feat: allow stacks to overwrite their image URI (#3690)

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
chanzuckerberg · Nov 25, 2024 · 6b46e99 · 6b46e99
1 parent 9fe9891
commit 6b46e99
Show file tree

Hide file tree

Showing 6 changed files with 16 additions and 1 deletion.
diff --git a/terraform/modules/happy-service-eks/README.md b/terraform/modules/happy-service-eks/README.md
@@ -73,6 +73,7 @@
 | <a name="input_health_check_path"></a> [health\_check\_path](#input\_health\_check\_path) | path to use for health checks | `string` | `"/"` | no |
 | <a name="input_image_pull_policy"></a> [image\_pull\_policy](#input\_image\_pull\_policy) | The image pull policy to use | `string` | `"IfNotPresent"` | no |
 | <a name="input_image_tag"></a> [image\_tag](#input\_image\_tag) | The image tag to deploy | `string` | n/a | yes |
+| <a name="input_image_uri"></a> [image\_uri](#input\_image\_uri) | The image URI to deploy | `string` | `""` | no |
 | <a name="input_ingress_security_groups"></a> [ingress\_security\_groups](#input\_ingress\_security\_groups) | A list of security groups that should be allowed to communicate with the ALB ingress. Currently only used when the service\_type is VPC. | `list(string)` | `[]` | no |
 | <a name="input_init_containers"></a> [init\_containers](#input\_init\_containers) | Map of init containers to bootstrap the service | <pre>map(object({<br>    image : string<br>    tag : string<br>    cmd : optional(list(string), [])<br>  }))</pre> | `{}` | no |
 | <a name="input_initial_delay_seconds"></a> [initial\_delay\_seconds](#input\_initial\_delay\_seconds) | The initial delay in seconds for the liveness and readiness probes. | `number` | `30` | no |

diff --git a/terraform/modules/happy-service-eks/main.tf b/terraform/modules/happy-service-eks/main.tf
@@ -176,7 +176,7 @@ resource "kubernetes_deployment_v1" "deployment" {
 
         container {
           name              = var.container_name
-          image             = "${module.ecr.repository_url}:${var.image_tag}"
+          image             = "${length(var.image_uri) == 0 ? module.ecr.repository_url : var.image_uri}:${var.image_tag}"
           command           = var.cmd
           args              = var.args
           image_pull_policy = var.image_pull_policy

diff --git a/terraform/modules/happy-service-eks/variables.tf b/terraform/modules/happy-service-eks/variables.tf
@@ -51,6 +51,12 @@ variable "args" {
   default     = []
 }
 
+variable "image_uri" {
+  type        = string
+  description = "The image URI to deploy"
+  default     = ""
+}
+
 variable "image_tag" {
   type        = string
   description = "The image tag to deploy"

