From 2aef6c198bf1829b38984de1095f56b2733ebbdf Mon Sep 17 00:00:00 2001 From: Kyle Sessions Date: Wed, 6 Dec 2017 18:18:03 -0700 Subject: [PATCH] Update Consul to v1.0.1 --- templates/consul/2/README.md | 32 ++++++++ templates/consul/2/docker-compose.yml.tpl | 41 ++++++++++ templates/consul/2/rancher-compose.yml | 92 +++++++++++++++++++++++ templates/consul/config.yml | 2 +- 4 files changed, 166 insertions(+), 1 deletion(-) create mode 100644 templates/consul/2/README.md create mode 100644 templates/consul/2/docker-compose.yml.tpl create mode 100644 templates/consul/2/rancher-compose.yml diff --git a/templates/consul/2/README.md b/templates/consul/2/README.md new file mode 100644 index 0000000..f5d7c92 --- /dev/null +++ b/templates/consul/2/README.md @@ -0,0 +1,32 @@ +# Consul Cluster + + +### Info: + + This template creates 3 Consul nodes that uses RPC encryption with TLS and gossip encryption to secure connection between consul cluster nodes, configuration is generated with confd from Rancher metadata. + + TLS is used to verify the authenticity of the servers and the clients using the verify_incoming and verify_outgoing options. + + The variables used in this template include: + +- Certificates and keys for Consul nodes. +- CA certificate. +- 16-bytes, Base64 encoded gossip encryption key. +- Web UI option. +- ACL options. + + +The templates uses two Docker images one as the main image and the other one is the sidekick: + +- consul. +- [consul-config](https://github.com/galal-hussein/consul-config). + +### Usage: + + Select Consul from catalog. + + Enter the certificates and keys for consul nodes, ca certificates, and the encryption key. + + Click deploy. + + The consul nodes will be bound to the Rancher managed network IPs. diff --git a/templates/consul/2/docker-compose.yml.tpl b/templates/consul/2/docker-compose.yml.tpl new file mode 100644 index 0000000..71e716e --- /dev/null +++ b/templates/consul/2/docker-compose.yml.tpl @@ -0,0 +1,41 @@ +consul-base: + image: consul:1.0.1 + entrypoint: + - /opt/rancher/bin/start_consul.sh + net: "container:consul" + labels: + io.rancher.container.hostname_override: container_name + volumes_from: + - consul-data +consul-data: + image: alpine:latest + entrypoint: + - /bin/true + labels: + io.rancher.container.hostname_override: container_name + io.rancher.container.start_once: true + volumes: + - /var/consul + - /opt/rancher/bin + - /opt/rancher/ssl + - /opt/rancher/config + net: none +consul: + image: husseingalal/consul-config:0.1.2 + labels: + io.rancher.container.hostname_override: container_name + io.rancher.sidekicks: consul-base,consul-data + volumes_from: + - consul-data +{{- if eq .Values.ui "true"}} +consul-lb: + ports: + - 8500:8500/tcp + expose: + - 8500:8500/tcp + tty: true + image: rancher/load-balancer-service + links: + - consul:consul-base + stdin_open: true +{{- end }} diff --git a/templates/consul/2/rancher-compose.yml b/templates/consul/2/rancher-compose.yml new file mode 100644 index 0000000..0b30d9d --- /dev/null +++ b/templates/consul/2/rancher-compose.yml @@ -0,0 +1,92 @@ +.catalog: + name: "Consul" + description: "Secure Consul cluster" + version: "1.0.1-rancher1" + uuid: consul-0 + questions: + - variable: ca_crt + label: "CA certificate" + type: "multiline" + required: true + - variable: consul1_key + label: "First consul key" + type: "multiline" + required: true + - variable: consul1_crt + label: "First consul certificate" + type: "multiline" + required: true + - variable: consul2_key + label: "Second consul key" + type: "multiline" + required: true + - variable: consul2_crt + label: "Second consul certificate" + type: "multiline" + required: true + - variable: consul3_key + label: "Third consul key" + type: "multiline" + required: true + - variable: consul3_crt + label: "Third consul certificate" + type: "multiline" + required: true + - variable: gossip_key + label: "Communication gossip key" + type: "multiline" + required: true + - variable: enable_acl + label: "ACL Access" + type: "boolean" + required: true + default: false + - variable: acl_default_policy + label: "ACL Default Policy" + type: "enum" + options: + - "allow" + - "deny" + default: "allow" + required: true + - variable: acl_down_policy + label: "ACL Down Policy" + type: "enum" + options: + - "allow" + - "deny" + default: "allow" + required: true + - variable: acl_master_token + label: "ACL Master Token" + type: "string" + default: "" + required: false + - variable: ui + label: "Enable UI" + type: "boolean" + default: false + required: true +consul: + scale: 3 + metadata: + ca.crt: | + ${ca_crt} + consul1.crt: | + ${consul1_crt} + consul1.key: | + ${consul1_key} + consul2.crt: | + ${consul2_crt} + consul2.key: | + ${consul2_key} + consul3.crt: | + ${consul3_crt} + consul3.key: | + ${consul3_key} + enc.key: "${gossip_key}" + acl.enabled: "${enable_acl}" + acl.default_policy: "${acl_default_policy}" + acl.down_policy: "${acl_down_policy}" + acl.master_token: "${acl_master_token}" + ui.enabled: ${ui} diff --git a/templates/consul/config.yml b/templates/consul/config.yml index 369848f..65569a6 100644 --- a/templates/consul/config.yml +++ b/templates/consul/config.yml @@ -1,5 +1,5 @@ name: Consul Cluster description: | Consul cluster -version: 0.8-rancher1 +version: 1.0.1-rancher1 category: Clustering