ben/cluster-state
1
0
Fork 0
Code Issues 1 Pull requests Activity Actions

refactor(elk): streamline service definitions and enhance network configuration for Elasticsearch

Browse source
This commit is contained in:
Ben Martin 2024-12-21 21:26:37 +00:00
parent 506e16e918
commit 4bad851b0d
Signed by: ben
GPG key ID: 859A655FCD290E4A
1 changed files with 97 additions and 187 deletions
Download patch file Download diff file Expand all files Collapse all files

284
modules/elk/jobspec.nomad.hcl
View file

@ -19,7 +19,6 @@ job "elk" {
} }
network { network {
mode = "bridge"
port "http" { port "http" {
to = 9200 to = 9200
} }
@ -31,62 +30,14 @@ job "elk" {
} }
} }
service {
name = "elk-node-http"
provider = "consul"
port = "9200"
meta {
envoy_metrics_port = "${NOMAD_HOST_PORT_envoy_metrics}"
}
connect {
sidecar_service {
proxy {
expose {
path {
path = "/metrics"
protocol = "http"
local_path_port = 9102
listener_port = "envoy_metrics"
}
}
}
}
}
}
service {
name = "elk-node-transport"
provider = "consul"
port = "9300"
meta {
envoy_metrics_port = "${NOMAD_HOST_PORT_envoy_metrics}"
}
connect {
sidecar_service {
proxy {
expose {
path {
path = "/metrics"
protocol = "http"
local_path_port = 9102
listener_port = "envoy_metrics"
}
}
}
}
}
}
task "elasticsearch" { task "elasticsearch" {
driver = "docker" driver = "docker"
config { config {
image = "docker.elastic.co/elasticsearch/elasticsearch:${var.elastic_version}" image = "docker.elastic.co/elasticsearch/elasticsearch:${var.elastic_version}"
ports = ["http", "transport"]
volumes = [ volumes = [
"/mnt/docker/elastic-${node.unique.name}/config:/usr/share/elasticsearch/config", "/mnt/docker/elastic-${node.unique.name}/config:/usr/share/elasticsearch/config",
"/mnt/docker/elastic-${node.unique.name}/data:/usr/share/elasticsearch/data", "/mnt/docker/elastic-${node.unique.name}/data:/usr/share/elasticsearch/data",
@ -122,11 +73,11 @@ job "elk" {
data = <<-EOF data = <<-EOF
cluster: cluster:
name: "docker-cluster" name: "docker-cluster"
initial_master_nodes: ["Hestia"]
node: node:
name: {{ env "node.unique.name" }} name: {{ env "node.unique.name" }}
network: network:
host: 0.0.0.0 host: 0.0.0.0
publish_host: {{ env "NOMAD_HOST_IP_transport" }}
http: http:
publish_host: {{ env "NOMAD_HOST_IP_http" }} publish_host: {{ env "NOMAD_HOST_IP_http" }}
publish_port: {{ env "NOMAD_HOST_PORT_http" }} publish_port: {{ env "NOMAD_HOST_PORT_http" }}
@ -171,43 +122,26 @@ job "elk" {
destination = "local/unicast_hosts.txt" destination = "local/unicast_hosts.txt"
change_mode = "noop" change_mode = "noop"
} }
}
}
group "node-ingress-group" { service {
name = "elk-node-http"
provider = "consul"
port = "http"
network { tags = [
mode = "bridge" "traefik.enable=true",
port "inbound" { "traefik.http.routers.es.rule=Host(`es.brmartin.co.uk`)",
static = 9200 "traefik.http.routers.es.entrypoints=websecure",
"traefik.http.routers.es.service=es",
"traefik.http.services.es.loadbalancer.server.scheme=https",
"traefik.http.services.es.loadbalancer.serversTransport=es@file",
]
} }
}
service { service {
name = "es-ingress-service" name = "elk-node-transport"
port = 9200 provider = "consul"
port = "transport"
tags = [
"traefik.enable=true",
"traefik.http.routers.es.rule=Host(`es.brmartin.co.uk`)",
"traefik.http.routers.es.entrypoints=websecure",
"traefik.http.routers.es.service=es",
"traefik.http.services.es.loadbalancer.server.scheme=https",
"traefik.http.services.es.loadbalancer.serversTransport=es@file",
]
connect {
gateway {
ingress {
listener {
port = 9200
protocol = "tcp"
service {
name = "elk-node-http"
}
}
}
}
} }
} }
} }
@ -220,7 +154,6 @@ job "elk" {
} }
network { network {
mode = "bridge"
port "http" { port "http" {
to = 9200 to = 9200
} }
@ -232,62 +165,14 @@ job "elk" {
} }
} }
service {
name = "elk-tiebreaker-http"
provider = "consul"
port = "9200"
meta {
envoy_metrics_port = "${NOMAD_HOST_PORT_envoy_metrics}"
}
connect {
sidecar_service {
proxy {
expose {
path {
path = "/metrics"
protocol = "http"
local_path_port = 9102
listener_port = "envoy_metrics"
}
}
}
}
}
}
service {
name = "elk-tiebreaker-transport"
provider = "consul"
port = "9300"
meta {
envoy_metrics_port = "${NOMAD_HOST_PORT_envoy_metrics}"
}
connect {
sidecar_service {
proxy {
expose {
path {
