fix: use versioned image tag via var.image_tag, align Traefik tags with DevOpsMCP pattern
All checks were successful
Build and Deploy DevOpsDash / build-image (push) Successful in 30s
All checks were successful
Build and Deploy DevOpsDash / build-image (push) Successful in 30s
- Add service_name and image_tag variables to nomad job
- Use ${var.image_tag} in image ref instead of hardcoded 'latest'
- CI now passes git SHA as -var='image_tag=<sha>' to nomad job run
- Align Traefik tags with DevOpsMCP pattern (service_name var, rate limiting)
- Add canary update strategy and reschedule block
- Move service block to group level (nomad best practice)
This commit is contained in:
Henrik Jess Nielsen
@@ -47,8 +47,9 @@ jobs:
|
|||||||
|
|
||||||
- name: Deploy to Nomad
|
- name: Deploy to Nomad
|
||||||
run: |
|
run: |
|
||||||
|
SHA=$(git rev-parse --short HEAD)
|
||||||
nomad job validate ${SERVICE_NAME}.nomad
|
nomad job validate ${SERVICE_NAME}.nomad
|
||||||
nomad job run ${SERVICE_NAME}.nomad
|
nomad job run -var="image_tag=${SHA}" ${SERVICE_NAME}.nomad
|
||||||
env:
|
env:
|
||||||
NOMAD_ADDR: "https://nomad.i80.dk:4646"
|
NOMAD_ADDR: "https://nomad.i80.dk:4646"
|
||||||
|
|
||||||
|
|||||||
@@ -1,19 +1,61 @@
|
|||||||
|
variable "service_name" {
|
||||||
|
description = "Service name for consistent naming"
|
||||||
|
type = string
|
||||||
|
default = "devops-dash"
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "image_tag" {
|
||||||
|
description = "Docker image tag to deploy"
|
||||||
|
type = string
|
||||||
|
default = "latest"
|
||||||
|
}
|
||||||
|
|
||||||
job "devops-dash" {
|
job "devops-dash" {
|
||||||
datacenters = ["dc1"]
|
datacenters = ["dc1"]
|
||||||
type = "service"
|
type = "service"
|
||||||
|
|
||||||
constraint {
|
meta {
|
||||||
attribute = "${node.unique.name}"
|
uuid = uuidv4()
|
||||||
value = "autobox.i80.dk"
|
service_name = var.service_name
|
||||||
|
}
|
||||||
|
|
||||||
|
update {
|
||||||
|
stagger = "30s"
|
||||||
|
max_parallel = 1
|
||||||
|
auto_revert = true
|
||||||
|
progress_deadline = "15m"
|
||||||
}
|
}
|
||||||
|
|
||||||
group "devops-dash" {
|
group "devops-dash" {
|
||||||
count = 1
|
count = 1
|
||||||
|
|
||||||
|
constraint {
|
||||||
|
attribute = "${node.unique.name}"
|
||||||
|
value = "autobox.i80.dk"
|
||||||
|
}
|
||||||
|
|
||||||
|
update {
|
||||||
|
canary = 1
|
||||||
|
auto_promote = true
|
||||||
|
min_healthy_time = "15s"
|
||||||
|
healthy_deadline = "10m"
|
||||||
|
progress_deadline = "15m"
|
||||||
|
auto_revert = true
|
||||||
|
}
|
||||||
|
|
||||||
network {
|
network {
|
||||||
port "http" {}
|
port "http" {}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
reschedule {
|
||||||
|
attempts = 5
|
||||||
|
interval = "10m"
|
||||||
|
delay = "30s"
|
||||||
|
delay_function = "exponential"
|
||||||
|
max_delay = "120s"
