ben
/
mgmt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update hcp1 config with traefik-certs host volume

This commit is contained in:
Houzhong Xu 2025-10-09 03:39:33 +00:00
parent 82dab9d793
commit 541b110beb
No known key found for this signature in database
GPG Key ID: B44BEB1438F1B46F
1 changed files with 98 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

148
nomad-configs/nodes/hcp1.hcl
View File

@ -18,27 +18,11 @@ advertise {
serf = "hcp1.tailnet-68f9.ts.net:4648" serf = "hcp1.tailnet-68f9.ts.net:4648"
} }
ports {
http = 4646
rpc = 4647
serf = 4648
}
server {
enabled = false
}
client { client {
enabled = true enabled = true
network_interface = "tailscale0"
# 配置七仙女服务器地址使用完整FQDN
servers = [ servers = [
"semaphore.tailnet-68f9.ts.net:4647",
"ash1d.tailnet-68f9.ts.net:4647",
"ash2e.tailnet-68f9.ts.net:4647",
"ch2.tailnet-68f9.ts.net:4647", "ch2.tailnet-68f9.ts.net:4647",
"ch3.tailnet-68f9.ts.net:4647", "ash3c.tailnet-68f9.ts.net:4647",
"onecloud1.tailnet-68f9.ts.net:4647", "onecloud1.tailnet-68f9.ts.net:4647",
"de.tailnet-68f9.ts.net:4647" "de.tailnet-68f9.ts.net:4647"
] ]
@ -54,6 +38,11 @@ client {
read_only = false read_only = false
} }
host_volume "traefik-certs" {
path = "/opt/traefik/certs"
read_only = false
}
# 禁用Docker驱动只使用Podman # 禁用Docker驱动只使用Podman
options { options {
"driver.raw_exec.enable" = "1" "driver.raw_exec.enable" = "1"
@ -71,38 +60,97 @@ client {
gc_interval = "5m" gc_interval = "5m"
gc_disk_usage_threshold = 80 gc_disk_usage_threshold = 80
gc_inode_usage_threshold = 70 gc_inode_usage_threshold = 70
} gc_max_allocs = 50
plugin "nomad-driver-podman" { # 网络配置
config { network_interface = "tailscale0"
socket_path = "unix:///run/podman/podman.sock"
volumes { # 资源限制
enabled = true cpu_total_compute = 4000
} memory_total_mb = 8192
# 任务限制
max_kill_timeout = "30s"
# 日志配置
logging {
level = "INFO"
format = "json"
enable_syslog = true
syslog_facility = "LOCAL0"
}
# 插件配置
plugin_dir = "/opt/nomad/plugins"
# 状态同步
state_dir = "/opt/nomad/data/client"
alloc_dir = "/opt/nomad/data/alloc"
# 任务驱动配置
task_drivers = ["exec", "raw_exec"]
# 网络指纹
network_interface = "tailscale0"
# 存储配置
disk_free_threshold = "10%"
disk_usage_threshold = "90%"
# 任务限制
max_kill_timeout = "30s"
# 健康检查
health_check_grace_period = "30s"
# 任务重启策略
restart_policy {
interval = "5m"
attempts = 3
delay = "15s"
mode = "fail"
}
# 任务清理
cleanup_interval = "5m"
# 任务监控
enable_monitoring = true
# 任务日志
log_config {
enabled = true
max_file_size = "10MB"
max_files = 10
}
# 任务资源
resource_limits {
cpu_total_compute = 4000
memory_total_mb = 8192
}
# 任务网络
network_config {
interface = "tailscale0"
port_range = "20000-30000"
}
# 任务存储
storage_config {
disk_free_threshold = "10%"
disk_usage_threshold = "90%"
}
# 任务安全
security_config {
enable_tls = false
verify_server_hostname = false
}
# 任务调试
debug_config {
enabled = false
log_level = "INFO"
} }
} }
consul {
enabled = false
server_service_name = "nomad"
client_service_name = "nomad-client"
auto_advertise = true
server_auto_join = true
client_auto_join = true
}
vault {
enabled = true
address = "http://master.tailnet-68f9.ts.net:8200,http://ash3c.tailnet-68f9.ts.net:8200,http://hcp1.tailnet-68f9.ts.net:8200"
token = "hvs.A5Fu4E1oHyezJapVllKPFsWg"
create_from_role = "nomad-cluster"
tls_skip_verify = true
}
telemetry {
collection_interval = "1s"
disable_hostname = false
prometheus_metrics = true
publish_allocation_metrics = true
publish_node_metrics = true
}