GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects â†’ picatz â†’ terraform-google-nomad

picatz / terraform-google-nomad

Licence: MIT license
📗 Terraform Module for Nomad clusters with Consul on GCP

Programming Languages

HCL
1544 projects
shell
77523 projects
go
31211 projects - #10 most used programming language
Makefile
30231 projects

Labels

sshpackerconsulterraformgcpnomadaclsmtlsconsul-connect

Projects that are alternatives of or similar to terraform-google-nomad

local-hashicorp-stack
Local Hashicorp Stack for DevOps Development without Hypervisor or Cloud
Stars: ✭ 23 (-63.49%)
Mutual labels:  packer, consul, nomad
vim-hcl
Syntax highlighting for HashiCorp Configuration Language (HCL)
Stars: ✭ 83 (+31.75%)
Mutual labels:  packer, consul, nomad
Hybrid multicloud overlay
MutiCloud_Overlay demonstrates a use case of overlay over one or more clouds such as AWS, Azure, GCP, OCI, Alibaba and a vSphere private infrastructure in Hub and spoke topology, point to point topology and in a Single cloud. Overlay protocols IPv6 and IPv4 are independent of underlying infrastructure. This solution can be integrated with encryption and additional security features.
Stars: ✭ 127 (+101.59%)
Mutual labels:  packer, gcp
Gbt
Highly configurable prompt builder for Bash, ZSH and PowerShell written in Go.
Stars: ✭ 457 (+625.4%)
Mutual labels:  ssh, gcp
nomad-service-alerter
Alerting for Nomad Jobs
Stars: ✭ 37 (-41.27%)
Mutual labels:  consul, nomad
pipeline-as-code-with-jenkins
Pipeline as Code with Jenkins
Stars: ✭ 56 (-11.11%)
Mutual labels:  packer, gcp
My Cheat Sheets
A place to keep all my cheat sheets for the complete development of ASIC/FPGA hardware or a software app/service.
Stars: ✭ 94 (+49.21%)
Mutual labels:  packer, consul
hashicorp-labs
Deploy locally on VM an Hashicorp cluster formed by Vault, Consul and Nomad. Ready for deploying and testing your apps.
Stars: ✭ 32 (-49.21%)
Mutual labels:  consul, nomad
Replicator
Automated Cluster and Job Scaling For HashiCorp Nomad
Stars: ✭ 166 (+163.49%)
Mutual labels:  consul, nomad
tfc-agent
Examples related to the Terraform Cloud Agent, a remote runner for Terraform Cloud Business and Terraform Enterprise
Stars: ✭ 44 (-30.16%)
Mutual labels:  gcp, nomad
nomad-box
Nomad Box - Simple Terraform-powered setup to Azure of clustered Consul, Nomad and Traefik Load Balancer that runs Docker/GoLang/Java workloads. NOTE: Only suitable in dev environments at the moment until I learn more Terraform, Consul, Nomad, Vault :P
Stars: ✭ 18 (-71.43%)
Mutual labels:  consul, nomad
offensive-infrastructure
Offensive Infrastructure with Modern Technologies
Stars: ✭ 88 (+39.68%)
Mutual labels:  consul, nomad
cloud-desktops
Cloud-based Virtual Desktops on Google Cloud Platform
Stars: ✭ 14 (-77.78%)
Mutual labels:  packer, gcp
gocast
GoCast is a tool for controlled BGP route announcements from a host
Stars: ✭ 55 (-12.7%)
Mutual labels:  consul, nomad
Consul Backinator
Command line Consul backup and restore utility supporting KVs, ACLs and Queries
Stars: ✭ 206 (+226.98%)
Mutual labels:  consul, nomad
Iap Desktop
IAP Desktop is a Windows application that provides zero-trust Remote Desktop and SSH access to Linux and Windows VMs on Google Cloud.
Stars: ✭ 96 (+52.38%)
Mutual labels:  ssh, gcp
Nomad Firehose
Firehose all nomad job, allocation, nodes and evaluations changes to rabbitmq, kinesis or stdout
Stars: ✭ 96 (+52.38%)
Mutual labels:  consul, nomad
Hashi Up
bootstrap HashiCorp Consul, Nomad, or Vault over SSH < 1 minute
Stars: ✭ 113 (+79.37%)
Mutual labels:  consul, nomad
100 Days Of Go
100 days of Go learning
Stars: ✭ 24 (-61.9%)
Mutual labels:  consul, nomad
deadman-check
Monitoring companion for Nomad periodic jobs and Cron
Stars: ✭ 49 (-22.22%)
Mutual labels:  consul, nomad
View All Similar Projects âž”

Nomad Cluster

Nomad Version Consul Version

Terraform Module for Nomad clusters with Consul on GCP.

Module Features

  • Includes HashiCorp's Consul service mesh
  • Gossip encryption, mTLS, and ACLs enabled for Nomad and Consul
  • Optional load balancer and DNS configuration
  • Optional SSH bastion host
  • Only the Docker task driver is enabled
  • Installs the gVisor container runtime (runsc)
  • Installs the Falco runtime security monitor

Cloud Shell Interactive Tutorial

For a full interactive tutorial to get started using this module:

Open in Cloud Shell

Manual Steps for Development

Bootstrap a brand new GCP project using gcloud

Bootstrap a new GCP using the setup_gcp.sh shell script:

$ bash setup_gcp.sh $YOUR_PROJECT_NAME
...