diff --git a/terraform/modules/happy-stack-eks/README.md b/terraform/modules/happy-stack-eks/README.md
@@ -58,6 +58,7 @@
 | <a name="input_enable_service_mesh"></a> [enable\_service\_mesh](#input\_enable\_service\_mesh) | Enable service mesh for this stack | `bool` | `false` | no |
 | <a name="input_image_tag"></a> [image\_tag](#input\_image\_tag) | Please provide a default image tag | `string` | n/a | yes |
 | <a name="input_image_tags"></a> [image\_tags](#input\_image\_tags) | Override image tag for each docker image | `map(string)` | `{}` | no |
+| <a name="input_image_uri"></a> [image\_uri](#input\_image\_uri) | The URI of the docker image to deploy, defaults to the image URI created by happy | `string` | `""` | no |
 | <a name="input_k8s_namespace"></a> [k8s\_namespace](#input\_k8s\_namespace) | K8S namespace for this stack | `string` | n/a | yes |
 | <a name="input_routing_method"></a> [routing\_method](#input\_routing\_method) | Traffic routing method for this stack. Valid options are 'DOMAIN', when every service gets a unique domain name, or a 'CONTEXT' when all services share the same domain name, and routing is done by request path. | `string` | `"DOMAIN"` | no |
 | <a name="input_services"></a> [services](#input\_services) | The services you want to deploy as part of this stack. | <pre>map(object({<br>    name         = string,<br>    service_type = optional(string, "INTERNAL"),<br>    allow_mesh_services = optional(list(object({<br>      service              = optional(string, null),<br>      stack                = optional(string, null),<br>      service_account_name = optional(string, null)<br>    })), null),<br>    ingress_security_groups = optional(list(string), []), // Only used for VPC service_type<br>    alb = optional(object({<br>      name          = string,<br>      listener_port = number,<br>    }), null), // Only used for TARGET_GROUP_ONLY<br>    desired_count                    = optional(number, 2),<br>    max_count                        = optional(number, 5),<br>    max_unavailable_count            = optional(string, "1"),<br>    scaling_cpu_threshold_percentage = optional(number, 80),<br>    port                             = optional(number, 80),<br>    scheme                           = optional(string, "HTTP"),<br>    cmd                              = optional(list(string), []),<br>    args                             = optional(list(string), []),<br>    image_pull_policy                = optional(string, "IfNotPresent"), // Supported values= IfNotPresent, Always, Never<br>    tag_mutability                   = optional(bool, true),<br>    scan_on_push                     = optional(bool, false),<br>    service_port                     = optional(number, null),<br>    service_scheme                   = optional(string, "HTTP"),<br>    linkerd_additional_skip_ports    = optional(set(number), []),<br>    memory                           = optional(string, "500Mi"),<br>    memory_requests                  = optional(string, "200Mi"),<br>    cpu                              = optional(string, "1"),<br>    cpu_requests                     = optional(string, "500m"),<br>    gpu                              = optional(number, null), // Whole number of GPUs to request, 0 will schedule all available GPUs. Requires GPU-enabled nodes in the cluster, `k8s-device-plugin` installed, platform_architecture = "amd64", and additional_node_selectors = { "nvidia.com/gpu.present" = "true" } present.<br>    health_check_path                = optional(string, "/"),<br>    health_check_command             = optional(list(string), [])<br>    aws_iam = optional(object({<br>      policy_json          = optional(string, ""),<br>      service_account_name = optional(string, null),<br>    }), {}),<br>    path                      = optional(string, "/*"), // Only used for CONTEXT and TARGET_GROUP_ONLY routing<br>    priority                  = optional(number, 0),    // Only used for CONTEXT and TARGET_GROUP_ONLY routing<br>    success_codes             = optional(string, "200-499"),<br>    synthetics                = optional(bool, false),<br>    initial_delay_seconds     = optional(number, 30),<br>    alb_idle_timeout          = optional(number, 60) // in seconds<br>    period_seconds            = optional(number, 3),<br>    liveness_timeout_seconds  = optional(number, 30),<br>    readiness_timeout_seconds = optional(number, 30),<br>    progress_deadline_seconds = optional(number, 600),<br>    platform_architecture     = optional(string, "amd64"), // Supported values= amd64, arm64; GPU nodes are amd64 only.<br>    additional_node_selectors = optional(map(string), {}), // For GPU use= { "nvidia.com/gpu.present" = "true" }<br>    bypasses = optional(map(object({                       // Only used for INTERNAL service_type<br>      paths   = optional(set(string), [])<br>      methods = optional(set(string), [])<br>      deny_action = optional(object({<br>        deny              = optional(bool, false)<br>        deny_status_code  = optional(string, "403")<br>        deny_message_body = optional(string, "Denied")<br>      }), {})<br>    })), {})<br>    sticky_sessions = optional(object({<br>      enabled          = optional(bool, false),<br>      duration_seconds = optional(number, 600),<br>      cookie_name      = optional(string, "happy_sticky_session"),<br>    }), {})<br>    sidecars = optional(map(object({<br>      image                     = string<br>      tag                       = string<br>      cmd                       = optional(list(string), [])<br>      args                      = optional(list(string), [])<br>      port                      = optional(number, 80)<br>      scheme                    = optional(string, "HTTP")<br>      memory                    = optional(string, "200Mi")<br>      cpu                       = optional(string, "500m")<br>      image_pull_policy         = optional(string, "IfNotPresent") // Supported values= IfNotPresent, Always, Never<br>      health_check_path         = optional(string, "/")<br>      initial_delay_seconds     = optional(number, 30)<br>      period_seconds            = optional(number, 3)<br>      liveness_timeout_seconds  = optional(number, 30)<br>      readiness_timeout_seconds = optional(number, 30)<br>    })), {})<br>    init_containers = optional(map(object({<br>      image = string<br>      tag   = string<br>      cmd   = optional(list(string), []),<br>    })), {}),<br>    additional_env_vars    = optional(map(string), {}),<br>    cache_volume_mount_dir = optional(string, "/var/shared/cache"),<br>    oidc_config = optional(object({<br>      issuer                = string<br>      authorizationEndpoint = string<br>      tokenEndpoint         = string<br>      userInfoEndpoint      = string<br>      secretName            = string<br>    }), null)<br>  }))</pre> | n/a | yes |

diff --git a/terraform/modules/happy-stack-eks/main.tf b/terraform/modules/happy-stack-eks/main.tf
@@ -166,6 +166,7 @@ module "services" {
   source   = "../happy-service-eks"
 
   image_tag                        = lookup(var.image_tags, each.key, var.image_tag)
+  image_uri                        = var.image_uri
   tag_mutability                   = each.value.tag_mutability
   scan_on_push                     = each.value.scan_on_push
   container_name                   = each.value.name

diff --git a/terraform/modules/happy-stack-eks/variables.tf b/terraform/modules/happy-stack-eks/variables.tf
@@ -4,6 +4,12 @@ variable "app_name" {
   default     = ""
 }
 
+variable "image_uri" {
+  type        = string
+  description = "The URI of the docker image to deploy, defaults to the image URI created by happy"
+  default     = ""
+}
+
 variable "image_tags" {
   type        = map(string)
   description = "Override image tag for each docker image"