feat(docker-service): allow adding group, capabilities, and device mappings
This commit is contained in:
Yuris Cakranegara
@@ -144,12 +144,32 @@ resource "docker_container" "service_container" {
|
|||||||
hostname = var.hostname
|
hostname = var.hostname
|
||||||
domainname = var.domainname
|
domainname = var.domainname
|
||||||
user = var.user
|
user = var.user
|
||||||
|
group_add = var.group_add
|
||||||
working_dir = var.working_dir
|
working_dir = var.working_dir
|
||||||
command = var.command
|
command = var.command
|
||||||
entrypoint = var.entrypoint
|
entrypoint = var.entrypoint
|
||||||
privileged = var.privileged
|
privileged = var.privileged
|
||||||
destroy_grace_seconds = var.destroy_grace_seconds
|
destroy_grace_seconds = var.destroy_grace_seconds
|
||||||
|
|
||||||
|
# Linux capabilities controls
|
||||||
|
dynamic "capabilities" {
|
||||||
|
for_each = length(var.capabilities_add) > 0 || length(var.capabilities_drop) > 0 ? [1] : []
|
||||||
|
content {
|
||||||
|
add = var.capabilities_add
|
||||||
|
drop = var.capabilities_drop
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Device mappings
|
||||||
|
dynamic "devices" {
|
||||||
|
for_each = var.devices
|
||||||
|
content {
|
||||||
|
host_path = devices.value.host_path
|
||||||
|
container_path = devices.value.container_path
|
||||||
|
permissions = devices.value.permissions
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
# Set log options
|
# Set log options
|
||||||
log_driver = var.log_driver
|
log_driver = var.log_driver
|
||||||
log_opts = var.log_opts
|
log_opts = var.log_opts
|
||||||
|
|||||||
@@ -179,12 +179,42 @@ variable "entrypoint" {
|
|||||||
default = null
|
default = null
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "group_add" {
|
||||||
|
description = "Additional groups to add to the container"
|
||||||
|
type = list(string)
|
||||||
|
default = []
|
||||||
|
}
|
||||||
|
|
||||||
variable "privileged" {
|
variable "privileged" {
|
||||||
description = "Run container in privileged mode"
|
description = "Run container in privileged mode"
|
||||||
type = bool
|
type = bool
|
||||||
default = false
|
default = false
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Linux capabilities controls
|
||||||
|
variable "capabilities_add" {
|
||||||
|
description = "Linux capabilities to add to the container"
|
||||||
|
type = list(string)
|
||||||
|
default = []
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "capabilities_drop" {
|
||||||
|
description = "Linux capabilities to drop from the container"
|
||||||
|
type = list(string)
|
||||||
|
default = []
|
||||||
|
}
|
||||||
|
|
||||||
|
// Devices to pass through to container
|
||||||
|
variable "devices" {
|
||||||
|
description = "List of device mappings for the container"
|
||||||
|
type = list(object({
|
||||||
|
host_path = string
|
||||||
|
container_path = string
|
||||||
|
permissions = string
|
||||||
|
}))
|
||||||
|
default = []
|
||||||
|
}
|
||||||
|
|
||||||
variable "destroy_grace_seconds" {
|
variable "destroy_grace_seconds" {
|
||||||
description = "Grace period in seconds before the container is destroyed"
|
description = "Grace period in seconds before the container is destroyed"
|
||||||
type = number
|
type = number
|
||||||
|
|||||||
Reference in New Issue
Block a user