Kubernetes Cluster k8s_cluster

Network attaches the container to an existing network defined in a separate stanza. This block can be specified multiple times to attach the container to multiple networks.

Image defines a Docker image to use when creating the container. By default the nomad cluster resource will be created using the latest Jumppad container image.

An env stanza allows you to set environment variables in the container. This stanza can be specified multiple times.

env {
  key   = "PATH"
  value = "/usr/local/bin"
}

Additional volume to mount to the server and client nodes.

volume {
  source = "./mydirectory"
  destination = "/path_in_container"
}

Docker image in the local Docker image cache to copy to the cluster on creation. This image is added to the Nomad clients docker cache enabling jobs to use images that may not be in the local registry.

Jumppad tracks changes to copied images, should the image change running jumppad up would push any changes to the cluster automatically.

copy_image {
  name = "mylocalimage:versoin"
}

A port stanza allows you to expose container ports on the local network or host. This stanza can be specified multiple times.

port {
  local = 80
  host  = 8080
}

A port_range stanza allows you to expose a range of container ports on the local network or host. This stanza can be specified multiple times.

The following example would create 11 ports from 80 to 90 (inclusive) and expose them to the host machine.

port {
  range       = "80-90"
  enable_host = true
}

Port to expose the Kubernetes API on the host. By default this uses the standard api port 443; however, if you are running multiple kubernetes instances you will need to override this value.

The port where the Jumppad connector is exposed to the host, this property is requied by the ingress resource and is not generally needed when building blueprints.

Details for the Kubenetes config file that can be used to interact with the cluster.

The fully qualified resource name for the Kubernetes cluster, this value can be used to address the server from the Docker network. It is also the name of the Docker container.

  server.name.k8s-cluster.jumpad.dev

Local IP address of the Nomad server, this property can be used to set the NOAMD_ADDR on the Jumppad client.

  output "K8S_ADDR" {
    value = "https://${resource.k8s_cluster.dev.external_ip}:${resource.k8s_cluster.dev.api_port}"
  }

Docker configuration for the Kubernetes cluster.

A list of docker registries that should not be proxied.

A list of insecure docker registries.

ID of the network to attach the container to, specified in reference format. e.g. to attach to a network called cloud

network {
  id = "network.cloud"
}

Static IP address to assign container for the network, the ip address must be within range defined by the network subnet. If this parameter is omitted an IP address will be automatically assigned.

Aliases allow alternate names to specified for the container. Aliases can be used to reference a container across the network, the container will respond to ping and other network resolution using the primary assigned name [name].container.shipyard.run and the aliases.

network {
  name    = "network.cloud"
  aliases = [
    "alt1.container.local.jmpd.in", 
    "alt2.container.local.jmpd.in"
  ]
}

Name will equal the name of the network as created by jumppad.

assigned_address will equal the assigned IP address for the network. This will equal ip_address if set; otherwise, this is the automatically assigned ip_address.

Name of the image to use when creating the container, can either be the full canonical name or short name for Docker official images. e.g. consul:v1.6.1 or docker.io/consul:v1.6.1.

Username to use when connecting to a private image repository

Password to use when connecting to a private image repository, for both username and password interpolated environment variables can be used in place of static values.

image {
  name = "myregistry.io/myimage:latest"
  username = env("REGISTRY_USERNAME")
  password = env("REGISTRY_PASSWORD")
}

The source volume to mount in the container, can be specified as a relative ./ or absolute path /usr/local/bin. Relative paths are relative to the file declaring the container.

The destination in the container to mount the volume to, must be an absolute path.

The type of the mount, can be one of the following values:

• bind: bind the source path to the destination path in the container
• volume: source is a Docker volume
• tmpfs: create a temporary filesystem

Configures bind propagation for Docker volume mounts, only applies to bind mounts, can be one of the following values:

• shared
• slave
• private
• rslave
• rprivate

For more information please see the Docker documentation https://docs.docker.com/storage/bind-mounts/#configure-bind-propagation

Configures recursiveness of the bind mount. By default Docker mounts with the equivalent of mount --rbind meaning that mounts below the the source directory are visible in the container. For instance running docker run --rm --mount type=bind,src=/,target=/host,readonly busybox will make /run of the host available as /host/run in the container -- and to make matters even worse it will be writable (since only the toplevel bind is set readonly, not the children). If bind_propagation_non_recursive is set to true then the container will only see an empty /host/run, meaning the tmpfs which is typically mounted to /run on the host is not propagated into the container.

Configures Selinux relabeling for the container (usually specified as :z or :Z) and can be one of the following values:

• shared (Equivalent to :z)
• private (Equivalent to :Z)

The local port in the container.

The host port to map the local port to.

The protocol to use when exposing the port, can be "tcp", or "udp".

Should a browser window be automatically opened when this resource is created. Browser windows will open at the path specified by this property.

The port range to expose, e.g, 8080-8082 would expose the ports 8080, 8081, 8082.

The host port to map the local port to.

The protocol to use when exposing the port, can be "tcp", or "udp".

The path to the kubeconfig file.

The certificate authority used to secure the cluster API. This value is base64 encoded.

The client certificate authority used authenticate to the cluster API. This value is base64 encoded.

The private key used authenticate to the cluster API. This value is base64 encoded.