Created
February 22, 2021 20:26
-
-
Save jeffwecan/0acb18310858b94e26e3c0a4adaadc4f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
variable "allowlist_excluded_ips" { | |
type = list(string) | |
default = [ | |
"127.0.0.1/32", | |
"192.168.240.0/23", | |
] | |
} | |
variable "allowlist_source_range" { | |
type = list(string) | |
description = "List of CIDR blocks allowed ingress via traefik." | |
default = [ | |
"0.0.0.0/0", | |
] | |
} | |
variable "domain_name" { | |
type = string | |
default = "teamcity.devhashi.app" | |
} | |
variable "image_tag" { | |
type = string | |
default = "2020.2.2" | |
} | |
locals { | |
ipwhitelist_sourcerange = join(",", concat(var.allowlist_source_range, var.allowlist_excluded_ips)) | |
ipwhitelist_excludedips = join(",", var.allowlist_excluded_ips) | |
} | |
job "teamcity-server" { | |
type = "service" | |
datacenters = [ | |
"us-west-2", | |
# TODO: drop the dev-/prod- prefixed DC names once the non-env-specific "us-west-2" string is available | |
"dev-us-west-2", | |
"prod-us-west-2", | |
] | |
update { | |
max_parallel = 1 | |
health_check = "checks" | |
min_healthy_time = "10s" | |
healthy_deadline = "30m" | |
progress_deadline = "60m" | |
auto_revert = false | |
auto_promote = false | |
canary = 0 | |
stagger = "2m" | |
} | |
migrate { | |
max_parallel = 1 | |
health_check = "checks" | |
min_healthy_time = "2m" | |
healthy_deadline = "10m" | |
} | |
group "teamcity" { | |
count = 1 | |
shutdown_delay = "1m" | |
restart { | |
interval = "10m" | |
attempts = 3 | |
delay = "3m" | |
mode = "delay" | |
} | |
reschedule { | |
attempts = 0 | |
unlimited = false | |
} | |
# volume "teamcity-server" { | |
# type = "csi" | |
# read_only = false | |
# source = "teamcity-efs" | |
# } | |
network { | |
port "server" { | |
to = 8111 | |
} | |
} | |
service { | |
name = "teamcity-server" | |
port = "server" | |
address_mode = "host" | |
tags = [ | |
"traefik.enable=true", | |
"traefik.http.middlewares.teamcity-ipallowlist-$${NOMAD_ALLOC_ID}.ipwhitelist.sourcerange=${local.ipwhitelist_sourcerange}", | |
"traefik.http.middlewares.teamcity-ipallowlist-$${NOMAD_ALLOC_ID}.ipwhitelist.ipstrategy.excludedips=${local.ipwhitelist_excludedips}", | |
"traefik.http.routers.teamcity-$${NOMAD_ALLOC_ID}.tls=true", | |
"traefik.http.routers.teamcity-$${NOMAD_ALLOC_ID}.rule=Host(`${var.domain_name}`)", | |
"traefik.http.routers.teamcity-$${NOMAD_ALLOC_ID}.middlewares=teamcity-ipallowlist-$${NOMAD_ALLOC_ID}@consulcatalog", | |
] | |
# TODO: not sure if an appropriate HTTP-based healthcheck endpoint is availale. | |
# So just using a simple TCP check at the moment. | |
# check { | |
# type = "http" | |
# port = "server" | |
# path = "/" | |
# interval = "10s" | |
# timeout = "2s" | |
# } | |
check { | |
type = "tcp" | |
port = "server" | |
interval = "10s" | |
timeout = "2s" | |
} | |
} | |
task "server" { | |
driver = "docker" | |
kill_timeout = "60m" | |
# volume_mount { | |
# volume = "teamcity-server" | |
# destination = "/data/teamcity_server/datadir" | |
# read_only = false | |
# } | |
scaling "cpu" { | |
policy { | |
check "90pct" { | |
strategy "app-sizing-percentile" { | |
percentile = "98" | |
} | |
} | |
} | |
} | |
scaling "mem" { | |
policy { | |
check "max" { | |
strategy "app-sizing-max" {} | |
} | |
} | |
} | |
resources { | |
cpu = 4000 | |
memory = 3000 | |
} | |
config { | |
image = "jetbrains/teamcity-server:${var.image_tag}" | |
ports = [ | |
"server", | |
] | |
} | |
env { | |
TEAMCITY_LOGS = "local/" | |
} | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment