compose/ecs/convert.go

package ecs

import (
	"encoding/json"
	"fmt"
	"os"
	"path/filepath"
	"sort"
	"strconv"
	"strings"
	"time"

	"github.com/aws/aws-sdk-go/aws"
	ecsapi "github.com/aws/aws-sdk-go/service/ecs"
	"github.com/awslabs/goformation/v4/cloudformation"
	"github.com/awslabs/goformation/v4/cloudformation/ecs"
	"github.com/awslabs/goformation/v4/cloudformation/tags"
	"github.com/compose-spec/compose-go/types"
	"github.com/docker/api/ecs/secrets"
	"github.com/docker/cli/opts"
	"github.com/joho/godotenv"
)

const secretsInitContainerImage = "docker/ecs-secrets-sidecar"

func Convert(project *types.Project, service types.ServiceConfig) (*ecs.TaskDefinition, error) {
	cpu, mem, err := toLimits(service)
	if err != nil {
		return nil, err
	}
	_, memReservation, err := toContainerReservation(service)
	if err != nil {
		return nil, err
	}
	credential := getRepoCredentials(service)

	// override resolve.conf search directive to also search <project>.local
	// TODO remove once ECS support hostname-only service discovery
	service.Environment["LOCALDOMAIN"] = aws.String(
		cloudformation.Join("", []string{
			cloudformation.Ref("AWS::Region"),
			".compute.internal",
			fmt.Sprintf(" %s.local", project.Name),
		}))

	logConfiguration := getLogConfiguration(service, project)

	var (
		containers     []ecs.TaskDefinition_ContainerDefinition
		volumes        []ecs.TaskDefinition_Volume
		mounts         []ecs.TaskDefinition_MountPoint
		initContainers []ecs.TaskDefinition_ContainerDependency
	)
	if len(service.Secrets) > 0 {
		initContainerName := fmt.Sprintf("%s_Secrets_InitContainer", normalizeResourceName(service.Name))
		volumes = append(volumes, ecs.TaskDefinition_Volume{
			Name: "secrets",
		})
		mounts = append(mounts, ecs.TaskDefinition_MountPoint{
			ContainerPath: "/run/secrets/",
			ReadOnly:      true,
			SourceVolume:  "secrets",
		})
		initContainers = append(initContainers, ecs.TaskDefinition_ContainerDependency{
			Condition:     ecsapi.ContainerConditionSuccess,
			ContainerName: initContainerName,
		})

		var (
			args        []secrets.Secret
			taskSecrets []ecs.TaskDefinition_Secret
		)
		for _, s := range service.Secrets {
			secretConfig := project.Secrets[s.Source]
			if s.Target == "" {
				s.Target = s.Source
			}
			taskSecrets = append(taskSecrets, ecs.TaskDefinition_Secret{
				Name:      s.Target,
				ValueFrom: secretConfig.Name,
			})
			var keys []string
			if ext, ok := secretConfig.Extensions[ExtensionKeys]; ok {
				if key, ok := ext.(string); ok {
					keys = append(keys, key)
				} else {
					for _, k := range ext.([]interface{}) {
						keys = append(keys, k.(string))
					}
				}
			}
			args = append(args, secrets.Secret{
				Name: s.Target,
				Keys: keys,
			})
		}
		command, err := json.Marshal(args)
		if err != nil {
			return nil, err
		}
		containers = append(containers, ecs.TaskDefinition_ContainerDefinition{
			Name:             initContainerName,
			Image:            secretsInitContainerImage,
			Command:          []string{string(command)},
			Essential:        false, // FIXME this will be ignored, see https://github.com/awslabs/goformation/issues/61#issuecomment-625139607
			LogConfiguration: logConfiguration,
			MountPoints: []ecs.TaskDefinition_MountPoint{
				{
					ContainerPath: "/run/secrets/",
					ReadOnly:      false,
					SourceVolume:  "secrets",
				},
			},
			Secrets: taskSecrets,
		})
	}

	pairs, err := createEnvironment(project, service)
	if err != nil {
		return nil, err
	}

	containers = append(containers, ecs.TaskDefinition_ContainerDefinition{
		Command:                service.Command,
		DisableNetworking:      service.NetworkMode == "none",
		DependsOnProp:          initContainers,
		DnsSearchDomains:       service.DNSSearch,
		DnsServers:             service.DNS,
		DockerSecurityOptions:  service.SecurityOpt,
		EntryPoint:             service.Entrypoint,
		Environment:            pairs,
		Essential:              true,
		ExtraHosts:             toHostEntryPtr(service.ExtraHosts),
		FirelensConfiguration:  nil,
		HealthCheck:            toHealthCheck(service.HealthCheck),
		Hostname:               service.Hostname,
		Image:                  service.Image,
		Interactive:            false,
		Links:                  nil,
		LinuxParameters:        toLinuxParameters(service),
		LogConfiguration:       logConfiguration,
		MemoryReservation:      memReservation,
		MountPoints:            mounts,
		Name:                   service.Name,
		PortMappings:           toPortMappings(service.Ports),
		Privileged:             service.Privileged,
		PseudoTerminal:         service.Tty,
		ReadonlyRootFilesystem: service.ReadOnly,
		RepositoryCredentials:  credential,
		ResourceRequirements:   nil,
		StartTimeout:           0,
		StopTimeout:            durationToInt(service.StopGracePeriod),
		SystemControls:         toSystemControls(service.Sysctls),
		Ulimits:                toUlimits(service.Ulimits),
		User:                   service.User,
		VolumesFrom:            nil,
		WorkingDirectory:       service.WorkingDir,
	})

