From 153206c479ed34073593117328fe74db7f2edd32 Mon Sep 17 00:00:00 2001 From: JaredDarling <46824759+JaredDarling@users.noreply.github.com> Date: Wed, 18 Oct 2023 03:45:33 -0700 Subject: [PATCH] Adds support for additional containers (sidecars) (#107) Co-authored-by: Jared Darling --- examples/test/main.tf | 54 ++++++++++++++++++++---- main.tf | 97 ++++++++++++++++++++++--------------------- variables.tf | 35 ++++++++++++++-- 3 files changed, 127 insertions(+), 59 deletions(-) diff --git a/examples/test/main.tf b/examples/test/main.tf index 993e231..9cc7d7e 100644 --- a/examples/test/main.tf +++ b/examples/test/main.tf @@ -1,10 +1,48 @@ +locals { + public_subnet_ids = [for s in module.base-network.public_subnets : s.id] + private_subnet_ids = [for s in module.base-network.private_subnets : s.id] +} + module "base-network" { - source = "cn-terraform/networking/aws" - name_prefix = "test-networking" - vpc_cidr_block = "192.168.0.0/16" - availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c", "us-east-1d"] - public_subnets_cidrs_per_availability_zone = ["192.168.0.0/19", "192.168.32.0/19", "192.168.64.0/19", "192.168.96.0/19"] - private_subnets_cidrs_per_availability_zone = ["192.168.128.0/19", "192.168.160.0/19", "192.168.192.0/19", "192.168.224.0/19"] + source = "cn-terraform/networking/aws" + cidr_block = "192.168.0.0/16" + + vpc_additional_tags = { + vpc_tag1 = "tag1", + vpc_tag2 = "tag2", + } + + public_subnets = { + first_public_subnet = { + availability_zone = "us-east-1a" + cidr_block = "192.168.0.0/19" + } + second_public_subnet = { + availability_zone = "us-east-1b" + cidr_block = "192.168.32.0/19" + } + } + + public_subnets_additional_tags = { + public_subnet_tag1 = "tag1", + public_subnet_tag2 = "tag2", + } + + private_subnets = { + first_private_subnet = { + availability_zone = "us-east-1a" + cidr_block = "192.168.128.0/19" + } + second_private_subnet = { + availability_zone = "us-east-1b" + cidr_block = "192.168.160.0/19" + } + } + + private_subnets_additional_tags = { + private_subnet_tag1 = "tag1", + private_subnet_tag2 = "tag2", + } } module "test" { @@ -13,6 +51,6 @@ module "test" { vpc_id = module.base-network.vpc_id container_image = "ubuntu" container_name = "test" - public_subnets_ids = module.base-network.public_subnets_ids - private_subnets_ids = module.base-network.private_subnets_ids + public_subnets_ids = local.public_subnet_ids + private_subnets_ids = local.private_subnet_ids } diff --git a/main.tf b/main.tf index dd95d16..0c25a3d 100644 --- a/main.tf +++ b/main.tf @@ -15,56 +15,57 @@ module "ecs-cluster" { #------------------------------------------------------------------------------ module "td" { source = "cn-terraform/ecs-fargate-task-definition/aws" - version = "1.0.35" + version = "1.0.36" # source = "../terraform-aws-ecs-fargate-task-definition" - name_prefix = var.name_prefix - container_name = var.container_name - container_image = var.container_image - container_memory = var.container_memory - container_memory_reservation = var.container_memory_reservation - container_definition = var.container_definition - port_mappings = var.port_mappings - healthcheck = var.healthcheck - container_cpu = var.container_cpu - essential = var.essential - entrypoint = var.entrypoint - command = var.command - working_directory = var.working_directory - environment = var.environment - extra_hosts = var.extra_hosts - map_environment = var.map_environment - environment_files = var.environment_files - secrets = var.secrets - readonly_root_filesystem = var.readonly_root_filesystem - linux_parameters = var.linux_parameters - log_configuration = var.log_configuration - firelens_configuration = var.firelens_configuration - mount_points = var.mount_points - dns_servers = var.dns_servers - dns_search_domains = var.dns_search_domains - ulimits = var.ulimits - repository_credentials = var.repository_credentials - volumes_from = var.volumes_from - links = var.links - user = var.user - container_depends_on = var.container_depends_on - docker_labels = var.docker_labels - start_timeout = var.start_timeout - stop_timeout = var.stop_timeout - privileged = var.privileged - system_controls = var.system_controls - hostname = var.hostname - disable_networking = var.disable_networking - interactive = var.interactive - pseudo_terminal = var.pseudo_terminal - docker_security_options = var.docker_security_options + additional_containers = var.additional_containers + command = var.command + container_cpu = var.container_cpu + container_definition_overrides = var.container_definition_overrides + container_depends_on = var.container_depends_on + container_image = var.container_image + container_memory = var.container_memory + container_memory_reservation = var.container_memory_reservation + container_name = var.container_name + disable_networking = var.disable_networking + dns_search_domains = var.dns_search_domains + dns_servers = var.dns_servers + docker_labels = var.docker_labels + docker_security_options = var.docker_security_options + entrypoint = var.entrypoint + environment = var.environment + environment_files = var.environment_files + essential = var.essential + extra_hosts = var.extra_hosts + firelens_configuration = var.firelens_configuration + healthcheck = var.healthcheck + hostname = var.hostname + interactive = var.interactive + links = var.links + linux_parameters = var.linux_parameters + log_configuration = var.log_configuration + map_environment = var.map_environment + mount_points = var.mount_points + name_prefix = var.name_prefix + port_mappings = var.port_mappings + privileged = var.privileged + pseudo_terminal = var.pseudo_terminal + readonly_root_filesystem = var.readonly_root_filesystem + repository_credentials = var.repository_credentials + secrets = var.secrets + start_timeout = var.start_timeout + stop_timeout = var.stop_timeout + system_controls = var.system_controls + ulimits = var.ulimits + user = var.user + volumes_from = var.volumes_from + working_directory = var.working_directory + ecs_task_execution_role_custom_policies = var.ecs_task_execution_role_custom_policies + ephemeral_storage_size = var.ephemeral_storage_size permissions_boundary = var.permissions_boundary placement_constraints = var.placement_constraints_task_definition proxy_configuration = var.proxy_configuration - ephemeral_storage_size = var.ephemeral_storage_size - ecs_task_execution_role_custom_policies = var.ecs_task_execution_role_custom_policies volumes = var.volumes tags = var.tags @@ -75,19 +76,20 @@ module "td" { #------------------------------------------------------------------------------ module "ecs-fargate-service" { source = "cn-terraform/ecs-fargate-service/aws" - version = "2.0.41" + version = "2.0.42" # source = "../terraform-aws-ecs-fargate-service" name_prefix = var.name_prefix vpc_id = var.vpc_id - ecs_cluster_arn = module.ecs-cluster.aws_ecs_cluster_cluster_arn + deployment_controller = var.deployment_controller deployment_maximum_percent = var.deployment_maximum_percent deployment_minimum_healthy_percent = var.deployment_minimum_healthy_percent - deployment_controller = var.deployment_controller desired_count = var.desired_count + ecs_cluster_arn = module.ecs-cluster.aws_ecs_cluster_cluster_arn enable_ecs_managed_tags = var.enable_ecs_managed_tags enable_execute_command = var.enable_execute_command + force_new_deployment = var.force_new_deployment health_check_grace_period_seconds = var.health_check_grace_period_seconds ordered_placement_strategy = var.ordered_placement_strategy placement_constraints = var.ecs_service_placement_constraints @@ -115,6 +117,7 @@ module "ecs-fargate-service" { # Application Load Balancer custom_lb_arn = var.custom_lb_arn + additional_lbs = var.additional_lbs lb_internal = var.lb_internal lb_security_groups = var.lb_security_groups lb_drop_invalid_header_fields = var.lb_drop_invalid_header_fields diff --git a/variables.tf b/variables.tf index 252d471..488ee23 100644 --- a/variables.tf +++ b/variables.tf @@ -27,6 +27,12 @@ variable "vpc_id" { #------------------------------------------------------------------------------ # AWS ECS Container Definition Variables #------------------------------------------------------------------------------ +variable "additional_containers" { + description = "Additional container definitions (sidecars) to use for the task." + default = [] + type = any #cloudposse/ecs-container-definition/aws +} + variable "container_name" { type = string description = "The name of the container. Up to 255 characters ([a-z], [A-Z], [0-9], -, _ allowed)" @@ -49,7 +55,7 @@ variable "container_memory_reservation" { default = 2048 # 2 GB } -variable "container_definition" { +variable "container_definition_overrides" { type = map(any) description = "Container definition overrides which allows for extra keys or overriding existing keys." default = {} @@ -414,7 +420,9 @@ variable "deployment_minimum_healthy_percent" { variable "deployment_controller" { description = "(Optional) Deployment controller" type = list(any) - default = [] + default = [{ + type = "ECS" + }] } variable "desired_count" { @@ -429,6 +437,12 @@ variable "enable_ecs_managed_tags" { default = false } +variable "force_new_deployment" { + description = "(Optional) Enable to force a new task deployment of the service. This can be used to update tasks to use a newer Docker image with same image/tag combination (e.g. myimage:latest), roll Fargate tasks onto a newer platform version, or immediately deploy ordered_placement_strategy and placement_constraints updates." + default = false + type = bool +} + variable "enable_execute_command" { description = "(Optional) Specifies whether to enable Amazon ECS Exec for the tasks within the service." type = bool @@ -521,6 +535,19 @@ variable "custom_lb_arn" { default = null } +variable "additional_lbs" { + default = {} + description = "Additional load balancers to add to ECS service" + type = map(object + ( + { + target_group_arn = string + container_port = number + } + ) + ) +} + variable "lb_internal" { description = "(Optional) If true, the LB will be internal." type = bool @@ -615,7 +642,7 @@ variable "lb_http_ports" { description = "Map containing objects with two fields, listener_port and the target_group_port to redirect HTTP requests" type = map(any) default = { - default_http = { + default-http = { listener_port = 80 target_group_port = 80 } @@ -638,7 +665,7 @@ variable "lb_https_ports" { description = "Map containing objects with two fields, listener_port and the target_group_port to redirect HTTPS requests" type = map(any) default = { - default_http = { + default-https = { listener_port = 443 target_group_port = 443 }