» docker_container

Manages the lifecycle of a Docker container.

» Example Usage

# Start a container
resource "docker_container" "ubuntu" {
  name  = "foo"
  image = "${docker_image.ubuntu.latest}"
}

# Find the latest Ubuntu precise image.
resource "docker_image" "ubuntu" {
  name = "ubuntu:precise"
}

» Argument Reference

The following arguments are supported:

  • name - (Required, string) The name of the Docker container.
  • image - (Required, string) The ID of the image to back this container. The easiest way to get this value is to use the docker_image resource as is shown in the example above.

  • command - (Optional, list of strings) The command to use to start the container. For example, to run /usr/bin/myprogram -f baz.conf set the command to be ["/usr/bin/myprogram", "-f", "baz.conf"].

  • entrypoint - (Optional, list of strings) The command to use as the Entrypoint for the container. The Entrypoint allows you to configure a container to run as an executable. For example, to run /usr/bin/myprogram when starting a container, set the entrypoint to be ["/usr/bin/myprogram"].

  • user - (Optional, string) User used for run the first process. Format is user or user:group which user and group can be passed literraly or by name.

  • dns - (Optional, set of strings) Set of DNS servers.

  • dns_opts - (Optional, set of strings) Set of DNS options used by the DNS provider(s), see resolv.conf documentation for valid list of options.

  • dns_search - (Optional, set of strings) Set of DNS search domains that are used when bare unqualified hostnames are used inside of the container.

  • env - (Optional, set of strings) Environment variables to set.

  • labels - (Optional, map of strings) Key/value pairs to set as labels on the container.

  • links - (Optional, set of strings) Set of links for link based connectivity between containers that are running on the same host.

  • hostname - (Optional, string) Hostname of the container.
  • domainname - (Optional, string) Domain name of the container.
  • restart - (Optional, string) The restart policy for the container. Must be one of "no", "on-failure", "always", "unless-stopped".
  • max_retry_count - (Optional, int) The maximum amount of times to an attempt a restart when restart is set to "on-failure"
  • rm - (Optional, bool) If true, then the container will be automatically removed after his execution. Terraform won't check this container after creation.
  • start - (Optional, bool) If true, then the Docker container will be started after creation. If false, then the container is only created.
  • attach - (Optional, bool) If true attach to the container after its creation and waits the end of his execution.
  • logs - (Optional, bool) Save the container logs (attach must be enabled).
  • must_run - (Optional, bool) If true, then the Docker container will be kept running. If false, then as long as the container exists, Terraform assumes it is successful.
  • capabilities - (Optional, block) See Capabilities below for details.
  • mounts - (Optional, set of blocks) See Mounts below for details.
  • tmpfs - (Optional, map) A map of container directories which should be replaced by tmpfs mounts, and their corresponding mount options.
  • ports - (Optional, block) See Ports below for details.
  • host - (Optional, block) See Extra Hosts below for details.
  • privileged - (Optional, bool) Run container in privileged mode.
  • devices - (Optional, bool) See Devices below for details.
  • publish_all_ports - (Optional, bool) Publish all ports of the container.
  • volumes - (Optional, block) See Volumes below for details.
  • memory - (Optional, int) The memory limit for the container in MBs.
  • memory_swap - (Optional, int) The total memory limit (memory + swap) for the container in MBs. This setting may compute to -1 after terraform apply if the target host doesn't support memory swap, when that is the case docker will use a soft limitation.
  • cpu_shares - (Optional, int) CPU shares (relative weight) for the container.
  • cpu_set - (Optional, string) A comma-separated list or hyphen-separated range of CPUs a container can use, e.g. 0-1.
  • log_driver - (Optional, string) The logging driver to use for the container. Defaults to "json-file".
  • log_opts - (Optional, map of strings) Key/value pairs to use as options for the logging driver.
  • network_alias - (Optional, set of strings) Network aliases of the container for user-defined networks only. Deprecated: use networks_advanced instead.
  • network_mode - (Optional, string) Network mode of the container.
  • networks - (Optional, set of strings) Id of the networks in which the container is. Deprecated: use networks_advanced instead.
  • networks_advanced - (Optional, block) See Networks Advanced below for details. If this block has priority to the deprecated network_alias and network properties.
  • destroy_grace_seconds - (Optional, int) If defined will attempt to stop the container before destroying. Container will be destroyed after n seconds or on successful stop.
  • upload - (Optional, block) See File Upload below for details.
  • ulimit - (Optional, block) See Ulimits below for details.
  • pid_mode - (Optional, string) The PID (Process) Namespace mode for the container. Either container:<name|id> or host.
  • userns_mode - (Optional, string) Sets the usernamespace mode for the container when usernamespace remapping option is enabled.
  • healthcheck - (Optional, block) See Healthcheck below for details.

» Capabilities

capabilities is a block within the configuration that allows you to add or drop linux capabilities. For more information about what capabilities you can add and drop please visit the docker run documentation.

  • add - (Optional, set of strings) list of linux capabilities to add.
  • drop - (Optional, set of strings) list of linux capabilities to drop.