	return &ecs.TaskDefinition{
		ContainerDefinitions:    containers,
		Cpu:                     cpu,
		Family:                  fmt.Sprintf("%s-%s", project.Name, service.Name),
		IpcMode:                 service.Ipc,
		Memory:                  mem,
		NetworkMode:             ecsapi.NetworkModeAwsvpc, // FIXME could be set by service.NetworkMode, Fargate only supports network mode ‘awsvpc’.
		PidMode:                 service.Pid,
		PlacementConstraints:    toPlacementConstraints(service.Deploy),
		ProxyConfiguration:      nil,
		RequiresCompatibilities: []string{ecsapi.LaunchTypeFargate},
		Volumes:                 volumes,
	}, nil
}

func createEnvironment(project *types.Project, service types.ServiceConfig) ([]ecs.TaskDefinition_KeyValuePair, error) {
	environment := map[string]*string{}
	for _, f := range service.EnvFile {
		if !filepath.IsAbs(f) {
			f = filepath.Join(project.WorkingDir, f)
		}
		if _, err := os.Stat(f); os.IsNotExist(err) {
			return nil, err
		}
		file, err := os.Open(f)
		if err != nil {
			return nil, err
		}
		defer file.Close()

		env, err := godotenv.Parse(file)
		if err != nil {
			return nil, err
		}
		for k, v := range env {
			environment[k] = &v
		}
	}
	for k, v := range service.Environment {
		environment[k] = v
	}

	var pairs []ecs.TaskDefinition_KeyValuePair
	for k, v := range environment {
		name := k
		var value string
		if v != nil {
			value = *v
		}
		pairs = append(pairs, ecs.TaskDefinition_KeyValuePair{
			Name:  name,
			Value: value,
		})
	}
	return pairs, nil
}

func getLogConfiguration(service types.ServiceConfig, project *types.Project) *ecs.TaskDefinition_LogConfiguration {
	options := map[string]string{
		"awslogs-region":        cloudformation.Ref("AWS::Region"),
		"awslogs-group":         cloudformation.Ref("LogGroup"),
		"awslogs-stream-prefix": project.Name,
	}
	if service.Logging != nil {
		for k, v := range service.Logging.Options {
			if strings.HasPrefix(k, "awslogs-") {
				options[k] = v
			}
		}
	}
	logConfiguration := &ecs.TaskDefinition_LogConfiguration{
		LogDriver: ecsapi.LogDriverAwslogs,
		Options:   options,
	}
	return logConfiguration
}

func toTags(labels types.Labels) []tags.Tag {
	t := []tags.Tag{}
	for n, v := range labels {
		t = append(t, tags.Tag{
			Key:   n,
			Value: v,
		})
	}
	return t
}

func toSystemControls(sysctls types.Mapping) []ecs.TaskDefinition_SystemControl {
	sys := []ecs.TaskDefinition_SystemControl{}
	for k, v := range sysctls {
		sys = append(sys, ecs.TaskDefinition_SystemControl{
			Namespace: k,
			Value:     v,
		})
	}
	return sys
}

const MiB = 1024 * 1024

func toLimits(service types.ServiceConfig) (string, string, error) {
	// All possible cpu/mem values for Fargate
	cpuToMem := map[int64][]types.UnitBytes{
		256:  {512, 1024, 2048},
		512:  {1024, 2048, 3072, 4096},
		1024: {2048, 3072, 4096, 5120, 6144, 7168, 8192},
		2048: {4096, 5120, 6144, 7168, 8192, 9216, 10240, 11264, 12288, 13312, 14336, 15360, 16384},
		4096: {8192, 9216, 10240, 11264, 12288, 13312, 14336, 15360, 16384, 17408, 18432, 19456, 20480, 21504, 22528, 23552, 24576, 25600, 26624, 27648, 28672, 29696, 30720},
	}
	cpuLimit := "256"
	memLimit := "512"

	if service.Deploy == nil {
		return cpuLimit, memLimit, nil
	}

	limits := service.Deploy.Resources.Limits
	if limits == nil {
		return cpuLimit, memLimit, nil
	}

	if limits.NanoCPUs == "" {
		return cpuLimit, memLimit, nil
	}

	v, err := opts.ParseCPUs(limits.NanoCPUs)
	if err != nil {
		return "", "", err
	}

	var cpus []int64
	for k := range cpuToMem {
		cpus = append(cpus, k)
	}
	sort.Slice(cpus, func(i, j int) bool { return cpus[i] < cpus[j] })

	for _, cpu := range cpus {
		mem := cpuToMem[cpu]
		if v <= cpu*MiB {
			for _, m := range mem {
				if limits.MemoryBytes <= m*MiB {
					cpuLimit = strconv.FormatInt(cpu, 10)
					memLimit = strconv.FormatInt(int64(m), 10)
					return cpuLimit, memLimit, nil
				}
			}
		}
	}
	return "", "", fmt.Errorf("the resources requested are not supported by ECS/Fargate")
}

func toContainerReservation(service types.ServiceConfig) (string, int, error) {
	cpuReservation := ".0"
	memReservation := 0

	if service.Deploy == nil {
		return cpuReservation, memReservation, nil
	}

	reservations := service.Deploy.Resources.Reservations
	if reservations == nil {
		return cpuReservation, memReservation, nil
	}
	return reservations.NanoCPUs, int(reservations.MemoryBytes / MiB), nil
}

func toRequiresCompatibilities(isolation string) []*string {
	if isolation == "" {
		return nil
	}
	return []*string{&isolation}
}