path = "/metrics"
protocol = "http"
local_path_port = 9102
listener_port = "envoy_metrics"
}
}
}
}
}
}
task "elasticsearch" { task "elasticsearch" {
driver = "docker" driver = "docker"
config { config {
image = "docker.elastic.co/elasticsearch/elasticsearch:${var.elastic_version}" image = "docker.elastic.co/elasticsearch/elasticsearch:${var.elastic_version}"
ports = ["http", "transport"]
volumes = [ volumes = [
"/mnt/docker/elastic-${node.unique.name}/config:/usr/share/elasticsearch/config", "/mnt/docker/elastic-${node.unique.name}/config:/usr/share/elasticsearch/config",
"/mnt/docker/elastic-${node.unique.name}/data:/usr/share/elasticsearch/data", "/mnt/docker/elastic-${node.unique.name}/data:/usr/share/elasticsearch/data",
@ -324,13 +209,13 @@ job "elk" {
data = <<-EOF data = <<-EOF
cluster: cluster:
name: "docker-cluster" name: "docker-cluster"
initial_master_nodes: ["Hestia"]
node: node:
name: {{ env "node.unique.name" }} name: {{ env "node.unique.name" }}
roles: roles:
- master - master
network: network:
host: 0.0.0.0 host: 0.0.0.0
publish_host: {{ env "NOMAD_HOST_IP_transport" }}
http: http:
publish_host: {{ env "NOMAD_HOST_IP_http" }} publish_host: {{ env "NOMAD_HOST_IP_http" }}
publish_port: {{ env "NOMAD_HOST_PORT_http" }} publish_port: {{ env "NOMAD_HOST_PORT_http" }}
@ -375,6 +260,18 @@ job "elk" {
destination = "local/unicast_hosts.txt" destination = "local/unicast_hosts.txt"
change_mode = "noop" change_mode = "noop"
} }
service {
name = "elk-tiebreaker-http"
provider = "consul"
port = "http"
}
service {
name = "elk-tiebreaker-transport"
provider = "consul"
port = "transport"
}
} }
} }
@ -387,7 +284,6 @@ job "elk" {
} }
network { network {
mode = "bridge"
port "web" { port "web" {
to = 5601 to = 5601
} }
@ -396,37 +292,14 @@ job "elk" {
} }
} }
service {
port = "5601"
provider = "consul"
meta {
envoy_metrics_port = "${NOMAD_HOST_PORT_envoy_metrics}"
}
connect {
sidecar_service {
proxy {
expose {
path {
path = "/metrics"
protocol = "http"
local_path_port = 9102
listener_port = "envoy_metrics"
}
}
transparent_proxy {}
}
}
}
}
task "kibana" { task "kibana" {
driver = "docker" driver = "docker"
config { config {
image = "docker.elastic.co/kibana/kibana:${var.elastic_version}" image = "docker.elastic.co/kibana/kibana:${var.elastic_version}"
ports = ["web"]
volumes = [ volumes = [
"/mnt/docker/elastic/kibana/config:/usr/share/kibana/config", "/mnt/docker/elastic/kibana/config:/usr/share/kibana/config",
] ]
@ -447,7 +320,8 @@ job "elk" {
data = <<-EOF data = <<-EOF
elasticsearch: elasticsearch:
hosts: hosts:
- https://elk-node-http.virtual.consul {{ range service "elk-node-http" }}
- https://{{ .Address }}:{{ .Port }}{{ end }}
username: ${ELASTICSEARCH_USERNAME} username: ${ELASTICSEARCH_USERNAME}
password: ${ELASTICSEARCH_PASSWORD} password: ${ELASTICSEARCH_PASSWORD}
requestTimeout: 600000 requestTimeout: 600000
@ -492,40 +366,76 @@ job "elk" {
destination = "secrets/file.env" destination = "secrets/file.env"
env = true env = true
} }
service {
port = "web"
provider = "consul"
tags = [
"traefik.enable=true",
"traefik.http.routers.kibana.rule=Host(`kibana.brmartin.co.uk`)",
"traefik.http.routers.kibana.entrypoints=websecure",
]
}
} }
} }
group "kibana-ingress-group" { group "lb" {
network { network {
mode = "bridge" port "web" {
port "inbound" { static = 9200
to = 8080
} }
} }
service { task "nginx" {
name = "kibana-ingress-service" driver = "docker"
port = "inbound"
tags = [ config {
"traefik.enable=true", image = "nginx:1.27.3-alpine"
"traefik.http.routers.kibana.rule=Host(`kibana.brmartin.co.uk`)",
"traefik.http.routers.kibana.entrypoints=websecure",
]
connect { ports = ["web"]
gateway {
ingress { mount {
listener { type = "bind"
port = 8080 source = "local/nginx.conf"
protocol = "tcp" target = "/etc/nginx/nginx.conf"
service { }
name = "elk-kibana" }
}
resources {
cpu = 10
memory = 16
}
template {
data = <<-EOF
user nobody;
worker_processes auto;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
stream {
upstream es {
{{- range service "elk-node-http" }}
server {{ .Address }}:{{ .Port }};{{- end }}
}
server {
listen {{ env "NOMAD_PORT_web" }};
proxy_pass es;
} }
} }
} EOF
destination = "local/nginx.conf"
}
service {
port = "web"
provider = "consul"
} }
} }
} }