It will automatically create, link the billing account, and enable the compute API in GCP.

Set Environment Variables

Using your GCP project name and new created account.json Terraform service account file from the previous step:

$ export GOOGLE_APPLICATION_CREDENTIALS=$(realpath account.json)
$ export GOOGLE_PROJECT="$YOUR_PROJECT_NAME"

Build the Bastion/Server/Client Images with Packer

$ cd packer
$ packer build template.json
...

Build Infrastructure

$ terraform plan -var="project=$GOOGLE_PROJECT" -var="credentials=$GOOGLE_APPLICATION_CREDENTIALS"
...
$ terraform apply -var="project=$GOOGLE_PROJECT" -var="credentials=$GOOGLE_APPLICATION_CREDENTIALS"
...

Infrastructure Diagram

Infrastructure Diagram

Logs

Logs are centralized using GCP's Cloud Logging. You can use the following filter to see all Nomad agent logs:

$ gcloud logging read 'resource.type="gce_instance" jsonPayload.ident="nomad"'
...
$ gcloud logging read 'resource.type="gce_instance" jsonPayload.ident="nomad" jsonPayload.host="server-0"' --format=json | jq -r '.[] | .jsonPayload.message' | less
...

Logs can also be collected within the cluster using Promtail and Loki, then visualized using Grafana (optionally exposed using a public load balancer and DNS name).

$ DNS_ENABLED=true PUBLIC_DOMAIN="nomad.your-domain.com" make terraform/apply
...
$ export CONSUL_HTTP_TOKEN=$(terraform output -json | jq -r .consul_master_token.value)
$ make consul/metrics/acls
...
🔑 Creating Consul ACL Token to Use for Prometheus Consul Service Discovery
AccessorID:       15b9a51d-7af4-e8d4-7c09-312c594a5907
SecretID:         2a1c7926-b6e3-566e-ddf5-b19279fa134e
Description:
Local:            false
Create Time:      2021-04-11 16:16:03.902311312 +0000 UTC
Roles:
   6ae941.3.1c07-49a7-fa95-8ce14aa8a75e - metrics

$ consul_acl_token=2a1c7926-b6e3-566e-ddf5-b19279fa134e make nomad/metrics
$ make nomad/logs
$ make nomad/ingress
$ GRAFANA_PUBLIC_DOMAIN="grafana.your-domain.com" GRAFANA_LOAD_BALANCER_ENABLED=true DNS_ENABLED=true PUBLIC_DOMAIN="nomad.your-domain.com" make terraform/apply
$ open http://public.grafana.your-domain.com:3000/login

Bootstrap ACL Token

If the cluster is started with ACLs enabled, which is the default behavior of this module, you may see this:

$ export NOMAD_ADDR="https://$(terraform output -json | jq -r .load_balancer_ip.value):4646"
$ nomad status
Error querying jobs: Unexpected response code: 403 (Permission denied)

We can bootstrap ACLs to get the bootstrap management token like so:

$ nomad acl bootstrap
Accessor ID  = a1495889-37ce-6784-78f3-31.3.1984bca
Secret ID    = dc8c0349-c1fd-dc2c-299c-d513e5dd6df2
Name         = Bootstrap Token
Type         = management
Global       = true
Policies     = n/a
Create Time  = 2020-04-27 05:24:43.734587566 +0000 UTC
Create Index = 7
Modify Index = 7

Then we can use that token (Secret ID) to perform the rest of the ACL bootstrapping process:

$ export NOMAD_TOKEN="dc8c0349-c1fd-dc2c-299c-d513e5dd6df2"
$ nomad status
No running jobs
$ ...

Use ssh-mtls-terminating-proxy to access the Nomad UI

When using the SSH bastion, you can use the ssh-mtls-terminating-proxy.go helper script to tunnel a connection from localhost to the Nomad server API:

$ make ssh/proxy/mtls
2021/04/11 13:18:28 getting terraform output
2021/04/11 13:18:29 Bastion IP: "34.73.106.60"
2021/04/11 13:18:29 Server IP: "1.3.168.2.8"
2021/04/11 13:18:29 Setting up SSH agent
2021/04/11 13:18:29 connecting to the bastion
2021/04/11 13:18:29 connecting to the server through the bastion
2021/04/11 13:18:30 wrapping the server connection with SSH through the bastion
2021/04/11 13:18:30 tunneling a new connection for Consul to the server with SSH through the bastion
2021/04/11 13:18:30 loading Consul TLS data
2021/04/11 13:18:30 tunneling a new connection for somad to the server with ssh through the bastion
2021/04/11 13:18:30 loading Nomad TLS data
2021/04/11 13:18:30 starting Consul local listener on localhost:8500
2021/04/11 13:18:30 starting Nomad local listener on localhost:4646
...

Then open your browser at http://localhost:4646/ui/ to securely access the Nomad UI.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].