func toPlacementConstraints(deploy *types.DeployConfig) []ecs.TaskDefinition_TaskDefinitionPlacementConstraint {
	if deploy == nil || deploy.Placement.Constraints == nil || len(deploy.Placement.Constraints) == 0 {
		return nil
	}
	pl := []ecs.TaskDefinition_TaskDefinitionPlacementConstraint{}
	for _, c := range deploy.Placement.Constraints {
		pl = append(pl, ecs.TaskDefinition_TaskDefinitionPlacementConstraint{
			Expression: c,
			Type:       "",
		})
	}
	return pl
}

func toPortMappings(ports []types.ServicePortConfig) []ecs.TaskDefinition_PortMapping {
	if len(ports) == 0 {
		return nil
	}
	m := []ecs.TaskDefinition_PortMapping{}
	for _, p := range ports {
		m = append(m, ecs.TaskDefinition_PortMapping{
			ContainerPort: int(p.Target),
			HostPort:      int(p.Published),
			Protocol:      p.Protocol,
		})
	}
	return m
}

func toUlimits(ulimits map[string]*types.UlimitsConfig) []ecs.TaskDefinition_Ulimit {
	if len(ulimits) == 0 {
		return nil
	}
	u := []ecs.TaskDefinition_Ulimit{}
	for k, v := range ulimits {
		u = append(u, ecs.TaskDefinition_Ulimit{
			Name:      k,
			SoftLimit: v.Soft,
			HardLimit: v.Hard,
		})
	}
	return u
}

func toLinuxParameters(service types.ServiceConfig) *ecs.TaskDefinition_LinuxParameters {
	return &ecs.TaskDefinition_LinuxParameters{
		Capabilities:       toKernelCapabilities(service.CapAdd, service.CapDrop),
		Devices:            nil,
		InitProcessEnabled: service.Init != nil && *service.Init,
		MaxSwap:            0,
		// FIXME SharedMemorySize:   service.ShmSize,
		Swappiness: 0,
		Tmpfs:      toTmpfs(service.Tmpfs),
	}
}

func toTmpfs(tmpfs types.StringList) []ecs.TaskDefinition_Tmpfs {
	if tmpfs == nil || len(tmpfs) == 0 {
		return nil
	}
	o := []ecs.TaskDefinition_Tmpfs{}
	for _, path := range tmpfs {
		o = append(o, ecs.TaskDefinition_Tmpfs{
			ContainerPath: path,
			Size:          100, // size is required on ECS, unlimited by the compose spec
		})
	}
	return o
}

func toKernelCapabilities(add []string, drop []string) *ecs.TaskDefinition_KernelCapabilities {
	if len(add) == 0 && len(drop) == 0 {
		return nil
	}
	return &ecs.TaskDefinition_KernelCapabilities{
		Add:  add,
		Drop: drop,
	}

}

func toHealthCheck(check *types.HealthCheckConfig) *ecs.TaskDefinition_HealthCheck {
	if check == nil {
		return nil
	}
	retries := 0
	if check.Retries != nil {
		retries = int(*check.Retries)
	}
	return &ecs.TaskDefinition_HealthCheck{
		Command:     check.Test,
		Interval:    durationToInt(check.Interval),
		Retries:     retries,
		StartPeriod: durationToInt(check.StartPeriod),
		Timeout:     durationToInt(check.Timeout),
	}
}

func durationToInt(interval *types.Duration) int {
	if interval == nil {
		return 0
	}
	v := int(time.Duration(*interval).Seconds())
	return v
}

func toHostEntryPtr(hosts types.HostsList) []ecs.TaskDefinition_HostEntry {
	if hosts == nil || len(hosts) == 0 {
		return nil
	}
	e := []ecs.TaskDefinition_HostEntry{}
	for _, h := range hosts {
		parts := strings.SplitN(h, ":", 2) // FIXME this should be handled by compose-go
		e = append(e, ecs.TaskDefinition_HostEntry{
			Hostname:  parts[0],
			IpAddress: parts[1],
		})
	}
	return e
}

func getRepoCredentials(service types.ServiceConfig) *ecs.TaskDefinition_RepositoryCredentials {
	// extract registry and namespace string from image name
	for key, value := range service.Extensions {
		if key == ExtensionPullCredentials {
			return &ecs.TaskDefinition_RepositoryCredentials{CredentialsParameter: value.(string)}
		}
	}
	return nil
}
-												Make ECS integration a compose-cli backend

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-17 17:48:52 +02:00
+								package ecs
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
 								import (
-												Pass secret definition to init container as json struct

this avoid yet another new micro-formats that is poorly documented

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-10 19:02:27 +02:00
+									"encoding/json"
-												Implement Hostname-only service discovery using LOCALDOMAIN

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-05-12 09:41:29 +02:00
+									"fmt"
-												Add service.env_file support

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-11 15:48:12 +02:00
+									"os"
 									"path/filepath"
-												sort cpu values in conversion to fargate values

Signed-off-by: aiordache <anca.iordache@docker.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-07-24 10:17:48 +02:00
+									"sort"
-												mapping cpu and memory to fargate values

Signed-off-by: aiordache <anca.iordache@docker.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-05-06 18:36:22 +02:00
+									"strconv"
-												Adopt CloudFormation to create ECS app from compose.yaml

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-21 11:38:52 +02:00
+									"strings"
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+									"time"
-												Implement Hostname-only service discovery using LOCALDOMAIN

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-05-12 09:41:29 +02:00
+									"github.com/aws/aws-sdk-go/aws"
-												Adopt CloudFormation to create ECS app from compose.yaml

