From b8ef2ad115dbd92a76fc2750cd853ab0ec69160d Mon Sep 17 00:00:00 2001 From: Paolo Cerletti Date: Thu, 8 Apr 2021 12:40:05 +0200 Subject: [PATCH 1/2] precommit hooks update --- .pre-commit-config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 41408bd..ec35b38 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -3,11 +3,11 @@ repos: - id: terraform_docs - id: terraform_fmt repo: https://github.com/antonbabenko/pre-commit-terraform.git - rev: v1.11.0 + rev: v1.48.0 - hooks: - id: go-fmt - id: go-lint exclude: vendor repo: https://github.com/dnephin/pre-commit-golang.git - rev: v0.3.3 + rev: v0.3.5 From 73e6df51ec4038fd959a0ff20ecd24ff0bb36b5a Mon Sep 17 00:00:00 2001 From: Paolo Cerletti Date: Thu, 8 Apr 2021 15:37:57 +0200 Subject: [PATCH 2/2] added dedicated variables for task cpu and memory --- README.md | 124 ++++++++++-------- .../outputs.tf | 2 +- main.tf | 4 +- modules/merge/README.md | 21 ++- modules/merge/outputs.tf | 2 +- variables.tf | 14 +- 6 files changed, 104 insertions(+), 63 deletions(-) diff --git a/README.md b/README.md index 6cb8a29..7876245 100644 --- a/README.md +++ b/README.md @@ -106,72 +106,90 @@ Invoking the commands defined below creates an ECS task definition with the foll By default, this module creates a task definition with a single container definition. To create a task definition with multiple container definitions, refer to the documentation of the [`merge`](modules/merge) module. +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 0.12 | + ## Providers | Name | Version | |------|---------| -| aws | n/a | -| template | n/a | +| [aws](#provider\_aws) | n/a | +| [template](#provider\_template) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_ecs_task_definition.ecs_task_definition](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition) | resource | +| [template_file.container_definition](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source | ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:-----:| -| command | The command that is passed to the container | `list(string)` | `[]` | no | -| cpu | The number of cpu units reserved for the container | `number` | `0` | no | -| disableNetworking | When this parameter is true, networking is disabled within the container | `bool` | `false` | no | -| dnsSearchDomains | A list of DNS search domains that are presented to the container | `list(string)` | `[]` | no | -| dnsServers | A list of DNS servers that are presented to the container | `list(string)` | `[]` | no | -| dockerLabels | A key/value map of labels to add to the container | `map(string)` | `{}` | no | -| dockerSecurityOptions | A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems | `list(string)` | `[]` | no | -| entryPoint | The entry point that is passed to the container | `list(string)` | `[]` | no | -| environment | The environment variables to pass to a container | `list(map(string))` | `[]` | no | -| essential | If the essential parameter of a container is marked as true, and that container fails or stops for any reason, all other containers that are part of the task are stopped | `bool` | `true` | no | -| execution\_role\_arn | The Amazon Resource Name (ARN) of the task execution role that the Amazon ECS container agent and the Docker daemon can assume | `string` | `""` | no | -| extraHosts | A list of hostnames and IP address mappings to append to the /etc/hosts file on the container | `list(string)` | `[]` | no | -| family | You must specify a family for a task definition, which allows you to track multiple versions of the same task definition | `any` | n/a | yes | -| healthCheck | The health check command and associated configuration parameters for the container | `any` | `{}` | no | -| hostname | The hostname to use for your container | `string` | `""` | no | -| image | The image used to start a container | `string` | `""` | no | -| interactive | When this parameter is true, this allows you to deploy containerized applications that require stdin or a tty to be allocated | `bool` | `false` | no | -| ipc\_mode | The IPC resource namespace to use for the containers in the task | `string` | `"host"` | no | -| links | The link parameter allows containers to communicate with each other without the need for port mappings | `list(string)` | `[]` | no | -| linuxParameters | Linux-specific modifications that are applied to the container, such as Linux KernelCapabilities | `any` | `{}` | no | -| logConfiguration | The log configuration specification for the container | `any` | `{}` | no | -| memory | The hard limit (in MiB) of memory to present to the container | `number` | `0` | no | -| memoryReservation | The soft limit (in MiB) of memory to reserve for the container | `number` | `0` | no | -| mountPoints | The mount points for data volumes in your container | `list(any)` | `[]` | no | -| name | The name of a container | `string` | `""` | no | -| network\_mode | The Docker networking mode to use for the containers in the task | `string` | `"bridge"` | no | -| pid\_mode | The process namespace to use for the containers in the task | `string` | `"host"` | no | -| placement\_constraints | An array of placement constraint objects to use for the task | `list(string)` | `[]` | no | -| portMappings | The list of port mappings for the container | `list(any)` | `[]` | no | -| privileged | When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user) | `bool` | `false` | no | -| pseudoTerminal | When this parameter is true, a TTY is allocated | `bool` | `false` | no | -| readonlyRootFilesystem | When this parameter is true, the container is given read-only access to its root file system | `bool` | `false` | no | -| register\_task\_definition | Registers a new task definition from the supplied family and containerDefinitions | `bool` | `true` | no | -| repositoryCredentials | The private repository authentication credentials to use | `map(string)` | `{}` | no | -| requires\_compatibilities | The launch type required by the task | `list(string)` | `[]` | no | -| resourceRequirements | The type and amount of a resource to assign to a container | `list(string)` | `[]` | no | -| secrets | The secrets to pass to the container | `list(map(string))` | `[]` | no | -| systemControls | A list of namespaced kernel parameters to set in the container | `list(string)` | `[]` | no | -| tags | The metadata that you apply to the task definition to help you categorize and organize them | `map(string)` | `{}` | no | -| task\_role\_arn | The short name or full Amazon Resource Name (ARN) of the IAM role that containers in this task can assume | `string` | `""` | no | -| ulimits | A list of ulimits to set in the container | `list(any)` | `[]` | no | -| user | The user name to use inside the container | `string` | `""` | no | -| volumes | A list of volume definitions in JSON format that containers in your task may use | `list(any)` | `[]` | no | -| volumesFrom | Data volumes to mount from another container | `list(object)` | `[]` | no | -| workingDirectory | The working directory in which to run commands inside the container | `string` | `""` | no | +|------|-------------|------|---------|:--------:| +| [command](#input\_command) | The command that is passed to the container | `list(string)` | `[]` | no | +| [cpu](#input\_cpu) | The number of cpu units reserved for the container | `number` | `0` | no | +| [disableNetworking](#input\_disableNetworking) | When this parameter is true, networking is disabled within the container | `bool` | `false` | no | +| [dnsSearchDomains](#input\_dnsSearchDomains) | A list of DNS search domains that are presented to the container | `list(string)` | `[]` | no | +| [dnsServers](#input\_dnsServers) | A list of DNS servers that are presented to the container | `list(string)` | `[]` | no | +| [dockerLabels](#input\_dockerLabels) | A key/value map of labels to add to the container | `map(string)` | `{}` | no | +| [dockerSecurityOptions](#input\_dockerSecurityOptions) | A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems | `list(string)` | `[]` | no | +| [entryPoint](#input\_entryPoint) | The entry point that is passed to the container | `list(string)` | `[]` | no | +| [environment](#input\_environment) | The environment variables to pass to a container | `list(map(string))` | `[]` | no | +| [essential](#input\_essential) | If the essential parameter of a container is marked as true, and that container fails or stops for any reason, all other containers that are part of the task are stopped | `bool` | `true` | no | +| [execution\_role\_arn](#input\_execution\_role\_arn) | The Amazon Resource Name (ARN) of the task execution role that the Amazon ECS container agent and the Docker daemon can assume | `string` | `""` | no | +| [extraHosts](#input\_extraHosts) | A list of hostnames and IP address mappings to append to the /etc/hosts file on the container | 
list(object({
    ipAddress = string
    hostname  = string
  }))
