mgmt/infrastructure/jobs/traefik.nomad

job "traefik" {
  datacenters = ["dc1"]
  type        = "service"

  update {
    max_parallel = 1
    min_healthy_time = "10s"
    healthy_deadline = "3m"
    auto_revert = true
  }

  group "traefik" {
    count = 1  # 先在warden节点部署一个实例

    # 约束只在warden节点运行
    constraint {
      attribute = "${node.unique.name}"
      operator  = "="
      value     = "bj-warden"
    }

    restart {
      attempts = 3
      interval = "30m"
      delay    = "15s"
      mode     = "fail"
    }

    network {
      port "http" {
        static = 80
      }
      port "https" {
        static = 443
      }
      port "api" {
        static = 8080
      }
    }

    task "traefik" {
      driver = "exec"

      # 下载Traefik v3二进制文件
      artifact {
        source = "https://github.com/traefik/traefik/releases/download/v3.1.5/traefik_v3.1.5_linux_amd64.tar.gz"
        destination = "local/"
        mode = "file"
        options {
          archive = "true"
        }
      }

      # 动态配置文件模板
      template {
        data = <<EOF
# Traefik动态配置 - 从Consul获取服务
http:
  routers:
    consul-master:
      rule: "Host(`consul-master.service.consul`)"
      service: consul-master
      entryPoints: ["http"]
  
  services:
    consul-master:
      loadBalancer:
        servers:
{{ range nomadService "consul" }}
{{ if contains .Tags "http" }}
          - url: "http://{{ .Address }}:{{ .Port }}"
{{ end }}
{{ end }}

# Consul Catalog配置
providers:
  consulCatalog:
    exposedByDefault: false
    prefix: "traefik"
    refreshInterval: 15s
    endpoint:
      address: "http://{{ with nomadService "consul" }}{{ range . }}{{ if contains .Tags "http" }}{{ .Address }}:{{ .Port }}{{ end }}{{ end }}{{ end }}"
    connectAware: true
    connectByDefault: false
EOF
        destination = "local/dynamic.yml"
        change_mode = "restart"
      }

      config {
        command = "local/traefik"
        args = [
          "--configfile=/root/mgmt/infrastructure/routes/traefik.yml",
          "--providers.file.filename=local/dynamic.yml",
          "--providers.file.watch=true"
        ]
      }

      env {
        NOMAD_ADDR = "http://${attr.unique.network.ip-address}:4646"
        # Consul地址将通过template动态获取
      }

      resources {
        cpu    = 200
        memory = 256
      }

      service {
        name = "traefik-warden"
        port = "http"
        tags = [
          "traefik.enable=true",
          "traefik.http.routers.traefik-warden.rule=Host(`traefik.warden.consul`)",
          "traefik.http.routers.traefik-warden.service=api@internal",
          "traefik.http.routers.traefik-warden.entrypoints=api",
          "traefik.http.services.traefik-warden.loadbalancer.server.port=8080",
          "warden"
        ]
        
        check {
          type     = "http"
          path     = "/ping"
          interval = "10s"
          timeout  = "2s"
        }
      }
    }
  }
}