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-21 11:38:52 +02:00
+									ecsapi "github.com/aws/aws-sdk-go/service/ecs"
-												Create CloudWatch LogGroup and IAM TaskExecutionRole

As part of the CloudFormation template, create a LogGroup and configure
task with awslogs log-driver. Also create a dedicated IAM Role, with
AmazonECSTaskExecutionRolePolicy. This one will later be fine-tuned to
grant access to secrets/config and other AWS resources according to
custom extensions

close #42

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-05-04 15:09:08 +02:00
+									"github.com/awslabs/goformation/v4/cloudformation"
-												Adopt CloudFormation to create ECS app from compose.yaml

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-21 11:38:52 +02:00
+									"github.com/awslabs/goformation/v4/cloudformation/ecs"
-												Introduce `Normalize` and `Check` in compose model lifecycle

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-05-19 15:27:11 +02:00
+									"github.com/awslabs/goformation/v4/cloudformation/tags"
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+									"github.com/compose-spec/compose-go/types"
-												Make ECS integration a compose-cli backend

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-17 17:48:52 +02:00
+									"github.com/docker/api/ecs/secrets"
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+									"github.com/docker/cli/opts"
-												Add service.env_file support

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-11 15:48:12 +02:00
+									"github.com/joho/godotenv"
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+								)
-												use an initContainer to inject secrets as /run/secrets/xx

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-04 18:04:06 +02:00
+								const secretsInitContainerImage = "docker/ecs-secrets-sidecar"
-												Use `Project` from compose-go

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-06-17 14:48:42 +02:00
+								func Convert(project *types.Project, service types.ServiceConfig) (*ecs.TaskDefinition, error) {
-												mapping cpu and memory to fargate values

Signed-off-by: aiordache <anca.iordache@docker.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-05-06 18:36:22 +02:00
+									cpu, mem, err := toLimits(service)
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+									if err != nil {
 										return nil, err
 									}
-												Add support for deploy.resources

Signed-off-by: aiordache <anca.iordache@docker.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-07-23 14:37:05 +02:00
+									_, memReservation, err := toContainerReservation(service)
 									if err != nil {
 										return nil, err
 									}
-												cleanup

Signed-off-by: aiordache <anca.iordache@docker.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-05-06 15:15:46 +02:00
+									credential := getRepoCredentials(service)
-												Implement Hostname-only service discovery using LOCALDOMAIN

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-05-12 09:41:29 +02:00
+									// override resolve.conf search directive to also search <project>.local
 									// TODO remove once ECS support hostname-only service discovery
 									service.Environment["LOCALDOMAIN"] = aws.String(
 										cloudformation.Join("", []string{
 											cloudformation.Ref("AWS::Region"),
 											".compute.internal",
 											fmt.Sprintf(" %s.local", project.Name),
 										}))
-												Allow fine tunning of awslogs

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-11 15:48:12 +02:00
+									logConfiguration := getLogConfiguration(service, project)
-												use an initContainer to inject secrets as /run/secrets/xx

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-04 18:04:06 +02:00
 									var (
 										containers     []ecs.TaskDefinition_ContainerDefinition
 										volumes        []ecs.TaskDefinition_Volume
 										mounts         []ecs.TaskDefinition_MountPoint
 										initContainers []ecs.TaskDefinition_ContainerDependency
 									)
 									if len(service.Secrets) > 0 {
-												Pass secret definition to init container as json struct

this avoid yet another new micro-formats that is poorly documented

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-10 19:02:27 +02:00
+										initContainerName := fmt.Sprintf("%s_Secrets_InitContainer", normalizeResourceName(service.Name))
-												use an initContainer to inject secrets as /run/secrets/xx

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-04 18:04:06 +02:00
+										volumes = append(volumes, ecs.TaskDefinition_Volume{
 											Name: "secrets",
 										})
 										mounts = append(mounts, ecs.TaskDefinition_MountPoint{
 											ContainerPath: "/run/secrets/",
 											ReadOnly:      true,
 											SourceVolume:  "secrets",
 										})
 										initContainers = append(initContainers, ecs.TaskDefinition_ContainerDependency{
 											Condition:     ecsapi.ContainerConditionSuccess,
-												Pass secret definition to init container as json struct

this avoid yet another new micro-formats that is poorly documented

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-10 19:02:27 +02:00
+											ContainerName: initContainerName,
-												use an initContainer to inject secrets as /run/secrets/xx

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-04 18:04:06 +02:00
+										})
 										var (
-												Pass secret definition to init container as json struct

this avoid yet another new micro-formats that is poorly documented

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-10 19:02:27 +02:00
+											args        []secrets.Secret
 											taskSecrets []ecs.TaskDefinition_Secret
-												use an initContainer to inject secrets as /run/secrets/xx

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-04 18:04:06 +02:00
+										)
 										for _, s := range service.Secrets {
 											secretConfig := project.Secrets[s.Source]
 											if s.Target == "" {
 												s.Target = s.Source
 											}
-												Pass secret definition to init container as json struct

this avoid yet another new micro-formats that is poorly documented

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-10 19:02:27 +02:00
+											taskSecrets = append(taskSecrets, ecs.TaskDefinition_Secret{
-												use an initContainer to inject secrets as /run/secrets/xx

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-04 18:04:06 +02:00
+												Name:      s.Target,
 												ValueFrom: secretConfig.Name,
 											})
-												Pass secret definition to init container as json struct

this avoid yet another new micro-formats that is poorly documented

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-10 19:02:27 +02:00
+											var keys []string
-												Make ECS integration a compose-cli backend