| `[]` | no | +| [family](#input\_family) | You must specify a family for a task definition, which allows you to track multiple versions of the same task definition | `any` | n/a | yes | +| [healthCheck](#input\_healthCheck) | The health check command and associated configuration parameters for the container | `any` | `{}` | no | +| [hostname](#input\_hostname) | The hostname to use for your container | `string` | `""` | no | +| [image](#input\_image) | The image used to start a container | `string` | `""` | no | +| [interactive](#input\_interactive) | When this parameter is true, this allows you to deploy containerized applications that require stdin or a tty to be allocated | `bool` | `false` | no | +| [ipc\_mode](#input\_ipc\_mode) | The IPC resource namespace to use for the containers in the task | `any` | `null` | no | +| [links](#input\_links) | The link parameter allows containers to communicate with each other without the need for port mappings | `list(string)` | `[]` | no | +| [linuxParameters](#input\_linuxParameters) | Linux-specific modifications that are applied to the container, such as Linux KernelCapabilities | `any` | `{}` | no | +| [logConfiguration](#input\_logConfiguration) | The log configuration specification for the container | `any` | `{}` | no | +| [memory](#input\_memory) | The hard limit (in MiB) of memory to present to the container | `number` | `512` | no | +| [memoryReservation](#input\_memoryReservation) | The soft limit (in MiB) of memory to reserve for the container | `number` | `0` | no | +| [mountPoints](#input\_mountPoints) | The mount points for data volumes in your container | `list(any)` | `[]` | no | +| [name](#input\_name) | The name of a container | `string` | `""` | no | +| [network\_mode](#input\_network\_mode) | The Docker networking mode to use for the containers in the task | `string` | `"bridge"` | no | +| [pid\_mode](#input\_pid\_mode) | The process namespace to use for the containers in the task | `any` | `null` | no | +| [placement\_constraints](#input\_placement\_constraints) | An array of placement constraint objects to use for the task | 
list(object({
    type       = string
    expression = string
  }))
| `[]` | no | +| [portMappings](#input\_portMappings) | The list of port mappings for the container | `list(any)` | `[]` | no | +| [privileged](#input\_privileged) | When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user) | `bool` | `false` | no | +| [pseudoTerminal](#input\_pseudoTerminal) | When this parameter is true, a TTY is allocated | `bool` | `false` | no | +| [readonlyRootFilesystem](#input\_readonlyRootFilesystem) | When this parameter is true, the container is given read-only access to its root file system | `bool` | `false` | no | +| [register\_task\_definition](#input\_register\_task\_definition) | Registers a new task definition from the supplied family and containerDefinitions | `bool` | `true` | no | +| [repositoryCredentials](#input\_repositoryCredentials) | The private repository authentication credentials to use | `map(string)` | `{}` | no | +| [requires\_compatibilities](#input\_requires\_compatibilities) | The launch type required by the task | `list(string)` | `[]` | no | +| [resourceRequirements](#input\_resourceRequirements) | The type and amount of a resource to assign to a container | `list(string)` | `[]` | no | +| [secrets](#input\_secrets) | The secrets to pass to the container | `list(map(string))` | `[]` | no | +| [systemControls](#input\_systemControls) | A list of namespaced kernel parameters to set in the container | `list(string)` | `[]` | no | +| [tags](#input\_tags) | The metadata that you apply to the task definition to help you categorize and organize them | `map(string)` | `{}` | no | +| [taskCpu](#input\_taskCpu) | The number of cpu units limited for the task. Required for Fargate. _null_ to disable | `number` | `256` | no | +| [taskMemory](#input\_taskMemory) | Memory (in MiB) for the task. Required for Fargate. _null_ to disable | `number` | `256` | no | +| [task\_role\_arn](#input\_task\_role\_arn) | The short name or full Amazon Resource Name (ARN) of the IAM role that containers in this task can assume | `string` | `""` | no | +| [ulimits](#input\_ulimits) | A list of ulimits to set in the container | `list(any)` | `[]` | no | +| [user](#input\_user) | The user name to use inside the container | `string` | `""` | no | +| [volumes](#input\_volumes) | A list of volume definitions in JSON format that containers in your task may use | `list(any)` | `[]` | no | +| [volumesFrom](#input\_volumesFrom) | Data volumes to mount from another container | 
list(object({
    readOnly        = bool
    sourceContainer = string
  }))
