feat: allow services to specify additional env vars (#2647)

* feat: allow services to specify additional env vars * commit from ci -- ran terraform-docs and pushed * for tasks too * commit from ci -- ran terraform-docs and pushed --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
chanzuckerberg · Oct 30, 2023 · 12fd0a1 · 12fd0a1
1 parent 6a63976
commit 12fd0a1
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 4 deletions.
diff --git a/terraform/modules/happy-stack-eks/README.md b/terraform/modules/happy-stack-eks/README.md
@@ -59,11 +59,11 @@
 | <a name="input_image_tags"></a> [image\_tags](#input\_image\_tags) | Override image tag for each docker image | `map(string)` | `{}` | no |
 | <a name="input_k8s_namespace"></a> [k8s\_namespace](#input\_k8s\_namespace) | K8S namespace for this stack | `string` | n/a | yes |
 | <a name="input_routing_method"></a> [routing\_method](#input\_routing\_method) | Traffic routing method for this stack. Valid options are 'DOMAIN', when every service gets a unique domain name, or a 'CONTEXT' when all services share the same domain name, and routing is done by request path. | `string` | `"DOMAIN"` | no |
-| <a name="input_services"></a> [services](#input\_services) | The services you want to deploy as part of this stack. | <pre>map(object({<br>    name : string,<br>    service_type : optional(string, "INTERNAL"),<br>    allow_mesh_services : optional(list(object({<br>      service : optional(string, null),<br>      stack : optional(string, null),<br>      service_account_name : optional(string, null)<br>    })), null),<br>    ingress_security_groups : optional(list(string), []), // Only used for VPC service_type<br>    alb : optional(object({<br>      name : string,<br>      listener_port : number,<br>    }), null), // Only used for TARGET_GROUP_ONLY<br>    desired_count : optional(number, 2),<br>    max_count : optional(number, 2),<br>    max_unavailable_count : optional(string, "1"),<br>    scaling_cpu_threshold_percentage : optional(number, 80),<br>    port : optional(number, 80),<br>    scheme : optional(string, "HTTP"),<br>    cmd : optional(list(string), []),<br>    args : optional(list(string), []),<br>    image_pull_policy : optional(string, "IfNotPresent"), // Supported values: IfNotPresent, Always, Never<br>    tag_mutability : optional(bool, true),<br>    scan_on_push : optional(bool, false),<br>    service_port : optional(number, null),<br>    service_scheme : optional(string, "HTTP"),<br>    memory : optional(string, "100Mi"),<br>    memory_requests : optional(string, "100Mi"),<br>    cpu : optional(string, "100m"),<br>    cpu_requests : optional(string, "100m"),<br>    gpu : optional(number, null), // Whole number of GPUs to request, 0 will schedule all available GPUs. Requires GPU-enabled nodes in the cluster, `k8s-device-plugin` installed, platform_architecture = "amd64", and additional_node_selectors = { "nvidia.com/gpu.present" = "true" } present.<br>    health_check_path : optional(string, "/"),<br>    aws_iam : optional(object({<br>      policy_json : optional(string, ""),<br>      service_account_name : optional(string, null),<br>    }), {}),<br>    path : optional(string, "/*"),  // Only used for CONTEXT and TARGET_GROUP_ONLY routing<br>    priority : optional(number, 0), // Only used for CONTEXT and TARGET_GROUP_ONLY routing<br>    success_codes : optional(string, "200-499"),<br>    synthetics : optional(bool, false),<br>    initial_delay_seconds : optional(number, 30),<br>    alb_idle_timeout : optional(number, 60) // in seconds<br>    period_seconds : optional(number, 3),<br>    platform_architecture : optional(string, "amd64"),     // Supported values: amd64, arm64; GPU nodes are amd64 only.<br>    additional_node_selectors : optional(map(string), {}), // For GPU use: { "nvidia.com/gpu.present" = "true" }<br>    bypasses : optional(map(object({                       // Only used for INTERNAL service_type<br>      paths   = optional(set(string), [])<br>      methods = optional(set(string), [])<br>    })), {})<br>    sidecars : optional(map(object({<br>      image : string<br>      tag : string<br>      port : optional(number, 80),<br>      scheme : optional(string, "HTTP"),<br>      memory : optional(string, "100Mi")<br>      cpu : optional(string, "100m")<br>      image_pull_policy : optional(string, "IfNotPresent") // Supported values: IfNotPresent, Always, Never<br>      health_check_path : optional(string, "/")<br>      initial_delay_seconds : optional(number, 30),<br>      period_seconds : optional(number, 3),<br>    })), {})<br>  }))</pre> | n/a | yes |