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-17 17:48:52 +02:00
+											if ext, ok := secretConfig.Extensions[ExtensionKeys]; ok {
-												use an initContainer to inject secrets as /run/secrets/xx

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-04 18:04:06 +02:00
+												if key, ok := ext.(string); ok {
 													keys = append(keys, key)
 												} else {
 													for _, k := range ext.([]interface{}) {
 														keys = append(keys, k.(string))
 													}
 												}
 											}
-												Pass secret definition to init container as json struct

this avoid yet another new micro-formats that is poorly documented

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-10 19:02:27 +02:00
+											args = append(args, secrets.Secret{
 												Name: s.Target,
 												Keys: keys,
 											})
 										}
 										command, err := json.Marshal(args)
 										if err != nil {
 											return nil, err
-												use an initContainer to inject secrets as /run/secrets/xx

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-04 18:04:06 +02:00
+										}
 										containers = append(containers, ecs.TaskDefinition_ContainerDefinition{
-												Pass secret definition to init container as json struct

this avoid yet another new micro-formats that is poorly documented

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-10 19:02:27 +02:00
+											Name:             initContainerName,
-												use an initContainer to inject secrets as /run/secrets/xx

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-04 18:04:06 +02:00
+											Image:            secretsInitContainerImage,
-												Pass secret definition to init container as json struct

this avoid yet another new micro-formats that is poorly documented

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-10 19:02:27 +02:00
+											Command:          []string{string(command)},
-												use an initContainer to inject secrets as /run/secrets/xx

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-04 18:04:06 +02:00
+											Essential:        false, // FIXME this will be ignored, see https://github.com/awslabs/goformation/issues/61#issuecomment-625139607
 											LogConfiguration: logConfiguration,
 											MountPoints: []ecs.TaskDefinition_MountPoint{
 												{
 													ContainerPath: "/run/secrets/",
 													ReadOnly:      false,
 													SourceVolume:  "secrets",
-												Create CloudWatch LogGroup and IAM TaskExecutionRole

As part of the CloudFormation template, create a LogGroup and configure
task with awslogs log-driver. Also create a dedicated IAM Role, with
AmazonECSTaskExecutionRolePolicy. This one will later be fine-tuned to
grant access to secrets/config and other AWS resources according to
custom extensions

close #42

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-05-04 15:09:08 +02:00
+												},
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+											},
-												Pass secret definition to init container as json struct

this avoid yet another new micro-formats that is poorly documented

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-10 19:02:27 +02:00
+											Secrets: taskSecrets,
-												use an initContainer to inject secrets as /run/secrets/xx

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-04 18:04:06 +02:00
+										})
 									}
-												Add service.env_file support

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-11 15:48:12 +02:00
+									pairs, err := createEnvironment(project, service)
 									if err != nil {
 										return nil, err
 									}
-												use an initContainer to inject secrets as /run/secrets/xx

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-04 18:04:06 +02:00
+									containers = append(containers, ecs.TaskDefinition_ContainerDefinition{
 										Command:                service.Command,
 										DisableNetworking:      service.NetworkMode == "none",
 										DependsOnProp:          initContainers,
 										DnsSearchDomains:       service.DNSSearch,
 										DnsServers:             service.DNS,
 										DockerSecurityOptions:  service.SecurityOpt,
 										EntryPoint:             service.Entrypoint,
-												Add service.env_file support

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-11 15:48:12 +02:00
+										Environment:            pairs,
-												use an initContainer to inject secrets as /run/secrets/xx

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-04 18:04:06 +02:00
+										Essential:              true,
 										ExtraHosts:             toHostEntryPtr(service.ExtraHosts),
 										FirelensConfiguration:  nil,
 										HealthCheck:            toHealthCheck(service.HealthCheck),
 										Hostname:               service.Hostname,
 										Image:                  service.Image,
 										Interactive:            false,
 										Links:                  nil,
 										LinuxParameters:        toLinuxParameters(service),
 										LogConfiguration:       logConfiguration,
 										MemoryReservation:      memReservation,
 										MountPoints:            mounts,
 										Name:                   service.Name,
 										PortMappings:           toPortMappings(service.Ports),
 										Privileged:             service.Privileged,
 										PseudoTerminal:         service.Tty,
 										ReadonlyRootFilesystem: service.ReadOnly,
 										RepositoryCredentials:  credential,
 										ResourceRequirements:   nil,
 										StartTimeout:           0,
 										StopTimeout:            durationToInt(service.StopGracePeriod),
 										SystemControls:         toSystemControls(service.Sysctls),
 										Ulimits:                toUlimits(service.Ulimits),
 										User:                   service.User,
 										VolumesFrom:            nil,
 										WorkingDirectory:       service.WorkingDir,
 									})
 									return &ecs.TaskDefinition{
 										ContainerDefinitions:    containers,
-												mapping cpu and memory to fargate values

Signed-off-by: aiordache <anca.iordache@docker.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-05-06 18:36:22 +02:00
+										Cpu:                     cpu,
-												Use distinct family per service definition

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-06-02 14:17:48 +02:00
+										Family:                  fmt.Sprintf("%s-%s", project.Name, service.Name),
-												Adopt CloudFormation to create ECS app from compose.yaml

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-21 11:38:52 +02:00
+										IpcMode:                 service.Ipc,
-												mapping cpu and memory to fargate values

Signed-off-by: aiordache <anca.iordache@docker.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-05-06 18:36:22 +02:00
+										Memory:                  mem,
-												Adopt CloudFormation to create ECS app from compose.yaml

