Skip to content

Commit

Permalink
Conditionally deploy a sidecar container
Browse files Browse the repository at this point in the history
  • Loading branch information
DrizzlyOwl committed Oct 22, 2024
1 parent 4837669 commit 4478fcb
Show file tree
Hide file tree
Showing 7 changed files with 111 additions and 30 deletions.
2 changes: 1 addition & 1 deletion README.md

Large diffs are not rendered by default.

63 changes: 60 additions & 3 deletions container-definitions/app.json.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
"tag": "${syslog_tag}"
}
},
%{else}
%{ else }
%{ if cloudwatch_log_group != "" }
"logConfiguration": {
"logDriver": "awslogs",
Expand Down Expand Up @@ -39,6 +39,11 @@
"containerPort": ${container_port}
}
],
%{ if enable_sidecar_container },
"healthCheck": {
"command": ["CMD-SHELL", "curl -f localhost:${container_port} || exit 1]
},
%{ endif }
%{ endif }
%{ if environment != "[]" }
"environment": ${environment},
Expand All @@ -63,13 +68,65 @@
%{ if security_options != "[]" }
"dockerSecurityOptions": ${security_options},
%{ endif }
%{if entrypoint != "[]"}
%{ if entrypoint != "[]" }
"entrypoint": ${entrypoint},
%{ endif }
%{if command != "[]"}
%{ if command != "[]" }
"command": ${command},
%{ endif }
"memoryReservation": 16,
"essential": true
}
{% if enable_sidecar_container },
{
"image": "${sidecar_image}",
"name": "${sidecar_container_name}",
%{ if syslog_address != "" }
"logConfiguration": {
"logDriver": "syslog",
"options": {
"syslog-address": "${syslog_address}",
"tag": "${syslog_tag}"
}
},
%{ else }
%{ if cloudwatch_log_group != "" }
"logConfiguration": {
"logDriver": "awslogs",
"options": {
%{ if awslogs_stream_prefix != "" }
"awslogs-stream-prefix": "${awslogs_stream_prefix}",
%{ endif }
"awslogs-group": "${cloudwatch_log_group}",
"awslogs-region": "${region}"
}
},
%{ else }
"logConfiguration": {
"logDriver": "json-file"
},
%{ endif }
"portMappings": [
{
"hostPort": 0,
"protocol": "tcp",
"containerPort": 8080
}
],
%{ if sidecar_environment != "[]" }
"environment": ${sidecar_environment},
%{ endif }
%{ if sidecar_entrypoint != "[]" }
"entrypoint": ${sidecar_entrypoint},
%{ endif }
"memoryReservation": 16,
"essential": true,
"dependsOn": [
{
"containerName": "${container_name}",
"condition": "HEALTHY"
}
]
}
%{ endif }
]
19 changes: 12 additions & 7 deletions ecs-cluster-infrastructure-logspout-service.tf
Original file line number Diff line number Diff line change
Expand Up @@ -20,13 +20,18 @@ resource "aws_ecs_task_definition" "infrastructure_ecs_cluster_logspout" {
containerPath = "/var/run/docker.sock"
}
])
linux_parameters = jsonencode({})
security_options = jsonencode([])
syslog_address = ""
syslog_tag = ""
cloudwatch_log_group = ""
awslogs_stream_prefix = ""
region = local.aws_region
linux_parameters = jsonencode({})
security_options = jsonencode([])
syslog_address = ""
syslog_tag = ""
cloudwatch_log_group = ""
awslogs_stream_prefix = ""
region = local.aws_region
enable_sidecar_container = false
sidecar_container_name = ""
sidecar_image = ""
sidecar_environment = "[]"
sidecar_entrypoint = "[]"
}
)

