mirror of https://github.com/hashicorp/consul
66 lines
1.8 KiB
Cheetah
66 lines
1.8 KiB
Cheetah
resource "docker_container" "{{.Node.DockerName}}-{{.Workload.ID.TFString}}-sidecar" {
|
|
name = "{{.Node.DockerName}}-{{.Workload.ID.TFString}}-sidecar"
|
|
network_mode = "container:${docker_container.{{.PodName}}.id}"
|
|
image = docker_image.{{.ImageResource}}.image_id
|
|
restart = "on-failure"
|
|
|
|
{{- range $k, $v := .Labels }}
|
|
labels {
|
|
label = "{{ $k }}"
|
|
value = "{{ $v }}"
|
|
}
|
|
{{- end }}
|
|
|
|
volumes {
|
|
volume_name = "{{.TLSVolumeName}}"
|
|
container_path = "/consul/config/certs"
|
|
read_only = true
|
|
}
|
|
|
|
{{ if .Workload.EnableTransparentProxy }}
|
|
capabilities {
|
|
add = ["NET_ADMIN"]
|
|
}
|
|
entrypoint = [ "/bin/tproxy-startup.sh" ]
|
|
{{ end }}
|
|
|
|
env = [
|
|
"DP_CONSUL_ADDRESSES=server.{{.Node.Cluster}}-consulcluster.lan",
|
|
{{ if .Node.IsV2 }}
|
|
"DP_PROXY_ID={{.Workload.Workload}}",
|
|
{{ if .Enterprise }}
|
|
"DP_PROXY_NAMESPACE={{.Workload.ID.Namespace}}",
|
|
"DP_PROXY_PARTITION={{.Workload.ID.Partition}}",
|
|
{{ end }}
|
|
{{ else }}
|
|
"DP_SERVICE_NODE_NAME={{.Node.PodName}}",
|
|
"DP_PROXY_SERVICE_ID={{.Workload.ID.Name}}-sidecar-proxy",
|
|
{{ if .Enterprise }}
|
|
"DP_SERVICE_NAMESPACE={{.Workload.ID.Namespace}}",
|
|
"DP_SERVICE_PARTITION={{.Workload.ID.Partition}}",
|
|
{{ end }}
|
|
{{ end }}
|
|
|
|
{{ if .Token }}
|
|
"DP_CREDENTIAL_TYPE=static",
|
|
"DP_CREDENTIAL_STATIC_TOKEN={{.Token}}",
|
|
{{ end }}
|
|
|
|
{{ if .Workload.EnableTransparentProxy }}
|
|
"REDIRECT_TRAFFIC_ARGS=-exclude-inbound-port=19000",
|
|
{{ end }}
|
|
|
|
// for demo purposes
|
|
"DP_ENVOY_ADMIN_BIND_ADDRESS=0.0.0.0",
|
|
"DP_ENVOY_ADMIN_BIND_PORT=19000",
|
|
"DP_LOG_LEVEL=trace",
|
|
"DP_CA_CERTS=/consul/config/certs/consul-agent-ca.pem",
|
|
"DP_CONSUL_GRPC_PORT=8503",
|
|
"DP_TLS_SERVER_NAME=server.{{.Node.Datacenter}}.consul",
|
|
]
|
|
|
|
command = [
|
|
"/usr/local/bin/consul-dataplane",
|
|
]
|
|
}
|