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-21 11:38:52 +02:00
+										NetworkMode:             ecsapi.NetworkModeAwsvpc, // FIXME could be set by service.NetworkMode, Fargate only supports network mode ‘awsvpc’.
 										PidMode:                 service.Pid,
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+										PlacementConstraints:    toPlacementConstraints(service.Deploy),
 										ProxyConfiguration:      nil,
-												Adopt CloudFormation to create ECS app from compose.yaml

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-21 11:38:52 +02:00
+										RequiresCompatibilities: []string{ecsapi.LaunchTypeFargate},
-												use an initContainer to inject secrets as /run/secrets/xx

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-04 18:04:06 +02:00
+										Volumes:                 volumes,
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+									}, nil
 								}
-												Add service.env_file support

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-11 15:48:12 +02:00
+								func createEnvironment(project *types.Project, service types.ServiceConfig) ([]ecs.TaskDefinition_KeyValuePair, error) {
 									environment := map[string]*string{}
 									for _, f := range service.EnvFile {
 										if !filepath.IsAbs(f) {
 											f = filepath.Join(project.WorkingDir, f)
 										}
 										if _, err := os.Stat(f); os.IsNotExist(err) {
 											return nil, err
 										}
 										file, err := os.Open(f)
 										if err != nil {
 											return nil, err
 										}
 										defer file.Close()
 										env, err := godotenv.Parse(file)
 										if err != nil {
 											return nil, err
 										}
 										for k, v := range env {
 											environment[k] = &v
 										}
 									}
 									for k, v := range service.Environment {
 										environment[k] = v
 									}
 									var pairs []ecs.TaskDefinition_KeyValuePair
 									for k, v := range environment {
 										name := k
 										var value string
 										if v != nil {
 											value = *v
 										}
 										pairs = append(pairs, ecs.TaskDefinition_KeyValuePair{
 											Name:  name,
 											Value: value,
 										})
 									}
 									return pairs, nil
 								}
-												Allow fine tunning of awslogs

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-11 15:48:12 +02:00
+								func getLogConfiguration(service types.ServiceConfig, project *types.Project) *ecs.TaskDefinition_LogConfiguration {
 									options := map[string]string{
 										"awslogs-region":        cloudformation.Ref("AWS::Region"),
 										"awslogs-group":         cloudformation.Ref("LogGroup"),
 										"awslogs-stream-prefix": project.Name,
 									}
 									if service.Logging != nil {
 										for k, v := range service.Logging.Options {
 											if strings.HasPrefix(k, "awslogs-") {
 												options[k] = v
 											}
 										}
 									}
 									logConfiguration := &ecs.TaskDefinition_LogConfiguration{
 										LogDriver: ecsapi.LogDriverAwslogs,
 										Options:   options,
 									}
 									return logConfiguration
 								}
-												Introduce `Normalize` and `Check` in compose model lifecycle

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-05-19 15:27:11 +02:00
+								func toTags(labels types.Labels) []tags.Tag {
 									t := []tags.Tag{}
 									for n, v := range labels {
 										t = append(t, tags.Tag{
 											Key:   n,
 											Value: v,
 										})
 									}
 									return t
 								}
 								func toSystemControls(sysctls types.Mapping) []ecs.TaskDefinition_SystemControl {
 									sys := []ecs.TaskDefinition_SystemControl{}
 									for k, v := range sysctls {
 										sys = append(sys, ecs.TaskDefinition_SystemControl{
 											Namespace: k,
 											Value:     v,
 										})
 									}
 									return sys
 								}
-												Add test for convert failure

Signed-off-by: aiordache <anca.iordache@docker.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-07-23 20:17:41 +02:00
+								const MiB = 1024 * 1024
-												Add support for deploy.resources

Signed-off-by: aiordache <anca.iordache@docker.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-07-23 14:37:05 +02:00
-												mapping cpu and memory to fargate values

Signed-off-by: aiordache <anca.iordache@docker.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-05-06 18:36:22 +02:00
+								func toLimits(service types.ServiceConfig) (string, string, error) {
 									// All possible cpu/mem values for Fargate
 									cpuToMem := map[int64][]types.UnitBytes{
 :  {512, 1024, 2048},
 :  {1024, 2048, 3072, 4096},
 : {2048, 3072, 4096, 5120, 6144, 7168, 8192},
 : {4096, 5120, 6144, 7168, 8192, 9216, 10240, 11264, 12288, 13312, 14336, 15360, 16384},
 : {8192, 9216, 10240, 11264, 12288, 13312, 14336, 15360, 16384, 17408, 18432, 19456, 20480, 21504, 22528, 23552, 24576, 25600, 26624, 27648, 28672, 29696, 30720},
 									}
 									cpuLimit := "256"
 									memLimit := "512"
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
 									if service.Deploy == nil {
-												mapping cpu and memory to fargate values

Signed-off-by: aiordache <anca.iordache@docker.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-05-06 18:36:22 +02:00
+										return cpuLimit, memLimit, nil
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+									}
-												mapping cpu and memory to fargate values

Signed-off-by: aiordache <anca.iordache@docker.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-05-06 18:36:22 +02:00
 									limits := service.Deploy.Resources.Limits
 									if limits == nil {
 										return cpuLimit, memLimit, nil
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+									}
-												mapping cpu and memory to fargate values

Signed-off-by: aiordache <anca.iordache@docker.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-05-06 18:36:22 +02:00
 									if limits.NanoCPUs == "" {
 										return cpuLimit, memLimit, nil
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+									}
-												mapping cpu and memory to fargate values

Signed-off-by: aiordache <anca.iordache@docker.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-05-06 18:36:22 +02:00
 									v, err := opts.ParseCPUs(limits.NanoCPUs)
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+									if err != nil {
-												mapping cpu and memory to fargate values

