Opinionated.tf/docker/service/service.tf

resource "docker_service" "instance" {
  # The name of the service is the stack name and the service name combined
  name = local.service_name

  #depends_on = [terraform_data.conditional_build_hack["build"]]

  # Define the task spec
  task_spec {
    container_spec {
      image   = local.image_fully_qualified
      command = var.command
      env     = var.environment_variables

      # Mount the shm if needed
      dynamic "mounts" {
        for_each = docker_volume.shm
        content {
          source = docker_volume.shm[mounts.key].id
          target = "/dev/shm"
          type   = "tmpfs"
          tmpfs_options {
            size_bytes = local.shm_bytes
          }
          read_only = false
        }
      }

      # Mount all the created volumes
      dynamic "mounts" {
        for_each = var.volumes
        content {
          source    = docker_volume.volume[mounts.key].id
          target    = mounts.value
          type      = "volume"
          read_only = false # Nice assumption bro.
        }
      }

      # Mount all the volumes being remotely attached to the container
      dynamic "mounts" {
        for_each = var.remote_volumes
        content {
          source    = mounts.value.id
          target    = mounts.key
          type      = "volume"
          read_only = false # Nice assumption bro.
        }
      }

      # Iterate through "mounts" to bind host paths to container paths
      dynamic "mounts" {
        for_each = var.mounts
        content {
          source    = mounts.key
          target    = mounts.value
          type      = "bind"
          read_only = false # Nice assumption bro.
        }
      }

      # Iterate through configs and attach the docker configs
      dynamic "configs" {
        for_each = var.configs
        content {
          config_id   = module.config[configs.key].id
          config_name = module.config[configs.key].name
          file_name   = configs.key
        }
      }
      dynamic "configs" {
        for_each = var.remote_configs
        content {
          config_id   = configs.value.id
          config_name = configs.value.name
          file_name   = configs.key
        }
      }
      # Same for secrets
      dynamic "secrets" {
        for_each = var.secrets
        content {
          secret_id   = module.secrets[secrets.key].id
          secret_name = module.secrets[secrets.key].name
          file_name   = secrets.key
        }
      }

      # Allow overriding DNS server in use
      dynamic "dns_config" {
        for_each = var.dns_nameservers != null ? [{}] : []
        content {
          nameservers = var.dns_nameservers
        }
      }

      # Apply the healthcheck settings
      healthcheck {
        test         = var.healthcheck != null ? var.healthcheck : []
        interval     = var.healthcheck != null ? var.healthcheck_interval : "0s"
        timeout      = var.healthcheck != null ? var.healthcheck_timeout : "0s"
        retries      = var.healthcheck_retries
        start_period = var.healthcheck_start_period
      }

      # Apply the list of Container Labels
      dynamic "labels" {
        # Filter out null values
        for_each = local.merged_labels
        content {
          label = labels.key
          value = labels.value
        }
      }
    }

    # Apply the networks
    dynamic "networks_advanced" {
      for_each = local.networks
      content {
        name = networks_advanced.value.id
      }
    }

    # Apply restart policy
    restart_policy {
      condition    = var.one_shot ? "none" : var.restart_policy
      delay        = var.restart_delay
      window       = "0s"
      max_attempts = 0
    }

    # Apply the placement constraints
    placement {
      max_replicas = var.parallelism_per_node
      constraints  = var.placement_constraints
      dynamic "platforms" {
        for_each = var.processor_architecture != null && var.operating_system != null ? [{}] : []
        content {
          architecture = var.processor_architecture
          os           = var.operating_system
        }
      }
    }

    # Apply the resource limits and reservations
    resources {
      limits {
        memory_bytes = var.limit_ram_mb != null ? 1024 * 1024 * var.limit_ram_mb : 0
        nano_cpus    = var.limit_cpu != null ? (1000000000 / 100) * var.limit_cpu : 0
      }
      reservation {
        memory_bytes = var.reserved_ram_mb != null ? 1024 * 1024 * var.reserved_ram_mb : 0
        nano_cpus    = var.reserved_cpu != null ? (1000000000 / 100) * var.reserved_cpu : 0
      }
    }
  }

  # Global deploy
  dynamic "mode" {
    for_each = var.global ? [{}] : []
    content {
      global = true
    }
  }
  # Or replicated deploy
  dynamic "mode" {
    for_each = !var.global ? [{}] : []
    content {
      replicated {
        replicas = var.enable ? var.parallelism : 0
      }
    }
  }

  # Behaviour regarding startup and delaying/waiting.
  # Converging is not possible when:
  #  * in global deploy mode
  #  * in one-shot mode
  #  * converging is disabled
  #  * the service does not have a well-defined healthcheck, maybe you should add one to the service, or to the container itself ideally.
  dynamic "converge_config" {
    for_each = var.converge_enable && !var.global && !var.one_shot ? [{}] : []
    content {
      delay   = "5s"
      timeout = var.converge_timeout
    }
  }

