Sidecar Container
Sidecar
Sidecar defines a structure for creating Docker containers
resource "sidecar" "name" {
...
}
Attributes
Target target
required
type: Reference to Container
```hcl target = resource.container.ubuntu ```
Image image
required
type: block
Image
Image defines a Docker image to use when creating the container.
image {
name = "envoy:latest"
}
Entrypoint entrypoint
type: []string
Entrypoint for the container, if not set, Jumppad starts the container using the entrypoint defined in the Docker image.
entrypoint = "/bin/bash"
Command command
type: []string
Command allows you to specify a command to execute when starting a container. Command is specified as an array of strings, each part of the command is a separate string.
For example, to start a container and follow logs at /dev/null the following command could be used.
command = [
"tail",
"-f",
"/dev/null"
]
Environment environment
type: map[string]string
Allows you to set environment variables in the container.
environment = {
PATH = "/user/local/bin"
}
Labels labels
type: map[string]string
Labels to apply to the container
labels = {
key = "value"
}
Volumes volume
type: []block
Volume
A volume allows you to specify a local volume which is mounted to the container when it is created. This stanza can be specified multiple times.
volume {
source = "./"
destination = "/files"
}
Privileged privileged
type: bool
Should the container run in Docker privileged mode?
privileged = true
Resources resources
type: block
Resources
Define resource constraints for the container
resources {
cpu = 100
memory = 1024
}
HealthCheck health_check
type: block
HealthCheckContainer
Define a health check for the container, the resource will only be marked as successfully created when the health check passes.
health_check {
timeout = "30s"
http {
address = "http://localhost:8500/v1/status/leader"
success_codes = [200]
}
tcp {
address = "localhost:8500"
}
exec {
script = <<-EOF
#!/bin/bash
curl "http://localhost:9090"
EOF
}
}
MaxRestartCount max_restart_count
type: int
The maximum number of times a container will be restarted when it exits with a status code other than 0
max_restart_count = 3
Computed Attributes
These attributes are computed when the config is parsed and applied, and are therefore only known at parsetime or runtime.
Meta ID meta.id
string
The full ID of the resource e.g. `resource.type.name`. This is computed from the full resource path:
// given the following resource
resource "container" "ubuntu" {
...
}
// the resulting id will be
resource.container.ubuntu
Meta Type meta.type
string
The type of the resource. This taken from the type label of the resource definition.
// given the following resource
resource "container" "ubuntu" {
...
}
// the resulting type will be
container
Meta Name meta.name
string
The name of the resource. This taken from the name label of the resource definition.
// given the following resource
resource "container" "ubuntu" {
...
}
// the resulting name will be
ubuntu
ContainerName container_name
type: string
Fully qualified resource name for the container the sidecar is linked to, this can be used to access the sidecar from other sources.
name.container.local.jmpd.in
Image
Image defines a Docker image used when creating this container. An Image can be stored in a public or a private repository.
container {
image {
...
}
}
Attributes
Name name
required
type: string
Name of the image to use when creating the container, can either be the full canonical name or short name for Docker official images. e.g. `consul:v1.6.1` or `docker.io/consul:v1.6.1`.
name = "redis:latest"
Username username
type: string
Username to use when connecting to a private image repository
username = "my_username"
Password password
type: string
Password to use when connecting to a private image repository, for both username and password interpolated environment variables can be used in place of static values.
password = "my_password"
Computed Attributes
These attributes are computed when the config is parsed and applied, and are therefore only known at parsetime or runtime.
ID id
type: string
ID is the unique identifier for the image, this is independent of tag and changes each time the image is built. An image that has been tagged multiple times also shares the same ID. ID string `hcl:"id,optional" json:"id,omitempty"`
Volume
A volume type allows the specification of an attached volume.
container {
volume {
...
}
}
Attributes
Source source
required
type: string
The source volume to mount in the container, can be specified as a relative `./` or absolute path `/usr/local/bin`. Relative paths are relative to the file declaring the container.
source = "./files/nginx"
Destination destination
required
type: string
The destination in the container to mount the volume to, must be an absolute path.
destination = "/etc/nginx"
Type type
type: string
The type of the mount, can be one of the following values:
bind: bind the source path to the destination path in the container
volume: source is a Docker volume
tmpfs: create a temporary filesystem
type = "bind"
ReadOnly read_only
type: bool
Whether or not the volume is read only.
read_only = true
BindPropagation bind_propagation
type: string
Configures bind propagation for Docker volume mounts, only applies to bind mounts, can be one of the following values:
shared
slave
private
rslave
rprivate
For more information please see the Docker documentation https://docs.docker.com/storage/bind-mounts/#configure-bind-propagation
bind_propagation = "shared"
BindPropagationNonRecursive bind_propagation_non_recursive
type: bool
Configures recursiveness of the bind mount.
