/terraform-docker-module

Module to create & maintain docker resources from terraform

Primary LanguageGoMozilla Public License 2.0MPL-2.0

Terraform Docker Module

Overview

Terraform docker module is a module to help docker maintenance over terraform. It should replace other means of docker maintenance like docker-compose.

There are several advantages of maintaining docker on terraform.

  • Infrastructure as code.
  • CI/CD. Many CI tools offers some way to automate terraform execution.
  • Remote execution. You don't need to manually ssh into servers.

This module uses under the hood Docker Provider.

Example:

provider "docker" {
  host = "tcp://192.168.0.100:2375/"
}

module "proxy" {
  source = "alinefr/module/docker"
  version = "<add latest version>"

  image = "masnagam/nginx-proxy:latest"
  container_name = "proxy"
  restart_policy = "always"
  docker_networks = {
    "proxy-tier" = {
      ipam_config = {
        aux_address = {}
        gateway = "10.0.20.1"
        subnet = "10.0.20.0/24"
      }
    }
  }
  ports = [
    {
      internal = 80
      external = 80
      protocol = "tcp"
    },
    {
      internal = 443
      external = 443
      protocol = "tcp"
    }
  ]
  named_volumes = {
    "nginx_confs" = {
      container_path = "/etc/nginx/conf.d"
      read_only = false
      create = true
    },
    "nginx_html" = {
      container_path = "/var/www/html"
      read_only = false
      create = true
    }
  }
  host_paths = {
    "/media/letsencrypt/etc/letsencrypt/live" = {
      container_path = "/etc/nginx/certs"
      read_only = false
    },
    "/media/letsencrypt/etc/letsencrypt/archive" = {
      container_path = "/etc/nginx/archive"
      read_only = false
    },
    "/var/run/docker.sock" = {
      container_path = "/tmp/docker.sock"
      read_only = true
    }
  }
  capabilities = {
    add = ["NET_ADMIN"]
    drop = []
  }
  networks_advanced = {
    name = "proxy-tier"
    ipv4_address = "10.0.20.100"
    ipv6_address = null
    aliases = null
  }
}

module "letsencrypt-companion" {
  source = "alinefr/module/docker"
  version = "<add latest version>"

  image = "jrcs/letsencrypt-nginx-proxy-companion"
  container_name = "letsencrypt-companion"
  restart_policy = "always"
  volumes_from_containers = [
      "proxy"
  ]
  host_paths = {
    "/var/run/docker.sock" = {
      container_path = "/var/run/docker.sock"
      read_only = true
    }
  }
  networks_advanced = {
    name = "proxy-tier"
    ipv4_address = "10.0.20.101"
    ipv6_address = null
    aliases = null
  }
}

Requirements

Name Version
terraform ~> 1.4
docker ~> 3.0

Providers

Name Version
docker ~> 3.0

Modules

No modules.

Resources

Name Type
docker_container.default resource
docker_image.default resource
docker_network.default resource
docker_volume.default resource
docker_registry_image.default data source

Inputs

Name Description Type Default Required
capabilities Add or drop container capabilities 
object({
    add  = list(string)
    drop = list(string)
  })
 null no
command Override the default command list(string) null no
container_name Custom container name string null no
devices Device mappings 
map(object({
    container_path = string
    permissions    = string
  }))
 {} no
dns Set custom dns servers for the container list(string) null no
docker_networks List of custom networks to create
hcl
docker_networks = [
  {
    name = "proxy-tier"
    ipam_config = {
      aux_address = {}
      gateway     = "10.0.0.1"
      subnet      = "10.0.0.0/24"
    }
  }
]
 any [] no
entrypoint Override the default entrypoint list(string) null no
environment Add environment variables map(string) null no
existing_image Specify an existing image from another module string null no
healthcheck Test to check if container is healthy 
object({
    interval     = string
    retries      = number
    start_period = string
    test         = list(string)
    timeout      = string
  })
 null no
host_paths Mount host paths 
map(object({
    container_path = string
    read_only      = bool
  }))
 {} no
hostname Set docker hostname string null no
image Specify the image to start the container from. Can either be a repository/tag or a partial image ID string null no
init If init process should be used as the PID 1 in the container bool false no
named_volumes Mount named volumes 
map(object({
    container_path = string
    read_only      = bool
    create         = bool
  }))
 {} no
network_mode Specify a custom network mode string null no
networks_advanced Advanced network options for the container
hcl
networks_advanced = [
  {
    name         = "proxy-tier"
    ipv4_address = "10.0.0.14"
  },
  {
    name         = "media-tier"
    ipv4_address = "172.0.0.14"
  }
]
 any null no
ports Expose ports 
list(object({
    internal = number
    external = number
    protocol = string
  }))
 null no
privileged Give extended privileges to this container bool false no
restart_policy Restart policy. Default: no string "no" no
volumes_from_containers Mount volumes from another container list(any) null no
working_dir Working directory inside the container string null no

Outputs

Name Description
capabilities n/a
command n/a
container_name n/a
devices n/a
dns n/a
docker_networks n/a
docker_volumes n/a
entrypoint n/a
environment n/a
healthcheck n/a
hostname n/a
image_id n/a
image_name n/a
init n/a
network_mode n/a
networks_advanced n/a
ports n/a
privileged n/a
restart n/a
volumes n/a
working_dir n/a