| `[]` | no | +| [workingDirectory](#input\_workingDirectory) | The working directory in which to run commands inside the container | `string` | `""` | no | ## Outputs | Name | Description | |------|-------------| -| arn | The full Amazon Resource Name (ARN) of the task definition | -| container\_definitions | A list of container definitions in JSON format that describe the different containers that make up your task | -| family | The family of your task definition, used as the definition name | -| revision | The revision of the task in a particular family | - +| [arn](#output\_arn) | The full Amazon Resource Name (ARN) of the task definition | +| [container\_definitions](#output\_container\_definitions) | A list of container definitions in JSON format that describe the different containers that make up your task | +| [family](#output\_family) | The family of your task definition, used as the definition name | +| [revision](#output\_revision) | The revision of the task in a particular family | ## Testing diff --git a/examples/terraform-task-definition-multiple-containers/outputs.tf b/examples/terraform-task-definition-multiple-containers/outputs.tf index e71ab8e..6a96923 100644 --- a/examples/terraform-task-definition-multiple-containers/outputs.tf +++ b/examples/terraform-task-definition-multiple-containers/outputs.tf @@ -1,3 +1,3 @@ output "container_definitions" { - value = "${module.merged.container_definitions}" + value = module.merged.container_definitions } diff --git a/main.tf b/main.tf index 887ea2d..d73563a 100644 --- a/main.tf +++ b/main.tf @@ -137,8 +137,8 @@ resource "aws_ecs_task_definition" "ecs_task_definition" { pid_mode = var.pid_mode # Fargate requires cpu and memory to be defined at the task level - cpu = var.cpu - memory = var.memory + cpu = var.taskCpu + memory = var.taskMemory dynamic "placement_constraints" { for_each = var.placement_constraints diff --git a/modules/merge/README.md b/modules/merge/README.md index 2d42b7b..21997fd 100644 --- a/modules/merge/README.md +++ b/modules/merge/README.md @@ -115,20 +115,31 @@ resource "aws_ecs_task_definition" "hello_world" { **Note:** The `register_task_definition` flag for both task definitions is required; otherwise a task definition containing a single container definition is registered created for both the `wordpress` and `mysql` services. +## Requirements + +No requirements. + ## Providers -No provider. +No providers. + +## Modules + +No modules. + +## Resources + +No resources. ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|------|---------|:-----:| -| container\_definitions | A list of container definitions in JSON format that describe the different containers that make up your task | `list` | `[]` | no | +|------|-------------|------|---------|:--------:| +| [container\_definitions](#input\_container\_definitions) | A list of container definitions in JSON format that describe the different containers that make up your task | `list` | `[]` | no | ## Outputs | Name | Description | |------|-------------| -| container\_definitions | A list of container definitions in JSON format that describe the different containers that make up your task | - +| [container\_definitions](#output\_container\_definitions) | A list of container definitions in JSON format that describe the different containers that make up your task | diff --git a/modules/merge/outputs.tf b/modules/merge/outputs.tf index 398255f..240ca50 100644 --- a/modules/merge/outputs.tf +++ b/modules/merge/outputs.tf @@ -1,4 +1,4 @@ output "container_definitions" { description = "A list of container definitions in JSON format that describe the different containers that make up your task" - value = "${format("[%s]", join(",", var.container_definitions))}" + value = format("[%s]", join(",", var.container_definitions)) } diff --git a/variables.tf b/variables.tf index b34b1f2..3c687c6 100644 --- a/variables.tf +++ b/variables.tf @@ -8,7 +8,7 @@ variable "command" { } variable "cpu" { - default = 256 + default = 0 description = "The number of cpu units reserved for the container" type = number } @@ -225,6 +225,17 @@ variable "tags" { type = map(string) } +variable "taskCpu" { + default = 256 + description = "The number of cpu units limited for the task. Required for Fargate. _null_ to disable" + type = number +} + +variable "taskMemory" { + default = 256 + description = "Memory (in MiB) for the task. Required for Fargate. _null_ to disable" + type = number +} variable "task_role_arn" { default = "" description = "The short name or full Amazon Resource Name (ARN) of the IAM role that containers in this task can assume" @@ -261,3 +272,4 @@ variable "workingDirectory" { default = "" description = "The working directory in which to run commands inside the container" } +