job "traefik" {
  datacenters = ["dc1"]
  type        = "service"

  update {
    strategy     = "canary"
    max_parallel = 1
    min_healthy_time = "10s"
    healthy_deadline = "3m"
    auto_revert = true
  }

  group "traefik" {
    count = 3

    restart {
      attempts = 3
      interval = "30m"
      delay    = "15s"
      mode     = "fail"
    }

    network {
      port "http" {
        static = 80
      }
      port "https" {
        static = 443
      }
      port "api" {
        static = 8080
      }
    }

    task "traefik" {
      driver = "podman"

      config {
        image = "traefik:latest"
        ports = ["http", "https", "api"]
        volumes = [
          "/var/run/docker.sock:/var/run/docker.sock:ro",  # 如果需要与Docker集成
          "/root/mgmt/configs/traefik.yml:/etc/traefik/traefik.yml:ro",
          "/root/mgmt/configs/dynamic:/etc/traefik/dynamic:ro"
        ]
      }

      env {
        NOMAD_ADDR = "http://${attr.unique.network.ip-address}:4646"
        CONSUL_HTTP_ADDR = "http://${attr.unique.network.ip-address}:8500"
      }

      resources {
        cpu    = 200
        memory = 256
      }

      service {
        name = "traefik"
        port = "http"
        tags = [
          "traefik.enable=true",
          "traefik.http.routers.api.rule=Host(`traefik.service.consul`)",
          "traefik.http.routers.api.service=api@internal",
          "traefik.http.routers.api.entrypoints=api",
          "traefik.http.services.api.loadbalancer.server.port=8080"
        ]
        
        check {
          type     = "http"
          path     = "/ping"
          interval = "10s"
          timeout  = "2s"
        }
      }
    }
  }
}