NOMAD_PORT_http}" - HOST = "0.0.0.0" - REDIS_URL = "redis://192.168.15.124:6379" - DEVOPS_MCP_URL = "https://devops-mcp.i80.dk" - DATA_DIR = "/data" + PORT = "${NOMAD_PORT_http}" + HOST = "0.0.0.0" + REDIS_URL = "redis://192.168.15.124:6379" + DEVOPS_MCP_URL = "https://devops-mcp.i80.dk" + DATA_DIR = "/data" PYTHONUNBUFFERED = "1" } @@ -69,26 +135,6 @@ EOH cpu = 200 memory = 256 } - - service { - provider = "consul" - name = "devops-dash" - port = "http" - - tags = [ - "traefik.enable=true", - "traefik.http.routers.devops-dash.rule=Host(`dash.i80.dk`)", - "traefik.http.routers.devops-dash.tls=true", - "traefik.http.routers.devops-dash.tls.certresolver=letsencrypt", - ] - - check { - type = "http" - path = "/health" - interval = "15s" - timeout = "3s" - } - } } } }