Expand Down
17 changes: 11 additions & 6 deletions ecs-cluster-infrastructure-service-scheduled-task.tf
Original file line number Diff line number Diff line change
Expand Up @@ -40,12 +40,17 @@ resource "aws_ecs_task_definition" "infrastructure_ecs_cluster_service_scheduled
linux_parameters = jsonencode({
initProcessEnabled = false
})
security_options = jsonencode([])
syslog_address = !local.infrastructure_ecs_cluster_logspout_enabled ? local.infrastructure_ecs_cluster_syslog_docker_address : ""
syslog_tag = "${local.resource_prefix}-${each.key}-{{.ID}}"
cloudwatch_log_group = !local.infrastructure_ecs_cluster_logspout_enabled ? each.value["enable_cloudwatch_logs"] == true ? aws_cloudwatch_log_group.infrastructure_ecs_cluster_service[each.value["container_name"]].name : "" : ""
awslogs_stream_prefix = ""
region = local.aws_region
security_options = jsonencode([])
syslog_address = !local.infrastructure_ecs_cluster_logspout_enabled ? local.infrastructure_ecs_cluster_syslog_docker_address : ""
syslog_tag = "${local.resource_prefix}-${each.key}-{{.ID}}"
cloudwatch_log_group = !local.infrastructure_ecs_cluster_logspout_enabled ? each.value["enable_cloudwatch_logs"] == true ? aws_cloudwatch_log_group.infrastructure_ecs_cluster_service[each.value["container_name"]].name : "" : ""
awslogs_stream_prefix = ""
region = local.aws_region
enable_sidecar_container = false
sidecar_container_name = ""
sidecar_image = ""
sidecar_environment = "[]"
sidecar_entrypoint = "[]"
}
)
execution_role_arn = aws_iam_role.infrastructure_ecs_cluster_service_task_execution[each.value["container_name"]].arn
Expand Down
17 changes: 11 additions & 6 deletions ecs-cluster-infrastructure-service.tf
Original file line number Diff line number Diff line change
Expand Up @@ -242,12 +242,17 @@ resource "aws_ecs_task_definition" "infrastructure_ecs_cluster_service" {
linux_parameters = each.value["enable_execute_command"] == true ? jsonencode({
initProcessEnabled = true
}) : "{}"
security_options = jsonencode([])
syslog_address = !local.infrastructure_ecs_cluster_logspout_enabled ? local.infrastructure_ecs_cluster_syslog_docker_address : ""
syslog_tag = "${local.resource_prefix}-${each.key}-{{.ID}}"
cloudwatch_log_group = !local.infrastructure_ecs_cluster_logspout_enabled ? each.value["enable_cloudwatch_logs"] == true ? aws_cloudwatch_log_group.infrastructure_ecs_cluster_service[each.key].name : "" : ""
awslogs_stream_prefix = ""
region = local.aws_region
security_options = jsonencode([])
syslog_address = !local.infrastructure_ecs_cluster_logspout_enabled ? local.infrastructure_ecs_cluster_syslog_docker_address : ""
syslog_tag = "${local.resource_prefix}-${each.key}-{{.ID}}"
cloudwatch_log_group = !local.infrastructure_ecs_cluster_logspout_enabled ? each.value["enable_cloudwatch_logs"] == true ? aws_cloudwatch_log_group.infrastructure_ecs_cluster_service[each.key].name : "" : ""
awslogs_stream_prefix = ""
region = local.aws_region
enable_sidecar_container = each.value["enable_sidecar_container"]
sidecar_container_name = "${each.key}-sidecar"
sidecar_image = each.value["sidecar_image"]
sidecar_environment = "[]"
sidecar_entrypoint = "[]"
}
)
execution_role_arn = aws_iam_role.infrastructure_ecs_cluster_service_task_execution[each.key].arn
Expand Down
17 changes: 11 additions & 6 deletions rds-infrastructure-s3-backups-task-definition.tf
Original file line number Diff line number Diff line change
Expand Up @@ -168,12 +168,17 @@ resource "aws_ecs_task_definition" "infrastructure_rds_s3_backups_scheduled_task
linux_parameters = jsonencode({
initProcessEnabled = false
})
security_options = jsonencode([])
syslog_address = ""
syslog_tag = ""
cloudwatch_log_group = aws_cloudwatch_log_group.infrastructure_rds_s3_backups[each.key].name
awslogs_stream_prefix = "${local.resource_prefix}-rds-s3-backups-${each.key}"
region = local.aws_region
security_options = jsonencode([])
syslog_address = ""
syslog_tag = ""
cloudwatch_log_group = aws_cloudwatch_log_group.infrastructure_rds_s3_backups[each.key].name
awslogs_stream_prefix = "${local.resource_prefix}-rds-s3-backups-${each.key}"
region = local.aws_region
enable_sidecar_container = false
sidecar_container_name = ""
sidecar_image = ""
sidecar_environment = "[]"
sidecar_entrypoint = "[]"
}
)
execution_role_arn = aws_iam_role.infrastructure_rds_s3_backups_task_execution[each.key].arn
Expand Down
6 changes: 5 additions & 1 deletion variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -580,9 +580,11 @@ variable "infrastructure_ecs_cluster_services" {
container_count: Number of containers to launch for the service
container_heath_check_path: Destination for the health check request
container_heath_grace_period: Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown
enable_sidecar_container: Launch a sidecar container that will act as a proxy for all incoming traffic
sidecar_image: A specific Docker tag to use for the sidecar container. Defaults to nginx:stable (eg. nginx:1.27.1)
scheduled_tasks: A map of scheduled tasks that use the same image as the service defined eg. { "name" => { "entrypoint" = ["bundle", "exec", "run_jobs"], "schedule_expression" = "cron(* * * * ? *)" } }
domain_names: Domain names to assign to CloudFront aliases, and the Application Load Balancer's `host_header` condition
enable_cloudfront: Enable cloadfront for the service
enable_cloudfront: Enable CloudFront for the service
cloudfront_tls_certificate_arn: Certificate ARN to attach to CloudFront - must contain the names provided in `domain_names`
cloudfront_access_logging_enabled: Enable access logging for the distribution to the infrastructure S3 logs bucket
cloudfront_bypass_protection_enabled: This adds a secret header at the CloudFront level, which is then checked by the ALB listener rules. Requests are only forwarded if the header matches, preventing requests going directly to the ALB.
Expand Down Expand Up @@ -633,6 +635,8 @@ variable "infrastructure_ecs_cluster_services" {
container_count = optional(number, null)
container_heath_check_path = optional(string, null)
container_heath_grace_period = optional(number, null)
enable_sidecar_container = optional(bool, false)
sidecar_image = optional(string, "nginx:stable")
scheduled_tasks = optional(map(object({
entrypoint = list(string)
schedule_expression = string
Expand Down

0 comments on commit 4478fcb

Please sign in to comment.