terraform-portainer/docker-portainer-ui/ui.tf

resource "random_password" "password" {
  length = 32
}
resource "random_password" "salt" {
  length = 8
}
resource "htpasswd_password" "hash" {
  password = random_password.password.result
  salt     = random_password.salt.result
}
data "docker_registry_image" "portainer_app" {
  name = "portainer/portainer-ce:${var.portainer.version}"
}
resource "docker_volume" "portainer" {
  name = var.docker.name
}
resource "docker_service" "portainer" {
  name = var.docker.name
  mode {
    replicated {
      replicas = 1
    }
  }
  task_spec {
    container_spec {
      image = "${data.docker_registry_image.portainer_app.name}@${data.docker_registry_image.portainer_app.sha256_digest}"
      command = [
        "/portainer",
        //"--edge-compute",
        "--logo", coalesce(var.portainer.logo),
        "--admin-password", htpasswd_password.hash.bcrypt,
      ]
      #mounts {
      #  target    = "/data"
      #  source    = "/portainer"
      #  read_only = false
      #  type      = "bind"
      #}
      mounts {
        target    = "/data"
        source    = docker_volume.portainer.name
        type      = "volume"
        read_only = false
      }
      #mounts {
      #  target    = "/var/run/docker.sock"
      #  source    = "/var/run/docker.sock"
      #  read_only = false
      #  type      = "bind"
      #}
      labels {
        label = "com.docker.stack.namespace"
        value = var.docker.stack_name
      }
    }
    dynamic "networks_advanced" {
      for_each = var.docker.networks
      content {
        name = networks_advanced.value.id
      }
    }
    restart_policy {
      condition    = "on-failure"
      delay        = "3s"
      max_attempts = 4
      window       = "10s"
    }
    placement {
      constraints = [
        "node.role == manager",
        "node.platform.os == linux",
      ]
    }
  }
  #endpoint_spec {
  #  ports {
  #    target_port    = 9000
  #    publish_mode   = "ingress"
  #    published_port = 9000
  #  }
  #  ports {
  #    target_port    = 8000
  #    publish_mode   = "ingress"
  #    published_port = 8000
  #  }
  #}
  update_config {
    # Portainer gets super fuckin' upset if you start a second instance while the first is holding the db lock
    order = "stop-first"
  }

  labels {
    label = "com.docker.stack.namespace"
    value = var.docker.stack_name
  }
  labels {
    label = "com.docker.stack.image"
    value = replace(data.docker_registry_image.portainer_app.name, "/:.*/", "")
  }
  lifecycle {
    ignore_changes = [
      # MB: This is a hack because terraform keeps detecting a "change" in the placement->platform constraint that doesn't exist.
      task_spec[0].placement[0].platforms
    ]
  }
}
initial commit 2024-06-21 15:52:01 +00:00			`resource "random_password" "password" {`
			`length = 32`
			`}`
			`resource "random_password" "salt" {`
			`length = 8`
			`}`
			`resource "htpasswd_password" "hash" {`
			`password = random_password.password.result`
			`salt = random_password.salt.result`
			`}`
			`data "docker_registry_image" "portainer_app" {`
			`name = "portainer/portainer-ce:${var.portainer.version}"`
			`}`
			`resource "docker_volume" "portainer" {`
			`name = var.docker.name`
			`}`
			`resource "docker_service" "portainer" {`
			`name = var.docker.name`
			`mode {`
			`replicated {`
			`replicas = 1`
			`}`
			`}`
			`task_spec {`
			`container_spec {`
			`image = "${data.docker_registry_image.portainer_app.name}@${data.docker_registry_image.portainer_app.sha256_digest}"`
			`command = [`
			`"/portainer",`
			`//"--edge-compute",`
			`"--logo", coalesce(var.portainer.logo),`
			`"--admin-password", htpasswd_password.hash.bcrypt,`
			`]`
			`#mounts {`
			`# target = "/data"`
			`# source = "/portainer"`
			`# read_only = false`
			`# type = "bind"`
			`#}`
			`mounts {`
			`target = "/data"`
			`source = docker_volume.portainer.name`
			`type = "volume"`
			`read_only = false`
			`}`
			`#mounts {`
			`# target = "/var/run/docker.sock"`
			`# source = "/var/run/docker.sock"`
			`# read_only = false`
			`# type = "bind"`
			`#}`
			`labels {`
			`label = "com.docker.stack.namespace"`
			`value = var.docker.stack_name`
			`}`
			`}`
			`dynamic "networks_advanced" {`
			`for_each = var.docker.networks`
			`content {`
			`name = networks_advanced.value.id`
			`}`
			`}`
			`restart_policy {`
			`condition = "on-failure"`
			`delay = "3s"`
			`max_attempts = 4`
			`window = "10s"`
			`}`
			`placement {`
			`constraints = [`
			`"node.role == manager",`
			`"node.platform.os == linux",`
			`]`
			`}`
			`}`
			`#endpoint_spec {`
			`# ports {`
			`# target_port = 9000`
			`# publish_mode = "ingress"`
			`# published_port = 9000`
			`# }`
			`# ports {`
			`# target_port = 8000`
			`# publish_mode = "ingress"`
			`# published_port = 8000`
			`# }`
			`#}`
			`update_config {`
			`# Portainer gets super fuckin' upset if you start a second instance while the first is holding the db lock`
			`order = "stop-first"`
			`}`

			`labels {`
			`label = "com.docker.stack.namespace"`
			`value = var.docker.stack_name`
			`}`
			`labels {`
			`label = "com.docker.stack.image"`
			`value = replace(data.docker_registry_image.portainer_app.name, "/:.*/", "")`
			`}`
			`lifecycle {`
			`ignore_changes = [`
			`# MB: This is a hack because terraform keeps detecting a "change" in the placement->platform constraint that doesn't exist.`
			`task_spec[0].placement[0].platforms`
			`]`
			`}`
			`}`