|
||||||
|
unlimited = false
|
||||||
|
}
|
||||||
|
|
||||||
# host volume disabled until autobox is configured.
|
# host volume disabled until autobox is configured.
|
||||||
# To enable: add to /etc/nomad.d/client.hcl on autobox:
|
# To enable: add to /etc/nomad.d/client.hcl on autobox:
|
||||||
# host_volume "devops-mcp-data" {
|
# host_volume "devops-mcp-data" {
|
||||||
@@ -28,6 +70,30 @@ job "devops-dash" {
|
|||||||
# source = "devops-mcp-data"
|
# source = "devops-mcp-data"
|
||||||
# }
|
# }
|
||||||
|
|
||||||
|
service {
|
||||||
|
provider = "consul"
|
||||||
|
name = var.service_name
|
||||||
|
port = "http"
|
||||||
|
|
||||||
|
tags = [
|
||||||
|
"traefik.enable=true",
|
||||||
|
"traefik.http.routers.${var.service_name}.rule=Host(`dash.i80.dk`)",
|
||||||
|
"traefik.http.routers.${var.service_name}.tls=true",
|
||||||
|
"traefik.http.middlewares.${var.service_name}-limit.ratelimit.burst=20",
|
||||||
|
"traefik.http.middlewares.${var.service_name}-limit.ratelimit.period=1m",
|
||||||
|
"traefik.http.routers.${var.service_name}.middlewares=${var.service_name}-limit"
|
||||||
|
]
|
||||||
|
|
||||||
|
check {
|
||||||
|
name = "http_health_check"
|
||||||
|
type = "http"
|
||||||
|
port = "http"
|
||||||
|
path = "/health"
|
||||||
|
interval = "10s"
|
||||||
|
timeout = "5s"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
task "devops-dash" {
|
task "devops-dash" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
|
|
||||||
@@ -38,7 +104,7 @@ job "devops-dash" {
|
|||||||
# }
|
# }
|
||||||
|
|
||||||
config {
|
config {
|
||||||
image = "registry.i80.dk/gitea/devops-dash:latest"
|
image = "registry.i80.dk/gitea/devops-dash:${var.image_tag}"
|
||||||
ports = ["http"]
|
ports = ["http"]
|
||||||
force_pull = true
|
force_pull = true
|
||||||
|
|
||||||
@@ -57,11 +123,11 @@ EOH
|
|||||||
}
|
}
|
||||||
|
|
||||||
env {
|
env {
|
||||||
PORT = "${NOMAD_PORT_http}"
|
PORT = "${NOMAD_PORT_http}"
|
||||||
HOST = "0.0.0.0"
|
HOST = "0.0.0.0"
|
||||||
REDIS_URL = "redis://192.168.15.124:6379"
|
REDIS_URL = "redis://192.168.15.124:6379"
|
||||||
DEVOPS_MCP_URL = "https://devops-mcp.i80.dk"
|
DEVOPS_MCP_URL = "https://devops-mcp.i80.dk"
|
||||||
DATA_DIR = "/data"
|
DATA_DIR = "/data"
|
||||||
PYTHONUNBUFFERED = "1"
|
PYTHONUNBUFFERED = "1"
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -69,26 +135,6 @@ EOH
|
|||||||
cpu = 200
|
cpu = 200
|
||||||
memory = 256
|
memory = 256
|
||||||
}
|
}
|
||||||
|
|
||||||
service {
|
|
||||||
provider = "consul"
|
|
||||||
name = "devops-dash"
|
|
||||||
port = "http"
|
|
||||||
|
|
||||||
tags = [
|
|
||||||
"traefik.enable=true",
|
|
||||||
"traefik.http.routers.devops-dash.rule=Host(`dash.i80.dk`)",
|
|
||||||
"traefik.http.routers.devops-dash.tls=true",
|
|
||||||
"traefik.http.routers.devops-dash.tls.certresolver=letsencrypt",
|
|
||||||
]
|
|
||||||
|
|
||||||
check {
|
|
||||||
type = "http"
|
|
||||||
path = "/health"
|
|
||||||
interval = "15s"
|
|
||||||
timeout = "3s"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user