  # How to handle updates/re-deployments
  update_config {
    # Parallelism must be the size of the count of instances, divided by the number of update waves
    # with a minimum of 1.
    # Confusingly, the max() function gives you the largest number of the two, so if the parallelism is 0, 1 will be greater.
    parallelism = max(1, ceil(var.parallelism / var.update_waves))

    # The order of stopping and starting containers.
    # Some containers can be run while the previous is still running (e.g web servers, anything ephemeral)
    # Some cannot have more than 1 instance running at the same time (e.g databases, anything concrete)
    order = var.start_first ? "start-first" : "stop-first"
  }

  # Ports and such
  endpoint_spec {
    dynamic "ports" {
      for_each = var.ports
      content {
        target_port    = ports.value.container
        published_port = ports.value.host
        protocol       = ports.value.protocol
        publish_mode   = ports.value.publish_mode
      }
    }
  }

  # Service Labels
  dynamic "labels" {
    for_each = local.merged_labels
    content {
      label = labels.key
      value = labels.value
    }
  }

  lifecycle {
    # Help prevent "this service already exists" irritations
    create_before_destroy = false
    #replace_triggered_by  = [terraform_data.conditional_build_hack["build"]]
  }
}
A whole bunch o' things. 2024-07-29 19:28:08 +00:00			`resource "docker_service" "instance" {`
			`# The name of the service is the stack name and the service name combined`
Everything moved again. 2024-11-23 04:06:26 +00:00			`name = local.service_name`
A whole bunch o' things. 2024-07-29 19:28:08 +00:00
Fix builder, add support for passing debug_path into configs so that they can be grouped into services 2024-12-26 14:40:11 +00:00			`#depends_on = [terraform_data.conditional_build_hack["build"]]`

A whole bunch o' things. 2024-07-29 19:28:08 +00:00			`# Define the task spec`
			`task_spec {`
			`container_spec {`
Working buildable, mirrorable images. 2024-12-10 01:02:22 +00:00			`image = local.image_fully_qualified`
A whole bunch o' things. 2024-07-29 19:28:08 +00:00			`command = var.command`
			`env = var.environment_variables`

shm support, maybe. 2025-02-14 20:33:15 +00:00			`# Mount the shm if needed`
			`dynamic "mounts" {`
			`for_each = docker_volume.shm`
			`content {`
			`source = docker_volume.shm[mounts.key].id`
			`target = "/dev/shm"`
			`type = "tmpfs"`
			`tmpfs_options {`
			`size_bytes = local.shm_bytes`
			`}`
			`read_only = false`
			`}`
			`}`

A whole bunch o' things. 2024-07-29 19:28:08 +00:00			`# Mount all the created volumes`
			`dynamic "mounts" {`
			`for_each = var.volumes`
			`content {`
Treafik woz 'ere 2024-11-26 09:50:53 +00:00			`source = docker_volume.volume[mounts.key].id`
			`target = mounts.value`
			`type = "volume"`
			`read_only = false # Nice assumption bro.`
A whole bunch o' things. 2024-07-29 19:28:08 +00:00			`}`
			`}`
Everything moved again. 2024-11-23 04:06:26 +00:00
			`# Mount all the volumes being remotely attached to the container`
Add volumes to outputs on docker-service 2024-11-22 08:17:29 +00:00			`dynamic "mounts" {`
			`for_each = var.remote_volumes`
			`content {`
Treafik woz 'ere 2024-11-26 09:50:53 +00:00			`source = mounts.value.id`
			`target = mounts.key`
			`type = "volume"`
			`read_only = false # Nice assumption bro.`
Add volumes to outputs on docker-service 2024-11-22 08:17:29 +00:00			`}`
			`}`
Everything moved again. 2024-11-23 04:06:26 +00:00
			`# Iterate through "mounts" to bind host paths to container paths`
Add support for configs and mounts. 2024-07-31 12:26:17 +00:00			`dynamic "mounts" {`
			`for_each = var.mounts`
			`content {`
Make pruner a module. 2024-11-24 09:50:28 +00:00			`source = mounts.key`
Treafik woz 'ere 2024-11-26 09:50:53 +00:00			`target = mounts.value`
Make pruner a module. 2024-11-24 09:50:28 +00:00			`type = "bind"`
			`read_only = false # Nice assumption bro.`
Add support for configs and mounts. 2024-07-31 12:26:17 +00:00			`}`
			`}`

