terraform-provider-docker/examples/resources/docker_service/resource-advanced.tf

resource "docker_volume" "test_volume" {
  name = "tftest-volume"
}

resource "docker_config" "service_config" {
  name = "tftest-full-myconfig"
  data = "ewogICJwcmVmaXgiOiAiMTIzIgp9"
}

resource "docker_secret" "service_secret" {
  name = "tftest-mysecret"
  data = "ewogICJrZXkiOiAiUVdFUlRZIgp9"
}

resource "docker_network" "test_network" {
  name   = "tftest-network"
  driver = "overlay"
}

resource "docker_service" "foo" {
  name = "tftest-service-basic"

  task_spec {
    container_spec {
      image = "repo.mycompany.com:8080/foo-service:v1"

      labels {
        label = "foo.bar"
        value = "baz"
      }

      command  = ["ls"]
      args     = ["-las"]
      hostname = "my-fancy-service"

      env = {
        MYFOO = "BAR"
      }

      dir    = "/root"
      user   = "root"
      groups = ["docker", "foogroup"]

      privileges {
        se_linux_context {
          disable = true
          user    = "user-label"
          role    = "role-label"
          type    = "type-label"
          level   = "level-label"
        }
      }

      read_only = true

      mounts {
        target    = "/mount/test"
        source    = docker_volume.test_volume.name
        type      = "volume"
        read_only = true

        bind_options {
          propagation = "private"
        }
      }

      mounts {
        # another mount
      }

      stop_signal       = "SIGTERM"
      stop_grace_period = "10s"

      healthcheck {
        test     = ["CMD", "curl", "-f", "http://localhost:8080/health"]
        interval = "5s"
        timeout  = "2s"
        retries  = 4
      }

      hosts {
        host = "testhost"
        ip   = "10.0.1.0"
      }

      dns_config {
        nameservers = ["8.8.8.8"]
        search      = ["example.org"]
        options     = ["timeout:3"]
      }

      secrets {
        secret_id   = docker_secret.service_secret.id
        secret_name = docker_secret.service_secret.name
        file_name   = "/secrets.json"
        file_uid    = "0"
        file_gid    = "0"
        file_mode   = 0777
      }

      secrets {
        # another secret
      }

      configs {
        config_id   = docker_config.service_config.id
        config_name = docker_config.service_config.name
        file_name   = "/configs.json"
      }

      configs {
        # another config
      }
    }

    resources {
      limits {
        nano_cpus    = 1000000
        memory_bytes = 536870912
      }

      reservation {
        nano_cpus    = 1000000
        memory_bytes = 536870912

        generic_resources {
          named_resources_spec = [
            "GPU=UUID1",
          ]

          discrete_resources_spec = [
            "SSD=3",
          ]
        }
      }
    }

    restart_policy = {
      condition    = "on-failure"
      delay        = "3s"
      max_attempts = 4
      window       = "10s"
    }

    placement {
      constraints = [
        "node.role==manager",
      ]

      prefs = [
        "spread=node.role.manager",
      ]

      max_replicas = 1
    }

    force_update = 0
    runtime      = "container"
    networks     = [docker_network.test_network.id]

    log_driver {
      name = "json-file"

      options {
        max-size = "10m"
        max-file = "3"
      }
    }
  }

  mode {
    replicated {
      replicas = 2
    }
  }

  update_config {
    parallelism       = 2
    delay             = "10s"
    failure_action    = "pause"
    monitor           = "5s"
    max_failure_ratio = "0.1"
    order             = "start-first"
  }

  rollback_config {
    parallelism       = 2
    delay             = "5ms"
    failure_action    = "pause"
    monitor           = "10h"
    max_failure_ratio = "0.9"
    order             = "stop-first"
  }

  endpoint_spec {
    mode = "vip"

    ports {
      name           = "random"
      protocol       = "tcp"
      target_port    = "8080"
      published_port = "8080"
      publish_mode   = "ingress"
    }

    ports {
      # another port
    }
  }
}
feat/doc generation (#193) * chore: add tfplugindocs tool * feat: add tfplugin doc dependency and make target * chore: apply documentation generation * docs(contributing): update for documentation generation * fix: adapt website-lint target to new do folder * docs(network): update ds descriptions * docs: add template for index.md * docs: add network resource generation * chore(ci): updates paths for website checks * docs: add plugin data source generation * docs: add import cmd for network resource * docs: add plugin resource generation * feat: outlines remaining resources with example and import cmd * feat: add descriptions to docs * chore: add DevSkim ignores and fix capitalized errors * docs: complete ds registry image * docs: add container resource generation * docs: add lables description to missing resources * docs: remove computed:true from network data so the list is rendered in the description * Revert "docs: remove computed:true from network data" This reverts commit dce9b7a5a23dd8b4156bf6e33947225b5f719df2. * docs: add docker image descriptions to generate the docs * docs: add docker registry image descriptions to generate the docs * docs: add docker service descriptions to generate the docs * docs: add docker volume descriptions to generate the docs * docs(index): clarifies description so more docker resources are mentioned * docs(network): fixes required and read-only attributes so the ds can only be read by-name * docs(plugin): clarifies the ds docs attributes * docs: fix typo registry image ds * docs(config): clarifies attributes and enhances examples Provide a long example and import command * fix(config): make data non-sensitive Because only secrets data is * docs(containter): clarifies attributes and enhances examples with import * docs(config): fix typo * docs(image): clarifies attributes and remove import * docs(network): clarifies attributes and adapts import * docs(plugin): clarifies attributes and import * docs(registry_image): clarifies attributes and removes import * chore(secret): remove typo * docs(service): clarifies attributes and import * docs(volume): clarifies attributes and import * fix: correct md linter rules after doc gen * docs(volume): regenerated * docs: add config custom template * docs: add templates for all resources * docs(config): templates all sections and examples for better redability and structure * docs(config): fix md linter * docs(container): templates all sections and examples * docs(image): templates all sections and examples * docs(image): fix import resource by renaming * docs(network): templates all sections and examples * docs(service): templates all sections and examples * docs(volume): templates all sections and examples * fix(lint): replace website with doc directory * fix(ci): link check file extension check * fix: markdown links * chore: remove old website folder * chore: fix website-lint terrafmr dir and pattern * fix: lint fix target website folder * fix: website links * docs(provider): update examples with templates on auth and certs * docs(provider): add tf-plugin-docs line * docs(contributing): split doc generation section * docs: final brush up for readability and structure * chore(ci): add website-generation job to see if files changed and it should run locally again * chore(ci): remove explicit docker setup from website lint because it's installed by default 2021-05-21 08:30:56 -04:00			`resource "docker_volume" "test_volume" {`
			`name = "tftest-volume"`
			`}`