+| <a name="input_services"></a> [services](#input\_services) | The services you want to deploy as part of this stack. | <pre>map(object({<br>    name : string,<br>    service_type : optional(string, "INTERNAL"),<br>    allow_mesh_services : optional(list(object({<br>      service : optional(string, null),<br>      stack : optional(string, null),<br>      service_account_name : optional(string, null)<br>    })), null),<br>    ingress_security_groups : optional(list(string), []), // Only used for VPC service_type<br>    alb : optional(object({<br>      name : string,<br>      listener_port : number,<br>    }), null), // Only used for TARGET_GROUP_ONLY<br>    desired_count : optional(number, 2),<br>    max_count : optional(number, 2),<br>    max_unavailable_count : optional(string, "1"),<br>    scaling_cpu_threshold_percentage : optional(number, 80),<br>    port : optional(number, 80),<br>    scheme : optional(string, "HTTP"),<br>    cmd : optional(list(string), []),<br>    args : optional(list(string), []),<br>    image_pull_policy : optional(string, "IfNotPresent"), // Supported values: IfNotPresent, Always, Never<br>    tag_mutability : optional(bool, true),<br>    scan_on_push : optional(bool, false),<br>    service_port : optional(number, null),<br>    service_scheme : optional(string, "HTTP"),<br>    memory : optional(string, "100Mi"),<br>    memory_requests : optional(string, "100Mi"),<br>    cpu : optional(string, "100m"),<br>    cpu_requests : optional(string, "100m"),<br>    gpu : optional(number, null), // Whole number of GPUs to request, 0 will schedule all available GPUs. Requires GPU-enabled nodes in the cluster, `k8s-device-plugin` installed, platform_architecture = "amd64", and additional_node_selectors = { "nvidia.com/gpu.present" = "true" } present.<br>    health_check_path : optional(string, "/"),<br>    aws_iam : optional(object({<br>      policy_json : optional(string, ""),<br>      service_account_name : optional(string, null),<br>    }), {}),<br>    path : optional(string, "/*"),  // Only used for CONTEXT and TARGET_GROUP_ONLY routing<br>    priority : optional(number, 0), // Only used for CONTEXT and TARGET_GROUP_ONLY routing<br>    success_codes : optional(string, "200-499"),<br>    synthetics : optional(bool, false),<br>    initial_delay_seconds : optional(number, 30),<br>    alb_idle_timeout : optional(number, 60) // in seconds<br>    period_seconds : optional(number, 3),<br>    platform_architecture : optional(string, "amd64"),     // Supported values: amd64, arm64; GPU nodes are amd64 only.<br>    additional_node_selectors : optional(map(string), {}), // For GPU use: { "nvidia.com/gpu.present" = "true" }<br>    bypasses : optional(map(object({                       // Only used for INTERNAL service_type<br>      paths   = optional(set(string), [])<br>      methods = optional(set(string), [])<br>    })), {})<br>    sidecars : optional(map(object({<br>      image : string<br>      tag : string<br>      port : optional(number, 80),<br>      scheme : optional(string, "HTTP"),<br>      memory : optional(string, "100Mi")<br>      cpu : optional(string, "100m")<br>      image_pull_policy : optional(string, "IfNotPresent") // Supported values: IfNotPresent, Always, Never<br>      health_check_path : optional(string, "/")<br>      initial_delay_seconds : optional(number, 30),<br>      period_seconds : optional(number, 3),<br>    })), {})<br>    additional_env_vars : optional(map(string), {}),<br>  }))</pre> | n/a | yes |
 | <a name="input_skip_config_injection"></a> [skip\_config\_injection](#input\_skip\_config\_injection) | Skip injecting app configs into the services / tasks | `bool` | `false` | no |
 | <a name="input_stack_name"></a> [stack\_name](#input\_stack\_name) | Happy Path stack name | `string` | n/a | yes |
 | <a name="input_stack_prefix"></a> [stack\_prefix](#input\_stack\_prefix) | Do bucket storage paths and db schemas need to be prefixed with the stack name? (Usually '/{stack\_name}' for dev stacks, and '' for staging/prod stacks) | `string` | `""` | no |
-| <a name="input_tasks"></a> [tasks](#input\_tasks) | The deletion/migration tasks you want to run when a stack comes up and down. | <pre>map(object({<br>    image : string,<br>    memory : optional(string, "10Mi"),<br>    cpu : optional(string, "10m"),<br>    cmd : optional(list(string), []),<br>    args : optional(list(string), []),<br>    platform_architecture : optional(string, "amd64"), // Supported values: amd64, arm64<br>    is_cron_job : optional(bool, false),<br>    aws_iam : optional(object({<br>      policy_json : optional(string, ""),<br>      service_account_name : optional(string, null),<br>    }), {}),<br>    cron_schedule : optional(string, "0 0 1 1 *"),<br>  }))</pre> | `{}` | no |
+| <a name="input_tasks"></a> [tasks](#input\_tasks) | The deletion/migration tasks you want to run when a stack comes up and down. | <pre>map(object({<br>    image : string,<br>    memory : optional(string, "10Mi"),<br>    cpu : optional(string, "10m"),<br>    cmd : optional(list(string), []),<br>    args : optional(list(string), []),<br>    platform_architecture : optional(string, "amd64"), // Supported values: amd64, arm64<br>    is_cron_job : optional(bool, false),<br>    aws_iam : optional(object({<br>      policy_json : optional(string, ""),<br>      service_account_name : optional(string, null),<br>    }), {}),<br>    cron_schedule : optional(string, "0 0 1 1 *"),<br>    additional_env_vars : optional(map(string), {}),<br>  }))</pre> | `{}` | no |
 
