Terraform configuration to create a Nomad cluster in LXD using Terraform, Ansible and Packer
After deploying, the following urls will be available:
Root tokens for Consul, Vault and Nomad will be available at .tmp/root_token_{consul,vault,nomad}.txt.
The cluster contains the following nodes:
- 3 Consul nodes
- 3 Vault nodes
- 3 Nomad server nodes
- 5 Nomad client nodes (3 "apps" nodes, 2 "infra" node)
- 1 NFS server node
- 1 Load Balancer node running HAProxy
Consul is used to bootstrap the Nomad cluster, for service discovery and service mesh.
The client infra nodes are the entrypoint of the cluster in which Traefik will be deployed and use Consul service catalog to expose applications.
HAProxy is configured to load balance between the two infra nodes. The container will map
ports 80 and 443 on the host in order to expose the services under *.localhost.
The proxy configuration exposes the services at {{ service name }}.apps.localhost.
Nomad will be configured with authentication from Vault and a Keycloak instance deployed as a service.
There will be 2 users on both authentication mechanism: admin and operator,
with passwords equal to their respective usernames.
For storage with the NFS node, a CSI plugin will be configured using the RocketDuck CSI plugin.
Packer is used to build a nomad client lxd image. Since the nomad clients significantly outnumber other servers, it makes sense to create an image to deploy them.