There are quite a few tools used for deploying this architecture so it is therefore recommended to use docker for a consistent deployment environment.

fmeringdal / do-hashicorp-cluster

submited by
Style Pass
2021-08-11 11:30:10

There are quite a few tools used for deploying this architecture so it is therefore recommended to use docker for a consistent deployment environment.

Packer is the go-to tool for creating immutable machine images. We will use it to create the image which our cluster droplets consists of.

Our app will need Vault secrets so we need to initialize and unseal Vault before it can be used. We will also manage all of the Vault configuration with Terraform.

Nomad needs a Vault token in order to query Vault for secrets that it can pass on to the jobs deployed on Nomad. This script will restart the Nomad servers with the Vault token generated in the Terraform configuration for Vault in the previous step.

Lets now connect all the pieces together by deploying a app on Nomad that fetches dynamic PostgreSQL credentials from Vault and is exposed publicly by Traefik.

The app will be available at http://FLOATING_IP:80, you can find the floting IP from the cluster terraform output or in the digitalocean ui. The app will show you the secrets it has received and also let you make DB queries.

Leave a Comment
Related Posts