refactor(terraform): Allow management plane and portal ECS Task defin…

…itions to use custom logging (#95) Signed-off-by: Matt Holmes <[email protected]>
dwp · Dec 6, 2022 · 0b843ae · 0b843ae
1 parent dbeb38e
commit 0b843ae
Show file tree

Hide file tree

Showing 10 changed files with 30 additions and 31 deletions.
diff --git a/examples/hybrid_ecs/main.tf b/examples/hybrid_ecs/main.tf
@@ -231,8 +231,6 @@ module "create_kong_cp" {
 
   cluster_server_name = aws_lb.external.dns_name
 
-  custom_nginx_conf = var.custom_nginx_conf
-
   rules_with_source_cidr_blocks = var.rules_with_source_cidr_blocks
 
   postgres_config = {
@@ -302,8 +300,6 @@ module "create_kong_portal" {
 
   cluster_server_name = aws_lb.external.dns_name
 
-  custom_nginx_conf = var.custom_nginx_conf
-
   rules_with_source_cidr_blocks = var.rules_with_source_cidr_blocks
 
   postgres_config = {
@@ -365,7 +361,6 @@ module "create_kong_dp" {
   log_group         = aws_cloudwatch_log_group.kong_dp.name
   access_log_format = var.access_log_format
   error_log_format  = var.error_log_format
-  custom_nginx_conf = var.custom_nginx_conf
   kong_log_level    = "debug"
 
   entrypoint = "/gateway-entrypoint.sh"

diff --git a/examples/hybrid_ecs/variables.tf b/examples/hybrid_ecs/variables.tf
@@ -238,12 +238,6 @@ variable "error_log_format" {
   default     = "logs/error.log"
 }
 
-variable "custom_nginx_conf" {
-  description = "(Optional) Custom NGINX Config that is included in the main configuration through the variable KONG_NGINX_HTTP_INCLUDE"
-  type        = string
-  default     = "# No custom configuration required, can be ignored"
-}
-
 variable "image_url" {
   description = "URL Image"
   type        = string

diff --git a/main.tf b/main.tf
@@ -1,4 +1,5 @@
 locals {
+  nginx_default_custom_config_path = "${path.module}/templates/common/custom-nginx.conf"
   kong_ports = {
     control_plane = {
       "admin_api"  = 8444,
@@ -157,7 +158,7 @@ module "kong_ecs" {
 
   kong_plugins = var.kong_plugins
 
-  custom_nginx_conf = var.custom_nginx_conf
+  nginx_custom_config = file(coalesce(var.nginx_custom_config_path, local.nginx_default_custom_config_path))
 
   ssl_cert     = var.ssl_cert
   ssl_key      = var.ssl_key

diff --git a/modules/ecs/main.tf b/modules/ecs/main.tf
@@ -106,7 +106,7 @@ data "template_file" "kong_task_definition_cp" {
     kong_log_level              = var.kong_log_level
     kong_plugins                = join(",", concat(["bundled"], var.kong_plugins))
     entrypoint                  = var.entrypoint
-    custom_nginx_conf           = base64encode(var.custom_nginx_conf)
+    nginx_custom_config         = base64encode(var.nginx_custom_config)
   }
 }
 
@@ -142,7 +142,7 @@ data "template_file" "kong_task_definition_portal" {
     cluster_key              = var.cluster_key
     kong_log_level           = var.kong_log_level
     entrypoint               = var.entrypoint
-    custom_nginx_conf        = base64encode(var.custom_nginx_conf)
+    nginx_custom_config      = base64encode(var.nginx_custom_config)
   }
 }
 
@@ -174,7 +174,7 @@ data "template_file" "kong_task_definition_dp" {
     kong_log_level      = var.kong_log_level
     kong_plugins        = join(",", concat(["bundled"], var.kong_plugins))
     entrypoint          = var.entrypoint
-    custom_nginx_conf   = base64encode(var.custom_nginx_conf)
+    nginx_custom_config = base64encode(var.nginx_custom_config)
   }
 }
 data "aws_iam_policy_document" "ecs_assume_role_policy" {

diff --git a/modules/ecs/variables.tf b/modules/ecs/variables.tf
@@ -228,7 +228,7 @@ variable "max_capacity" {
   type        = number
 }
 
