chrisurwin
GitHub
commit
16033146fc
32
templates/consul/2/README.md
Normal file
32
templates/consul/2/README.md
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
# Consul Cluster
|
||||||
|
|
||||||
|
|
||||||
|
### Info:
|
||||||
|
|
||||||
|
This template creates 3 Consul nodes that uses RPC encryption with TLS and gossip encryption to secure connection between consul cluster nodes, configuration is generated with confd from Rancher metadata.
|
||||||
|
|
||||||
|
TLS is used to verify the authenticity of the servers and the clients using the verify_incoming and verify_outgoing options.
|
||||||
|
|
||||||
|
The variables used in this template include:
|
||||||
|
|
||||||
|
- Certificates and keys for Consul nodes.
|
||||||
|
- CA certificate.
|
||||||
|
- 16-bytes, Base64 encoded gossip encryption key.
|
||||||
|
- Web UI option.
|
||||||
|
- ACL options.
|
||||||
|
|
||||||
|
|
||||||
|
The templates uses two Docker images one as the main image and the other one is the sidekick:
|
||||||
|
|
||||||
|
- consul.
|
||||||
|
- [consul-config](https://github.com/galal-hussein/consul-config).
|
||||||
|
|
||||||
|
### Usage:
|
||||||
|
|
||||||
|
Select Consul from catalog.
|
||||||
|
|
||||||
|
Enter the certificates and keys for consul nodes, ca certificates, and the encryption key.
|
||||||
|
|
||||||
|
Click deploy.
|
||||||
|
|
||||||
|
The consul nodes will be bound to the Rancher managed network IPs.
|
||||||
41
templates/consul/2/docker-compose.yml.tpl
Normal file
41
templates/consul/2/docker-compose.yml.tpl
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
consul-base:
|
||||||
|
image: consul:1.0.1
|
||||||
|
entrypoint:
|
||||||
|
- /opt/rancher/bin/start_consul.sh
|
||||||
|
net: "container:consul"
|
||||||
|
labels:
|
||||||
|
io.rancher.container.hostname_override: container_name
|
||||||
|
volumes_from:
|
||||||
|
- consul-data
|
||||||
|
consul-data:
|
||||||
|
image: alpine:latest
|
||||||
|
entrypoint:
|
||||||
|
- /bin/true
|
||||||
|
labels:
|
||||||
|
io.rancher.container.hostname_override: container_name
|
||||||
|
io.rancher.container.start_once: true
|
||||||
|
volumes:
|
||||||
|
- /var/consul
|
||||||
|
- /opt/rancher/bin
|
||||||
|
- /opt/rancher/ssl
|
||||||
|
- /opt/rancher/config
|
||||||
|
net: none
|
||||||
|
consul:
|
||||||
|
image: husseingalal/consul-config:0.1.2
|
||||||
|
labels:
|
||||||
|
io.rancher.container.hostname_override: container_name
|
||||||
|
io.rancher.sidekicks: consul-base,consul-data
|
||||||
|
volumes_from:
|
||||||
|
- consul-data
|
||||||
|
{{- if eq .Values.ui "true"}}
|
||||||
|
consul-lb:
|
||||||
|
ports:
|
||||||
|
- 8500:8500/tcp
|
||||||
|
expose:
|
||||||
|
- 8500:8500/tcp
|
||||||
|
tty: true
|
||||||
|
image: rancher/load-balancer-service
|
||||||
|
links:
|
||||||
|
- consul:consul-base
|
||||||
|
stdin_open: true
|
||||||
|
{{- end }}
|
||||||
92
templates/consul/2/rancher-compose.yml
Normal file
92
templates/consul/2/rancher-compose.yml
Normal file
@ -0,0 +1,92 @@
|
|||||||
|
.catalog:
|
||||||
|
name: "Consul"