Signed-off-by: aiordache <anca.iordache@docker.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-05-06 18:36:22 +02:00
+										return "", "", err
 									}
-												sort cpu values in conversion to fargate values

Signed-off-by: aiordache <anca.iordache@docker.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-07-24 10:17:48 +02:00
+									var cpus []int64
 									for k := range cpuToMem {
 										cpus = append(cpus, k)
 									}
 									sort.Slice(cpus, func(i, j int) bool { return cpus[i] < cpus[j] })
 									for _, cpu := range cpus {
 										mem := cpuToMem[cpu]
-												Add test for convert failure

Signed-off-by: aiordache <anca.iordache@docker.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-07-23 20:17:41 +02:00
+										if v <= cpu*MiB {
-												mapping cpu and memory to fargate values

Signed-off-by: aiordache <anca.iordache@docker.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-05-06 18:36:22 +02:00
+											for _, m := range mem {
-												Add test for convert failure

Signed-off-by: aiordache <anca.iordache@docker.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-07-23 20:17:41 +02:00
+												if limits.MemoryBytes <= m*MiB {
-												mapping cpu and memory to fargate values

Signed-off-by: aiordache <anca.iordache@docker.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-05-06 18:36:22 +02:00
+													cpuLimit = strconv.FormatInt(cpu, 10)
 													memLimit = strconv.FormatInt(int64(m), 10)
 													return cpuLimit, memLimit, nil
 												}
 											}
 										}
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+									}
-												sort cpu values in conversion to fargate values

Signed-off-by: aiordache <anca.iordache@docker.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-07-24 10:17:48 +02:00
+									return "", "", fmt.Errorf("the resources requested are not supported by ECS/Fargate")
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+								}
-												Add support for deploy.resources

Signed-off-by: aiordache <anca.iordache@docker.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-07-23 14:37:05 +02:00
+								func toContainerReservation(service types.ServiceConfig) (string, int, error) {
 									cpuReservation := ".0"
 									memReservation := 0
 									if service.Deploy == nil {
 										return cpuReservation, memReservation, nil
 									}
 									reservations := service.Deploy.Resources.Reservations
 									if reservations == nil {
 										return cpuReservation, memReservation, nil
 									}
-												Add test for convert failure

Signed-off-by: aiordache <anca.iordache@docker.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-07-23 20:17:41 +02:00
+									return reservations.NanoCPUs, int(reservations.MemoryBytes / MiB), nil
-												Add support for deploy.resources

Signed-off-by: aiordache <anca.iordache@docker.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-07-23 14:37:05 +02:00
+								}
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+								func toRequiresCompatibilities(isolation string) []*string {
 									if isolation == "" {
 										return nil
 									}
 									return []*string{&isolation}
 								}
-												Adopt CloudFormation to create ECS app from compose.yaml

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-21 11:38:52 +02:00
+								func toPlacementConstraints(deploy *types.DeployConfig) []ecs.TaskDefinition_TaskDefinitionPlacementConstraint {
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+									if deploy == nil || deploy.Placement.Constraints == nil || len(deploy.Placement.Constraints) == 0 {
 										return nil
 									}
-												Adopt CloudFormation to create ECS app from compose.yaml

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-21 11:38:52 +02:00
+									pl := []ecs.TaskDefinition_TaskDefinitionPlacementConstraint{}
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+									for _, c := range deploy.Placement.Constraints {
-												Adopt CloudFormation to create ECS app from compose.yaml

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-21 11:38:52 +02:00
+										pl = append(pl, ecs.TaskDefinition_TaskDefinitionPlacementConstraint{
 											Expression: c,
 											Type:       "",
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+										})
 									}
 									return pl
 								}
-												Adopt CloudFormation to create ECS app from compose.yaml

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-21 11:38:52 +02:00
+								func toPortMappings(ports []types.ServicePortConfig) []ecs.TaskDefinition_PortMapping {
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+									if len(ports) == 0 {
 										return nil
 									}
-												Adopt CloudFormation to create ECS app from compose.yaml

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-21 11:38:52 +02:00
+									m := []ecs.TaskDefinition_PortMapping{}
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+									for _, p := range ports {
-												Adopt CloudFormation to create ECS app from compose.yaml

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-21 11:38:52 +02:00
+										m = append(m, ecs.TaskDefinition_PortMapping{
 											ContainerPort: int(p.Target),
 											HostPort:      int(p.Published),
 											Protocol:      p.Protocol,
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+										})
 									}
 									return m
 								}
-												Adopt CloudFormation to create ECS app from compose.yaml

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-21 11:38:52 +02:00
+								func toUlimits(ulimits map[string]*types.UlimitsConfig) []ecs.TaskDefinition_Ulimit {
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+									if len(ulimits) == 0 {
 										return nil
 									}
-												Adopt CloudFormation to create ECS app from compose.yaml

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-21 11:38:52 +02:00
+									u := []ecs.TaskDefinition_Ulimit{}
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+									for k, v := range ulimits {
-												Adopt CloudFormation to create ECS app from compose.yaml

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-21 11:38:52 +02:00
+										u = append(u, ecs.TaskDefinition_Ulimit{
 											Name:      k,
 											SoftLimit: v.Soft,
 											HardLimit: v.Hard,
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+										})
 									}
 									return u
 								}
-												Adopt CloudFormation to create ECS app from compose.yaml

