{"id":13785547,"url":"https://github.com/picatz/terraform-google-nomad","last_synced_at":"2025-04-22T19:31:39.665Z","repository":{"id":44607896,"uuid":"249424939","full_name":"picatz/terraform-google-nomad","owner":"picatz","description":"📗 Terraform Module for Nomad clusters with Consul on GCP","archived":false,"fork":false,"pushed_at":"2023-12-18T23:03:43.000Z","size":380,"stargazers_count":78,"open_issues_count":6,"forks_count":16,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-04-02T03:06:33.184Z","etag":null,"topics":["acls","consul","consul-connect","gcp","mtls","nomad","packer","ssh","terraform"],"latest_commit_sha":null,"homepage":"https://registry.terraform.io/modules/picatz/nomad/google","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/picatz.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-03-23T12:29:50.000Z","updated_at":"2025-02-13T19:14:37.000Z","dependencies_parsed_at":"2024-01-08T01:44:54.804Z","dependency_job_id":"31c592be-95e9-457c-8fee-7d94d3a33fc6","html_url":"https://github.com/picatz/terraform-google-nomad","commit_stats":null,"previous_names":[],"tags_count":42,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/picatz%2Fterraform-google-nomad","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/picatz%2Fterraform-google-nomad/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/picatz%2Fterraform-google-nomad/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/picatz%2Fterraform-google-nomad/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/picatz","download_url":"https://codeload.github.com/picatz/terraform-google-nomad/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250308417,"owners_count":21409265,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["acls","consul","consul-connect","gcp","mtls","nomad","packer","ssh","terraform"],"created_at":"2024-08-03T19:01:01.705Z","updated_at":"2025-04-22T19:31:38.466Z","avatar_url":"https://github.com/picatz.png","language":"HCL","funding_links":[],"categories":["Infrastructure setup"],"sub_categories":["Deployment and Cluster Setup"],"readme":"# Nomad Cluster\n\n[![Nomad Version](https://img.shields.io/badge/Nomad%20Version-1.6.1-00bc7f.svg)](https://www.nomadproject.io/downloads) [![Consul Version](https://img.shields.io/badge/Consul%20Version-1.16.1-ca2171.svg)](https://www.consul.io/downloads)\n\n[Terraform](https://www.terraform.io/) Module for [Nomad](https://nomadproject.io/) clusters with [Consul](https://www.consul.io/) on [GCP](https://cloud.google.com/).\n\n## Module Features\n\n* Includes HashiCorp's [Consul](https://www.consul.io/) service mesh\n* Gossip encryption, mTLS, and ACLs enabled for Nomad and Consul\n* Optional load balancer and DNS configuration\n* Optional SSH bastion host\n* Only the [Docker task driver](https://www.nomadproject.io/docs/drivers/docker) is enabled\n* Installs the [gVisor](https://gvisor.dev/) container runtime (`runsc`)\n* Installs the [Falco](https://falco.org/) runtime security monitor\n\n## Cloud Shell Interactive Tutorial\n\nFor a full interactive tutorial to get started using this module:\n\n[![Open in Cloud Shell](https://gstatic.com/cloudssh/images/open-btn.svg)](https://ssh.cloud.google.com/cloudshell/editor?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fpicatz%2Fterraform-google-nomad\u0026cloudshell_print=cloud-shell%2Fprint.txt\u0026cloudshell_tutorial=cloud-shell%2Fsteps.md\u0026shellonly=true)\n\n## Infrastructure Diagram\n\n\u003cp align=\"center\"\u003e\n    \u003cimg alt=\"Infrastructure Diagram\" src=\"./diagrams/readme.svg\" height=\"900\"/\u003e\n\u003c/p\u003e\n\n## Logs\n\nLogs are centralized using GCP's [Cloud Logging](https://cloud.google.com/logging). You can use the following filter to see all Nomad agent logs:\n\n```console\n$ gcloud logging read 'resource.type=\"gce_instance\" jsonPayload.ident=\"nomad\"'\n...