Example:

resource "docker_container" "ubuntu" {
  name  = "foo"
  image = "${docker_image.ubuntu.latest}"

  capabilities {
    add  = ["ALL"]
    drop = ["SYS_ADMIN"]
  }
}

» Mounts

mounts is a block within the configuration that can be repeated to specify the extra mount mappings for the container. Each mounts block is the Specification for mounts to be added to container and supports the following:

  • target - (Required, string) The container path.
  • source - (Optional, string) The mount source (e.g., a volume name, a host path)
  • type - (Required, string) The mount type: valid values are bind|volume|tmpfs.
  • read_only - (Optional, string) Whether the mount should be read-only
  • bind_options - (Optional, map) Optional configuration for the bind type.
    • propagation - (Optional, string) A propagation mode with the value.
  • volume_options - (Optional, map) Optional configuration for the volume type.
    • no_copy - (Optional, string) Whether to populate volume with data from the target.
    • labels - (Optional, map of key/value pairs) Adding labels.
    • driver_options - (Optional, map of key/value pairs) Options for the driver.
  • tmpfs_options - (Optional, map) Optional configuration for the tmpf type.
    • size_bytes - (Optional, int) The size for the tmpfs mount in bytes.
    • mode - (Optional, int) The permission mode for the tmpfs mount in an integer.

» Ports

ports is a block within the configuration that can be repeated to specify the port mappings of the container. Each ports block supports the following:

  • internal - (Required, int) Port within the container.
  • external - (Optional, int) Port exposed out of the container. If not given a free random port >= 32768 will be used.
  • ip - (Optional, string) IP address/mask that can access this port, default to 0.0.0.0
  • protocol - (Optional, string) Protocol that can be used over this port, defaults to tcp.

» Extra Hosts

host is a block within the configuration that can be repeated to specify the extra host mappings for the container. Each host block supports the following:

  • host - (Required, string) Hostname to add.
  • ip - (Required, string) IP address this hostname should resolve to.

This is equivalent to using the --add-host option when using the run command of the Docker CLI.

» Volumes

volumes is a block within the configuration that can be repeated to specify the volumes attached to a container. Each volumes block supports the following:

  • from_container - (Optional, string) The container where the volume is coming from.
  • host_path - (Optional, string) The path on the host where the volume is coming from.
  • volume_name - (Optional, string) The name of the docker volume which should be mounted.
  • container_path - (Optional, string) The path in the container where the volume will be mounted.
  • read_only - (Optional, bool) If true, this volume will be readonly. Defaults to false.

One of from_container, host_path or volume_name must be set.

» File Upload

upload is a block within the configuration that can be repeated to specify files to upload to the container before starting it. Each upload supports the following

  • content - (Required, string) A content of a file to upload.
  • file - (Required, string) path to a file in the container.
  • executable - (Optional, bool) If true, the file will be uploaded with user executable permission. Defaults to false.

» Network advanced

networks_advanced is a block within the configuration that can be repeated to specify advanced options for the container in a specific network. Each networks_advanced supports the following:

  • name - (Required, string) The name of the network.
  • aliases - (Optional, set of strings) The network aliases of the container in the specific network.
  • ipv4_address - (Optional, string) The IPV4 address of the container in the specific network.
  • ipv6_address - (Optional, string) The IPV6 address of the container in the specific network.

» Devices

devices is a block within the configuration that can be repeated to specify the devices exposed to a container. Each devices block supports the following:

  • host_path - (Required, string) The path on the host where the device is located.
  • container_path - (Optional, string) The path in the container where the device will be binded.
  • permissions - (Optional, string) The cgroup permissions given to the container to access the device. Defaults to rwm.

» Ulimits

ulimit is a block within the configuration that can be repeated to specify the extra ulimits for the container. Each ulimit block supports the following:

  • name - (Required, string)
  • soft - (Required, int)
  • hard - (Required, int)

» Healthcheck

healthcheck is a block within the configuration that can be repeated only once to specify the extra healthcheck configuration for the container. The healthcheck block is a test to perform to check that the container is healthy and supports the following:

  • test - (Required, list of strings) Command to run to check health. For example, to run curl -f http://localhost/health set the command to be ["CMD", "curl", "-f", "http://localhost/health"].
  • interval - (Optional, string) Time between running the check (ms|s|m|h). Default: 0s.
  • timeout - (Optional, string) Maximum time to allow one check to run (ms|s|m|h). Default: 0s.
  • start_period - (Optional, string) Start period for the container to initialize before counting retries towards unstable (ms|s|m|h). Default: 0s.
  • retries - (Optional, int) Consecutive failures needed to report unhealthy. Default: 0.

» Attributes Reference

The following attributes are exported:

  • exit_code - The exit code of the container if its execution is done (must_run must be disabled).
  • container_logs - The logs of the container if its execution is done (attach must be disabled).
  • network_data - (Map of a block) The IP addresses of the container on each network. Key are the network names, values are the IP addresses.
  • bridge - The network bridge of the container as read from its NetworkSettings.
  • ip_address - Deprecated: Use network_data instead. The IP address of the container's first network it.
  • ip_prefix_length - Deprecated: Use network_data instead. The IP prefix length of the container as read from its NetworkSettings.
  • gateway - Deprecated: Use network_data instead. The network gateway of the container as read from its NetworkSettings.

[linkdoc] https://docs.docker.com/network/links/