|
||||||
|
description: "Secure Consul cluster"
|
||||||
|
version: "1.0.1-rancher1"
|
||||||
|
uuid: consul-0
|
||||||
|
questions:
|
||||||
|
- variable: ca_crt
|
||||||
|
label: "CA certificate"
|
||||||
|
type: "multiline"
|
||||||
|
required: true
|
||||||
|
- variable: consul1_key
|
||||||
|
label: "First consul key"
|
||||||
|
type: "multiline"
|
||||||
|
required: true
|
||||||
|
- variable: consul1_crt
|
||||||
|
label: "First consul certificate"
|
||||||
|
type: "multiline"
|
||||||
|
required: true
|
||||||
|
- variable: consul2_key
|
||||||
|
label: "Second consul key"
|
||||||
|
type: "multiline"
|
||||||
|
required: true
|
||||||
|
- variable: consul2_crt
|
||||||
|
label: "Second consul certificate"
|
||||||
|
type: "multiline"
|
||||||
|
required: true
|
||||||
|
- variable: consul3_key
|
||||||
|
label: "Third consul key"
|
||||||
|
type: "multiline"
|
||||||
|
required: true
|
||||||
|
- variable: consul3_crt
|
||||||
|
label: "Third consul certificate"
|
||||||
|
type: "multiline"
|
||||||
|
required: true
|
||||||
|
- variable: gossip_key
|
||||||
|
label: "Communication gossip key"
|
||||||
|
type: "multiline"
|
||||||
|
required: true
|
||||||
|
- variable: enable_acl
|
||||||
|
label: "ACL Access"
|
||||||
|
type: "boolean"
|
||||||
|
required: true
|
||||||
|
default: false
|
||||||
|
- variable: acl_default_policy
|
||||||
|
label: "ACL Default Policy"
|
||||||
|
type: "enum"
|
||||||
|
options:
|
||||||
|
- "allow"
|
||||||
|
- "deny"
|
||||||
|
default: "allow"
|
||||||
|
required: true
|
||||||
|
- variable: acl_down_policy
|
||||||
|
label: "ACL Down Policy"
|
||||||
|
type: "enum"
|
||||||
|
options:
|
||||||
|
- "allow"
|
||||||
|
- "deny"
|
||||||
|
default: "allow"
|
||||||
|
required: true
|
||||||
|
- variable: acl_master_token
|
||||||
|
label: "ACL Master Token"
|
||||||
|
type: "string"
|
||||||
|
default: ""
|
||||||
|
required: false
|
||||||
|
- variable: ui
|
||||||
|
label: "Enable UI"
|
||||||
|
type: "boolean"
|
||||||
|
default: false
|
||||||
|
required: true
|
||||||
|
consul:
|
||||||
|
scale: 3
|
||||||
|
metadata:
|
||||||
|
ca.crt: |
|
||||||
|
${ca_crt}
|
||||||
|
consul1.crt: |
|
||||||
|
${consul1_crt}
|
||||||
|
consul1.key: |
|
||||||
|
${consul1_key}
|
||||||
|
consul2.crt: |
|
||||||
|
${consul2_crt}
|
||||||
|
consul2.key: |
|
||||||
|
${consul2_key}
|
||||||
|
consul3.crt: |
|
||||||
|
${consul3_crt}
|
||||||
|
consul3.key: |
|
||||||
|
${consul3_key}
|
||||||
|
enc.key: "${gossip_key}"
|
||||||
|
acl.enabled: "${enable_acl}"
|
||||||
|
acl.default_policy: "${acl_default_policy}"
|
||||||
|
acl.down_policy: "${acl_down_policy}"
|
||||||
|
acl.master_token: "${acl_master_token}"
|
||||||
|
ui.enabled: ${ui}
|
||||||
@ -1,5 +1,5 @@
|
|||||||
name: Consul Cluster
|
name: Consul Cluster
|
||||||
description: |
|
description: |
|
||||||
Consul cluster
|
Consul cluster
|
||||||
version: 0.8-rancher1
|
version: 1.0.1-rancher1
|
||||||
category: Clustering
|
category: Clustering
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user