			`resource "docker_config" "service_config" {`
			`name = "tftest-full-myconfig"`
			`data = "ewogICJwcmVmaXgiOiAiMTIzIgp9"`
			`}`

			`resource "docker_secret" "service_secret" {`
			`name = "tftest-mysecret"`
			`data = "ewogICJrZXkiOiAiUVdFUlRZIgp9"`
			`}`

			`resource "docker_network" "test_network" {`
			`name = "tftest-network"`
			`driver = "overlay"`
			`}`

			`resource "docker_service" "foo" {`
			`name = "tftest-service-basic"`

			`task_spec {`
			`container_spec {`
			`image = "repo.mycompany.com:8080/foo-service:v1"`

			`labels {`
			`label = "foo.bar"`
			`value = "baz"`
			`}`

			`command = ["ls"]`
			`args = ["-las"]`
			`hostname = "my-fancy-service"`

			`env = {`
			`MYFOO = "BAR"`
			`}`

			`dir = "/root"`
			`user = "root"`
			`groups = ["docker", "foogroup"]`

			`privileges {`
			`se_linux_context {`
			`disable = true`
			`user = "user-label"`
			`role = "role-label"`
			`type = "type-label"`
			`level = "level-label"`
			`}`
			`}`

			`read_only = true`

			`mounts {`
			`target = "/mount/test"`
			`source = docker_volume.test_volume.name`
			`type = "volume"`
			`read_only = true`

			`bind_options {`
			`propagation = "private"`
			`}`
			`}`

			`mounts {`
			`# another mount`
			`}`

			`stop_signal = "SIGTERM"`
			`stop_grace_period = "10s"`

			`healthcheck {`
			`test = ["CMD", "curl", "-f", "http://localhost:8080/health"]`
			`interval = "5s"`
			`timeout = "2s"`
			`retries = 4`
			`}`

			`hosts {`
			`host = "testhost"`
			`ip = "10.0.1.0"`
			`}`

			`dns_config {`
			`nameservers = ["8.8.8.8"]`
			`search = ["example.org"]`
			`options = ["timeout:3"]`
			`}`

			`secrets {`
			`secret_id = docker_secret.service_secret.id`
			`secret_name = docker_secret.service_secret.name`
			`file_name = "/secrets.json"`
			`file_uid = "0"`
			`file_gid = "0"`
			`file_mode = 0777`
			`}`

			`secrets {`
			`# another secret`
			`}`

			`configs {`
			`config_id = docker_config.service_config.id`
			`config_name = docker_config.service_config.name`
			`file_name = "/configs.json"`
			`}`

			`configs {`
			`# another config`
			`}`
			`}`

			`resources {`
			`limits {`
			`nano_cpus = 1000000`
			`memory_bytes = 536870912`
			`}`

			`reservation {`
			`nano_cpus = 1000000`
			`memory_bytes = 536870912`

			`generic_resources {`
			`named_resources_spec = [`
			`"GPU=UUID1",`
			`]`

			`discrete_resources_spec = [`
			`"SSD=3",`
			`]`
			`}`
			`}`
			`}`

			`restart_policy = {`
			`condition = "on-failure"`
			`delay = "3s"`
			`max_attempts = 4`
			`window = "10s"`
			`}`

			`placement {`
			`constraints = [`
			`"node.role==manager",`
			`]`

			`prefs = [`
			`"spread=node.role.manager",`
			`]`

			`max_replicas = 1`
			`}`

			`force_update = 0`
			`runtime = "container"`
			`networks = [docker_network.test_network.id]`

			`log_driver {`
			`name = "json-file"`

			`options {`
			`max-size = "10m"`
			`max-file = "3"`
			`}`
			`}`
			`}`

			`mode {`
			`replicated {`
			`replicas = 2`
			`}`
			`}`

			`update_config {`
			`parallelism = 2`
			`delay = "10s"`
			`failure_action = "pause"`
			`monitor = "5s"`
			`max_failure_ratio = "0.1"`
			`order = "start-first"`
			`}`

			`rollback_config {`
			`parallelism = 2`
			`delay = "5ms"`
			`failure_action = "pause"`
			`monitor = "10h"`
			`max_failure_ratio = "0.9"`
			`order = "stop-first"`
			`}`

			`endpoint_spec {`
			`mode = "vip"`

			`ports {`
			`name = "random"`
			`protocol = "tcp"`
			`target_port = "8080"`
			`published_port = "8080"`
			`publish_mode = "ingress"`
			`}`

			`ports {`
			`# another port`
			`}`
			`}`
			`}`