By default Docker mounts with the equivalent of mount --rbind
meaning that mounts below the the source directory are visible in the container.
or instance running docker run --rm --mount type=bind,src=/,target=/host,readonly
busybox will make /run
of the host available as/host/run
in the container. To make matters even worse it will be writable (since only the toplevel bind is set readonly, not the children).
If bind_propagation_non_recursive
is set to true then the container will only see an empty /host/run
, meaning thetmpfs
which is typically mounted to /run
on the host is not propagated into the container.
bind_propagation_non_recursive = true
SelinuxRelabel selinux_relabel
type: string
Configures Selinux relabeling for the container (usually specified as :z or :Z) and can be one of the following values:
shared (Equivalent to :z)
private (Equivalent to :Z)
selinux_relabel = "shared"
Computed Attributes
These attributes are computed when the config is parsed and applied, and are therefore only known at parsetime or runtime.
Resources
A resources type allows you to configure the maximum resources which can be consumed.
container {
resources {
...
}
}
Attributes
CPU cpu
type: int
Set the maximum CPU which can be consumed by the container in MHz, 1 CPU == 1000MHz.
cpu = 100
CPUPin cpu_pin
type: []int
Pin the container CPU consumption to one or more logical CPUs. For example to pin the container to the core 1 and 4.
cpi_pin = [1,4]
Memory memory
type: int
Maximum memory which a container can consume, specified in Megabytes.
memory = 2048
GPU gpu
type: block
GPU
GPU settings to pass through to container
gpu {
driver = "nvidia"
device_ids = ["0", "1"]
}
Computed Attributes
These attributes are computed when the config is parsed and applied, and are therefore only known at parsetime or runtime.
HealthCheckContainer
A health_check
stanza allows the definition of a health check which must pass before the container is marked as successfully created.
There are three different types of healthcheck http
, tcp
, and exec
, these are not mutually exclusive, it is possible to define more than one health check.
Health checks are executed sequentially, if one health check fails, the following checks are not executed. The execution order is http
, tcp
, exec
.
health_check {
...
}
Attributes
Timeout timeout
required
type: string
The maximum duration to wait before marking the health check as failed. Expressed as a Go duration, e.g. `1s` = 1 second, `100ms` = 100 milliseconds.
timeout = "60s"
HTTP http
type: []block
HealthCheckHTTP
HTTP Health Check block defining the address to check and expected status codes.
Can be specified more than once.
http {
address = "localhost:8500"
}
TCP tcp
type: []block
HealthCheckTCP
TCP Health Check block defining the address to test.
Can be specified more than once.
tcp {
address = "localhost:8500"
}
Exec exec
type: []block
HealthCheckExec
Exec Health Check block defining either a command to run in the current container, or a script to execute.
Can be specified more than once.
exec {
command = ["pg_isready"]
}
Computed Attributes
These attributes are computed when the config is parsed and applied, and are therefore only known at parsetime or runtime.
HealthCheckHTTP
A HTTP health check executes an HTTP request for the given address and evaluates the response against the expected success_codes
.
If the reponse matches any of the given codes the check passes.
health_check {
http {
...
}
}
Attributes
Address address
required
type: string
The URL to check, health check expects a HTTP status code to be returned by the URL in order to pass the health check.
address = "http://localhost:8500/v1/status/leader"
Method method
type: string
HTTP method to use when executing the check
method = "POST"
Body body
type: string
HTTP body to send with the request
body = <<-EOF
{
{"test": "123"}
}
EOF
Headers headers
type: map[string]string
HTTP headers to send with the check
headers = {
"X-Auth-Token": ["abc123"]
}
SuccessCodes success_codes
type: []int
HTTP status codes returned from the endpoint when called. If the returned status code matches any in the array then the health check will pass.
success_codes = [200, 403]
Computed Attributes
These attributes are computed when the config is parsed and applied, and are therefore only known at parsetime or runtime.
HealthCheckTCP
A TCP health check attempts to open a connection to the given address. If a connection can be opened then the check passes.
health_check {
tcp {
...
}
}
Attributes
Address address
required
type: string
The adress to check.
address = "localhost:8500"
Computed Attributes
These attributes are computed when the config is parsed and applied, and are therefore only known at parsetime or runtime.
HealthCheckExec
Exec health checks allow you to execute a command or script in the current container. If the command or script receives an exit code 0 the check passes.
health_check {
exec {
...
}
}
Attributes
Command command
type: []string
The command to execute, the command is run in the target container.
command = ["pg_isready"]
Script script
type: string
A script to execute in the target container, the script is coppied to the container into the /tmp directory and is then executed.
script = <<-EOF
#!/bin/bash
FILE=/etc/resolv.conf
if [ -f "$FILE" ]; then
echo "$FILE exists."
fi
EOF
ExitCode exit_code
type: int
ExitCode to mark a successful check, default 0
exit_code = 0
Computed Attributes
These attributes are computed when the config is parsed and applied, and are therefore only known at parsetime or runtime.
Last updated