resource "docker_container" "{{.Node.DockerName}}-{{.Workload.ID.TFString}}-sidecar" { name = "{{.Node.DockerName}}-{{.Workload.ID.TFString}}-sidecar" network_mode = "container:${docker_container.{{.PodName}}.id}" image = docker_image.{{.ImageResource}}.image_id restart = "on-failure" {{- range $k, $v := .Labels }} labels { label = "{{ $k }}" value = "{{ $v }}" } {{- end }} volumes { volume_name = "{{.TLSVolumeName}}" container_path = "/consul/config/certs" read_only = true } command = [ "consul", "connect", "envoy", "-sidecar-for={{.Workload.ID.Name}}", "-grpc-addr=http://127.0.0.1:8502", // for demo purposes (TODO: huh?) "-admin-bind=0.0.0.0:{{.Workload.EnvoyAdminPort}}", {{if .Enterprise}} "-partition={{.Workload.ID.Partition}}", "-namespace={{.Workload.ID.Namespace}}", {{end}} {{if .Token }} "-token={{.Token}}", {{end}} "--", "-l", "trace", ] }