-variable "custom_nginx_conf" {
+variable "nginx_custom_config" {
   description = "Custom NGINX Config that is included in the main configuration through the variable KONG_NGINX_HTTP_INCLUDE"
   type        = string
 }

diff --git a/templates/common/custom-nginx.conf b/templates/common/custom-nginx.conf
@@ -0,0 +1 @@
+# Fill in custom nginx config here
diff --git a/templates/ecs/kong_control_plane.tpl b/templates/ecs/kong_control_plane.tpl
@@ -43,19 +43,19 @@
     },
     {
       "name": "KONG_ADMIN_ACCESS_LOG",
-      "value": "/dev/stdout"
+      "value": "${access_log_format}"
     },
     {
       "name": "KONG_ADMIN_ERROR_LOG",
-      "value": "/dev/stderr"
+      "value": "${error_log_format}"
     },
     {
       "name": "KONG_ADMIN_GUI_ACCESS_LOG",
-      "value": "/dev/stdout"
+      "value": "${access_log_format}"
     },
     {
       "name": "KONG_ADMIN_GUI_ERROR_LOG",
-      "value": "/dev/stderr"
+      "value": "${error_log_format}"
     },
     %{ if kong_cluster_mtls == "pki" }
     {
@@ -115,6 +115,10 @@
       "name": "KONG_STATUS_SSL_CERT_KEY",
       "value": "/usr/local/kong/kong_clustering/cluster.key"
     },
+    {
+      "name": "CUSTOM_NGINX_CONF",
+      "value": "${nginx_custom_config}"
+    },
     {
       "name": "KONG_PLUGINS",
       "value": "${kong_plugins}"

diff --git a/templates/ecs/kong_data_plane.tpl b/templates/ecs/kong_data_plane.tpl
@@ -75,7 +75,7 @@
     },
     {
       "name": "CUSTOM_NGINX_CONF",
-      "value": "${custom_nginx_conf}"
+      "value": "${nginx_custom_config}"
     },
     {
       "name": "KONG_ROLE",

diff --git a/templates/ecs/kong_portal.tpl b/templates/ecs/kong_portal.tpl
@@ -39,19 +39,19 @@
     },
     {
       "name": "KONG_PORTAL_API_ACCESS_LOG",
-      "value": "/dev/stdout"
+      "value": "${access_log_format}"
     },
     {
       "name": "KONG_PORTAL_API_ERROR_LOG",
-      "value": "/dev/stderr"
+      "value": "${error_log_format}"
     },
     {
       "name": "KONG_PORTAL_GUI_ACCESS_LOG",
-      "value": "/dev/stdout"
+      "value": "${access_log_format}"
     },
     {
       "name": "KONG_PORTAL_GUI_ERROR_LOG",
-      "value": "/dev/stderr"
+      "value": "${error_log_format}"
     },
     {
       "name": "KONG_PORTAL_GUI_PROTOCOL",
@@ -109,6 +109,10 @@
       "name": "KONG_STATUS_SSL_CERT_KEY",
       "value": "/usr/local/kong/kong_clustering/cluster.key"
     },
+    {
+      "name": "CUSTOM_NGINX_CONF",
+      "value": "${nginx_custom_config}"
+    },
     {
       "name": "KONG_DATABASE",
       "value": "postgres"

diff --git a/variables.tf b/variables.tf
@@ -685,6 +685,12 @@ variable "error_log_format" {
   default     = "logs/error.log"
 }
 
+variable "nginx_custom_config_path" {
+  description = "(Optional) Custom NGINX Config that is included in the main configuration through the variable KONG_NGINX_HTTP_INCLUDE"
+  type        = string
+  default     = null
+}
+
 variable "desired_count" {
   description = "(Optional) Desired Task count for the Gateway ECS Task Definition"
   type        = number
@@ -703,12 +709,6 @@ variable "max_capacity" {
   default     = 2
 }
 
-variable "custom_nginx_conf" {
-  description = "(Optional) Custom NGINX Config that is included in the main configuration through the variable KONG_NGINX_HTTP_INCLUDE"
-  type        = string
-  default     = "# No custom configuration required, can be ignored"
-}
-
 variable "image_url" {
   description = "(Optional) The URL where the Docker image resides"
   type        = string