Everything moved again. 2024-11-23 04:06:26 +00:00			`# Iterate through configs and attach the docker configs`
Add support for configs and mounts. 2024-07-31 12:26:17 +00:00			`dynamic "configs" {`
			`for_each = var.configs`
			`content {`
Everything moved again. 2024-11-23 04:06:26 +00:00			`config_id = module.config[configs.key].id`
			`config_name = module.config[configs.key].name`
Treafik woz 'ere 2024-11-26 09:50:53 +00:00			`file_name = configs.key`
Add support for configs and mounts. 2024-07-31 12:26:17 +00:00			`}`
			`}`
Tidy up of service behaviour 2025-01-06 09:45:37 +00:00			`dynamic "configs" {`
			`for_each = var.remote_configs`
			`content {`
			`config_id = configs.value.id`
			`config_name = configs.value.name`
			`file_name = configs.key`
			`}`
			`}`
Secrets support 2025-02-14 20:31:35 +00:00			`# Same for secrets`
			`dynamic "secrets" {`
			`for_each = var.secrets`
			`content {`
			`secret_id = module.secrets[secrets.key].id`
			`secret_name = module.secrets[secrets.key].name`
			`file_name = secrets.key`
			`}`
			`}`
A whole bunch o' things. 2024-07-29 19:28:08 +00:00
add ability to override dns configuration. 2024-08-01 17:29:56 +00:00			`# Allow overriding DNS server in use`
Prevent creating an empty dns_config when dns_nameservers is empty 2024-08-03 22:07:12 +00:00			`dynamic "dns_config" {`
			`for_each = var.dns_nameservers != null ? [{}] : []`
			`content {`
			`nameservers = var.dns_nameservers`
			`}`
add ability to override dns configuration. 2024-08-01 17:29:56 +00:00			`}`

Everything moved again. 2024-11-23 04:06:26 +00:00			`# Apply the healthcheck settings`
			`healthcheck {`
			`test = var.healthcheck != null ? var.healthcheck : []`
Add healthcheck inputs 2024-12-22 06:42:50 +00:00			`interval = var.healthcheck != null ? var.healthcheck_interval : "0s"`
			`timeout = var.healthcheck != null ? var.healthcheck_timeout : "0s"`
			`retries = var.healthcheck_retries`
			`start_period = var.healthcheck_start_period`
A whole bunch o' things. 2024-07-29 19:28:08 +00:00			`}`
Add archiveteam 2024-08-29 11:49:03 +00:00
Everything moved again. 2024-11-23 04:06:26 +00:00			`# Apply the list of Container Labels`
Add archiveteam 2024-08-29 11:49:03 +00:00			`dynamic "labels" {`
Debugging Traefik rules 2024-12-05 18:10:16 +00:00			`# Filter out null values`
Traefik basic auth + middlewares 2025-01-16 18:38:54 +00:00			`for_each = local.merged_labels`
Add archiveteam 2024-08-29 11:49:03 +00:00			`content {`
			`label = labels.key`
			`value = labels.value`
			`}`
			`}`
A whole bunch o' things. 2024-07-29 19:28:08 +00:00			`}`

			`# Apply the networks`
			`dynamic "networks_advanced" {`
Tidy up of service behaviour 2025-01-06 09:45:37 +00:00			`for_each = local.networks`
A whole bunch o' things. 2024-07-29 19:28:08 +00:00			`content {`
Treafik woz 'ere 2024-11-26 09:50:53 +00:00			`name = networks_advanced.value.id`
A whole bunch o' things. 2024-07-29 19:28:08 +00:00			`}`
			`}`
More useful stuff. 2024-07-30 02:08:50 +00:00
			`# Apply restart policy`
A whole bunch o' things. 2024-07-29 19:28:08 +00:00			`restart_policy {`
Everything moved again. 2024-11-23 04:06:26 +00:00			`condition = var.one_shot ? "none" : var.restart_policy`
Treafik woz 'ere 2024-11-26 09:50:53 +00:00			`delay = var.restart_delay`
A whole bunch o' things. 2024-07-29 19:28:08 +00:00			`window = "0s"`
			`max_attempts = 0`
			`}`

Treafik woz 'ere 2024-11-26 09:50:53 +00:00			`# Apply the placement constraints`
A whole bunch o' things. 2024-07-29 19:28:08 +00:00			`placement {`
Treafik woz 'ere 2024-11-26 09:50:53 +00:00			`max_replicas = var.parallelism_per_node`
			`constraints = var.placement_constraints`
Improvements mostly to registry 2025-05-03 00:20:41 +00:00			`dynamic "platforms" {`
			`for_each = var.processor_architecture != null && var.operating_system != null ? [{}] : []`
			`content {`
			`architecture = var.processor_architecture`
			`os = var.operating_system`
			`}`
A whole bunch o' things. 2024-07-29 19:28:08 +00:00			`}`
			`}`
Treafik woz 'ere 2024-11-26 09:50:53 +00:00
			`# Apply the resource limits and reservations`
			`resources {`
			`limits {`
			`memory_bytes = var.limit_ram_mb != null ? 1024 * 1024 * var.limit_ram_mb : 0`
			`nano_cpus = var.limit_cpu != null ? (1000000000 / 100) * var.limit_cpu : 0`
			`}`
			`reservation {`
			`memory_bytes = var.reserved_ram_mb != null ? 1024 * 1024 * var.reserved_ram_mb : 0`
			`nano_cpus = var.reserved_cpu != null ? (1000000000 / 100) * var.reserved_cpu : 0`
			`}`
			`}`
A whole bunch o' things. 2024-07-29 19:28:08 +00:00			`}`

