ben/cluster-state
1
0
Fork 0
Code Issues 1 Pull requests Activity Actions

feat(elk): enhance service configuration with Consul integration

Browse source
This commit is contained in:
Ben Martin 2024-12-19 02:04:39 +00:00
parent a037c02e3a
commit cfb99179b6
Signed by: ben
GPG key ID: 859A655FCD290E4A
1 changed files with 129 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

165
modules/elk/jobspec.nomad.hcl
View file

@ -31,14 +31,39 @@ job "elk" {
}
}
service {
provider = "consul"
port = "9200"
meta {
envoy_metrics_port = "${NOMAD_HOST_PORT_envoy_metrics}"
}
connect {
sidecar_service {
proxy {
expose {
path {
path = "/metrics"
protocol = "http"
local_path_port = 9102
listener_port = "envoy_metrics"
}
}
transparent_proxy {
exclude_inbound_ports = ["9300"]
}
}
}
}
}
task "elasticsearch" {
driver = "docker"
config {
image = "docker.elastic.co/elasticsearch/elasticsearch:${var.elastic_version}"
ports = ["9200", "9300"]
volumes = [
"/mnt/docker/elastic-${node.unique.name}/config:/usr/share/elasticsearch/config",
"/mnt/docker/elastic-${node.unique.name}/data:/usr/share/elasticsearch/data",
@ -82,15 +107,6 @@ job "elk" {
name = "elk-node-elasticsearch-http"
provider = "consul"
port = "http"
tags = [
"traefik.enable=true",
"traefik.http.routers.es.rule=Host(`es.brmartin.co.uk`)",
"traefik.http.routers.es.entrypoints=websecure",
"traefik.http.routers.es.service=es",
"traefik.http.services.es.loadbalancer.server.scheme=https",
"traefik.http.services.es.loadbalancer.serversTransport=es@file",
]
}
service {
@ -101,6 +117,44 @@ job "elk" {
}
}
group "node-ingress-group" {
network {
mode = "bridge"
port "inbound" {
to = 8080
}
}
service {
name = "es-ingress-service"
port = "inbound"
tags = [
"traefik.enable=true",
"traefik.http.routers.es.rule=Host(`es.brmartin.co.uk`)",
"traefik.http.routers.es.entrypoints=websecure",
"traefik.http.routers.es.service=es",
"traefik.http.services.es.loadbalancer.server.scheme=https",
"traefik.http.services.es.loadbalancer.serversTransport=es@file",
]
connect {
gateway {
ingress {
listener {
port = 8080
protocol = "tcp"
service {
name = "elk-node"
}
}
}
}
}
}
}
group "tiebreaker" {
constraint {
@ -195,6 +249,34 @@ job "elk" {
port "web" {
static = 5601
}
port "envoy_metrics" {
to = 9102
}
}
service {
port = "5601"
provider = "consul"
meta {
envoy_metrics_port = "${NOMAD_HOST_PORT_envoy_metrics}"
}
connect {
sidecar_service {
proxy {
expose {
path {
path = "/metrics"
protocol = "http"
local_path_port = 9102
listener_port = "envoy_metrics"
}
}
transparent_proxy {}
}
}
}
}
task "kibana" {
@ -203,8 +285,6 @@ job "elk" {
config {
image = "docker.elastic.co/kibana/kibana:${var.elastic_version}"
ports = ["web"]
volumes = [
"/mnt/docker/elastic/kibana/config:/usr/share/kibana/config",
]
@ -221,33 +301,11 @@ job "elk" {
memory = 1024
}
service {
tags = [
"traefik.enable=true",
"traefik.http.routers.kibana.rule=Host(`kibana.brmartin.co.uk`)",
"traefik.http.routers.kibana.entrypoints=websecure",
]
port = "web"
address_mode = "host"
provider = "consul"
check {
type = "http"
path = "/api/status"
interval = "10s"
timeout = "2s"
on_update = "ignore"
}
}
template {
data = <<-EOF
elasticsearch:
hosts:
{{ range service "elk-node-elasticsearch-http" }}
- https://{{ .Address }}:{{ .Port }}
{{ end }}
- https://elk-node.virtual.consul
username: ${ELASTICSEARCH_USERNAME}
password: ${ELASTICSEARCH_PASSWORD}
requestTimeout: 600000
@ -294,4 +352,39 @@ job "elk" {
}
}
}
group "kibana-ingress-group" {
network {
mode = "bridge"
port "inbound" {
to = 8080
}
}
service {
name = "kibana-ingress-service"
port = "inbound"
tags = [
"traefik.enable=true",
"traefik.http.routers.kibana.rule=Host(`kibana.brmartin.co.uk`)",
"traefik.http.routers.kibana.entrypoints=websecure",
]
connect {
gateway {
ingress {
listener {
port = 8080
protocol = "tcp"
service {
name = "elk-kibana"
}
}
}
}
}
}
}
}