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-21 11:38:52 +02:00
+								func toLinuxParameters(service types.ServiceConfig) *ecs.TaskDefinition_LinuxParameters {
 									return &ecs.TaskDefinition_LinuxParameters{
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+										Capabilities:       toKernelCapabilities(service.CapAdd, service.CapDrop),
 										Devices:            nil,
-												Adopt CloudFormation to create ECS app from compose.yaml

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-21 11:38:52 +02:00
+										InitProcessEnabled: service.Init != nil && *service.Init,
 										MaxSwap:            0,
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+										// FIXME SharedMemorySize:   service.ShmSize,
-												Adopt CloudFormation to create ECS app from compose.yaml

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-21 11:38:52 +02:00
+										Swappiness: 0,
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+										Tmpfs:      toTmpfs(service.Tmpfs),
 									}
 								}
-												Adopt CloudFormation to create ECS app from compose.yaml

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-21 11:38:52 +02:00
+								func toTmpfs(tmpfs types.StringList) []ecs.TaskDefinition_Tmpfs {
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+									if tmpfs == nil || len(tmpfs) == 0 {
 										return nil
 									}
-												Adopt CloudFormation to create ECS app from compose.yaml

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-21 11:38:52 +02:00
+									o := []ecs.TaskDefinition_Tmpfs{}
 									for _, path := range tmpfs {
 										o = append(o, ecs.TaskDefinition_Tmpfs{
 											ContainerPath: path,
-												Implement Hostname-only service discovery using LOCALDOMAIN

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-05-12 09:41:29 +02:00
+											Size:          100, // size is required on ECS, unlimited by the compose spec
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+										})
 									}
 									return o
 								}
-												Adopt CloudFormation to create ECS app from compose.yaml

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-21 11:38:52 +02:00
+								func toKernelCapabilities(add []string, drop []string) *ecs.TaskDefinition_KernelCapabilities {
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+									if len(add) == 0 && len(drop) == 0 {
 										return nil
 									}
-												Adopt CloudFormation to create ECS app from compose.yaml

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-21 11:38:52 +02:00
+									return &ecs.TaskDefinition_KernelCapabilities{
 										Add:  add,
 										Drop: drop,
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+									}
 								}
-												Adopt CloudFormation to create ECS app from compose.yaml

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-21 11:38:52 +02:00
+								func toHealthCheck(check *types.HealthCheckConfig) *ecs.TaskDefinition_HealthCheck {
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+									if check == nil {
 										return nil
 									}
-												Adopt CloudFormation to create ECS app from compose.yaml

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-21 11:38:52 +02:00
+									retries := 0
 									if check.Retries != nil {
 										retries = int(*check.Retries)
 									}
 									return &ecs.TaskDefinition_HealthCheck{
 										Command:     check.Test,
 										Interval:    durationToInt(check.Interval),
 										Retries:     retries,
 										StartPeriod: durationToInt(check.StartPeriod),
 										Timeout:     durationToInt(check.Timeout),
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+									}
 								}
-												Adopt CloudFormation to create ECS app from compose.yaml

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-21 11:38:52 +02:00
+								func durationToInt(interval *types.Duration) int {
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+									if interval == nil {
-												Adopt CloudFormation to create ECS app from compose.yaml

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-21 11:38:52 +02:00
+										return 0
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+									}
-												Adopt CloudFormation to create ECS app from compose.yaml

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-21 11:38:52 +02:00
+									v := int(time.Duration(*interval).Seconds())
 									return v
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+								}
-												Adopt CloudFormation to create ECS app from compose.yaml

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-21 11:38:52 +02:00
+								func toHostEntryPtr(hosts types.HostsList) []ecs.TaskDefinition_HostEntry {
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+									if hosts == nil || len(hosts) == 0 {
 										return nil
 									}
-												Adopt CloudFormation to create ECS app from compose.yaml

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-21 11:38:52 +02:00
+									e := []ecs.TaskDefinition_HostEntry{}
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+									for _, h := range hosts {
-												Adopt CloudFormation to create ECS app from compose.yaml

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-21 11:38:52 +02:00
+										parts := strings.SplitN(h, ":", 2) // FIXME this should be handled by compose-go
 										e = append(e, ecs.TaskDefinition_HostEntry{
 											Hostname:  parts[0],
 											IpAddress: parts[1],
-												Convert compose service into TaskDefinition

(code imported from prototype)

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-15 10:38:19 +02:00
+										})
 									}
 									return e
 								}
-												cleanup

Signed-off-by: aiordache <anca.iordache@docker.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-05-06 15:15:46 +02:00
+								func getRepoCredentials(service types.ServiceConfig) *ecs.TaskDefinition_RepositoryCredentials {
-												set secrets in cloudformation template

Signed-off-by: aiordache <anca.iordache@docker.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-30 17:31:25 +02:00
+									// extract registry and namespace string from image name
-												Use `Project` from compose-go

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-06-17 14:48:42 +02:00
+									for key, value := range service.Extensions {
-												Make ECS integration a compose-cli backend

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-08-17 17:48:52 +02:00
+										if key == ExtensionPullCredentials {
-												support deploy.replicas

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-05-28 11:09:36 +02:00
+											return &ecs.TaskDefinition_RepositoryCredentials{CredentialsParameter: value.(string)}
-												set secrets in cloudformation template

Signed-off-by: aiordache <anca.iordache@docker.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-30 17:31:25 +02:00
+										}
 									}
-												cleanup

Signed-off-by: aiordache <anca.iordache@docker.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-05-06 15:15:46 +02:00
+									return nil
-												set secrets in cloudformation template

Signed-off-by: aiordache <anca.iordache@docker.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

											
										
										
											2020-04-30 17:31:25 +02:00
+								}