			`# Global deploy`
			`dynamic "mode" {`
			`for_each = var.global ? [{}] : []`
			`content {`
			`global = true`
			`}`
			`}`
			`# Or replicated deploy`
			`dynamic "mode" {`
			`for_each = !var.global ? [{}] : []`
			`content {`
			`replicated {`
Add enable flag 2025-01-21 19:12:09 +00:00			`replicas = var.enable ? var.parallelism : 0`
A whole bunch o' things. 2024-07-29 19:28:08 +00:00			`}`
			`}`
			`}`

Everything moved again. 2024-11-23 04:06:26 +00:00			`# Behaviour regarding startup and delaying/waiting.`
			`# Converging is not possible when:`
			`# * in global deploy mode`
			`# * in one-shot mode`
			`# * converging is disabled`
			`# * the service does not have a well-defined healthcheck, maybe you should add one to the service, or to the container itself ideally.`
A whole bunch o' things. 2024-07-29 19:28:08 +00:00			`dynamic "converge_config" {`
Everything moved again. 2024-11-23 04:06:26 +00:00			`for_each = var.converge_enable && !var.global && !var.one_shot ? [{}] : []`
A whole bunch o' things. 2024-07-29 19:28:08 +00:00			`content {`
			`delay = "5s"`
fmt 2024-09-23 21:45:34 +00:00			`timeout = var.converge_timeout`
A whole bunch o' things. 2024-07-29 19:28:08 +00:00			`}`
			`}`

			`# How to handle updates/re-deployments`
			`update_config {`
Fix a snafu with update parallelism being allowed to drop to 0, which is nonsense. 2024-08-01 15:53:48 +00:00			`# Parallelism must be the size of the count of instances, divided by the number of update waves`
			`# with a minimum of 1.`
			`# Confusingly, the max() function gives you the largest number of the two, so if the parallelism is 0, 1 will be greater.`
whitespace and formatting 2024-08-01 17:12:28 +00:00			`parallelism = max(1, ceil(var.parallelism / var.update_waves))`
Fix a snafu with update parallelism being allowed to drop to 0, which is nonsense. 2024-08-01 15:53:48 +00:00
			`# The order of stopping and starting containers.`
			`# Some containers can be run while the previous is still running (e.g web servers, anything ephemeral)`
			`# Some cannot have more than 1 instance running at the same time (e.g databases, anything concrete)`
whitespace and formatting 2024-08-01 17:12:28 +00:00			`order = var.start_first ? "start-first" : "stop-first"`
A whole bunch o' things. 2024-07-29 19:28:08 +00:00			`}`

			`# Ports and such`
			`endpoint_spec {`
			`dynamic "ports" {`
			`for_each = var.ports`
			`content {`
Tidy up port control 2024-07-31 14:13:06 +00:00			`target_port = ports.value.container`
			`published_port = ports.value.host`
			`protocol = ports.value.protocol`
ports declarations should support publish_mode 2025-03-03 15:23:32 +00:00			`publish_mode = ports.value.publish_mode`
A whole bunch o' things. 2024-07-29 19:28:08 +00:00			`}`
			`}`
			`}`

			`# Service Labels`
Everything moved again. 2024-11-23 04:06:26 +00:00			`dynamic "labels" {`
Traefik basic auth + middlewares 2025-01-16 18:38:54 +00:00			`for_each = local.merged_labels`
Everything moved again. 2024-11-23 04:06:26 +00:00			`content {`
			`label = labels.key`
			`value = labels.value`
			`}`
Add support for configs and mounts. 2024-07-31 12:26:17 +00:00			`}`
Help prevent "this service already exists" irritations 2024-11-26 10:25:58 +00:00
			`lifecycle {`
			`# Help prevent "this service already exists" irritations`
			`create_before_destroy = false`
Fix builder, add support for passing debug_path into configs so that they can be grouped into services 2024-12-26 14:40:11 +00:00			`#replace_triggered_by = [terraform_data.conditional_build_hack["build"]]`
Help prevent "this service already exists" irritations 2024-11-26 10:25:58 +00:00			`}`
Add support for configs and mounts. 2024-07-31 12:26:17 +00:00			`}`
No results found.