 ## Outputs
 

diff --git a/terraform/modules/happy-stack-eks/main.tf b/terraform/modules/happy-stack-eks/main.tf
@@ -212,7 +212,7 @@ module "services" {
     alb_idle_timeout    = each.value.alb_idle_timeout
   }
 
-  additional_env_vars                  = merge(local.db_env_vars, var.additional_env_vars, local.stack_configs)
+  additional_env_vars                  = merge(local.db_env_vars, var.additional_env_vars, local.stack_configs, each.value.additional_env_vars)
   additional_env_vars_from_config_maps = var.additional_env_vars_from_config_maps
   additional_env_vars_from_secrets     = var.additional_env_vars_from_secrets
   additional_volumes_from_secrets      = var.additional_volumes_from_secrets
@@ -243,7 +243,7 @@ module "tasks" {
   is_cron_job           = each.value.is_cron_job
   cron_schedule         = each.value.cron_schedule
 
-  additional_env_vars                  = merge(local.db_env_vars, var.additional_env_vars, local.stack_configs)
+  additional_env_vars                  = merge(local.db_env_vars, var.additional_env_vars, local.stack_configs, each.value.additional_env_vars)
   additional_env_vars_from_config_maps = var.additional_env_vars_from_config_maps
   additional_env_vars_from_secrets     = var.additional_env_vars_from_secrets
   additional_volumes_from_secrets      = var.additional_volumes_from_secrets

diff --git a/terraform/modules/happy-stack-eks/variables.tf b/terraform/modules/happy-stack-eks/variables.tf
@@ -104,6 +104,7 @@ variable "services" {
       initial_delay_seconds : optional(number, 30),
       period_seconds : optional(number, 3),
     })), {})
+    additional_env_vars : optional(map(string), {}),
   }))
   description = "The services you want to deploy as part of this stack."
 
@@ -188,6 +189,7 @@ variable "tasks" {
       service_account_name : optional(string, null),
     }), {}),
     cron_schedule : optional(string, "0 0 1 1 *"),
+    additional_env_vars : optional(map(string), {}),
   }))
   description = "The deletion/migration tasks you want to run when a stack comes up and down."
   default     = {}