\n```\n\n```console\n$ gcloud logging read 'resource.type=\"gce_instance\" jsonPayload.ident=\"nomad\" jsonPayload.host=\"server-0\"' --format=json | jq -r '.[] | .jsonPayload.message' | less\n...\n```\n\nLogs can also be collected within the cluster using Promtail and Loki, then visualized using Grafana (optionally exposed using a public load balancer and DNS name).\n\n```console\n$ DNS_ENABLED=true PUBLIC_DOMAIN=\"nomad.your-domain.com\" make terraform/apply\n...\n$ export CONSUL_HTTP_TOKEN=$(terraform output -json | jq -r .consul_master_token.value)\n$ make consul/metrics/acls\n...\n🔑 Creating Consul ACL Token to Use for Prometheus Consul Service Discovery\nAccessorID:       15b9a51d-7af4-e8d4-7c09-312c594a5907\nSecretID:         2a1c7926-b6e3-566e-ddf5-b19279fa134e\nDescription:\nLocal:            false\nCreate Time:      2021-04-11 16:16:03.90231.6.1 +0000 UTC\nRoles:\n   6ae941.6.1c07-49a7-fa95-8ce14aa8a75e - metrics\n\n$ consul_acl_token=2a1c7926-b6e3-566e-ddf5-b19279fa134e make nomad/metrics\n$ make nomad/logs\n$ make nomad/ingress\n$ GRAFANA_PUBLIC_DOMAIN=\"grafana.your-domain.com\" GRAFANA_LOAD_BALANCER_ENABLED=true DNS_ENABLED=true PUBLIC_DOMAIN=\"nomad.your-domain.com\" make terraform/apply\n$ open http://public.grafana.your-domain.com:3000/login\n```\n\n## Bootstrap ACL Token\n\nIf the cluster is started with ACLs enabled, which is the default behavior of this module, you may see this:\n\n```console\n$ export NOMAD_ADDR=\"https://$(terraform output -json | jq -r .load_balancer_ip.value):4646\"\n$ nomad status\nError querying jobs: Unexpected response code: 403 (Permission denied)\n```\n\nWe can bootstrap ACLs to get the bootstrap management token like so:\n\n```console\n$ nomad acl bootstrap\nAccessor ID  = a1495889-37ce-6784-78f3-31.6.1984bca\nSecret ID    = dc8c0349-c1fd-dc2c-299c-d513e5dd6df2\nName         = Bootstrap Token\nType         = management\nGlobal       = true\nPolicies     = n/a\nCreate Time  = 2020-04-27 05:24:43.734587566 +0000 UTC\nCreate Index = 7\nModify Index = 7\n```\n\nThen we can use that token (Secret ID) to perform the rest of the ACL bootstrapping process:\n\n```console\n$ export NOMAD_TOKEN=\"dc8c0349-c1fd-dc2c-299c-d513e5dd6df2\"\n$ nomad status\nNo running jobs\n$ ...\n```\n\n## Use `ssh-mtls-terminating-proxy` to access the Nomad UI\n\nWhen using the SSH bastion, you can use the `ssh-mtls-terminating-proxy.go` helper script to tunnel a connection from localhost to the Nomad server API:\n\n```console\n$ make ssh/proxy/mtls\n2021/04/11.16.18:28 getting terraform output\n2021/04/11.16.18:29 Bastion IP: \"34.73.106.60\"\n2021/04/11.16.18:29 Server IP: \"1.6.168.2.8\"\n2021/04/11.16.18:29 Setting up SSH agent\n2021/04/11.16.18:29 connecting to the bastion\n2021/04/11.16.18:29 connecting to the server through the bastion\n2021/04/11.16.18:30 wrapping the server connection with SSH through the bastion\n2021/04/11.16.18:30 tunneling a new connection for Consul to the server with SSH through the bastion\n2021/04/11.16.18:30 loading Consul TLS data\n2021/04/11.16.18:30 tunneling a new connection for somad to the server with ssh through the bastion\n2021/04/11.16.18:30 loading Nomad TLS data\n2021/04/11.16.18:30 starting Consul local listener on localhost:8500\n2021/04/11.16.18:30 starting Nomad local listener on localhost:4646\n...\n```\n\nThen open your browser at `http://localhost:4646/ui/` to securely access the Nomad UI.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpicatz%2Fterraform-google-nomad","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpicatz%2Fterraform-google-nomad","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpicatz%2Fterraform-google-nomad/lists"}