Providers (Terraform)

Provider Docker

Le provider Docker (kreuzwerker/docker) permet de gérer des conteneurs, des images, des réseaux et des volumes Docker via Terraform. Utile pour le déploiement local, les environnements de développement, et les infrastructures mono-hôte sans Kubernetes.

Configuration

terraform {
  required_providers {
    docker = {
      source  = "kreuzwerker/docker"
      version = "~> 3.0"
    }
  }
}

provider "docker" {
  host = "unix:///var/run/docker.sock"

  # Docker distant via SSH
  # host = "ssh://user@docker-host.example.com"

  # Docker avec TLS
  # host     = "tcp://docker-host.example.com:2376"
  # cert_path = "/path/to/certs"
}

Images

# Puller une image depuis Docker Hub
resource "docker_image" "nginx" {
  name          = "nginx:1.25-alpine"
  keep_locally  = false   # supprimer l'image locale lors du destroy
}

# Depuis un registry privé
resource "docker_image" "myapp" {
  name = "registry.example.com/myapp:${var.app_version}"

  pull_triggers = [var.app_version]    # re-pull si la version change
}

Conteneurs

resource "docker_container" "nginx" {
  name  = "nginx-prod"
  image = docker_image.nginx.image_id

  ports {
    internal = 80
    external = 8080
  }

  ports {
    internal = 443
    external = 8443
  }

  volumes {
    container_path = "/etc/nginx/conf.d"
    host_path      = "/srv/nginx/conf.d"
    read_only      = true
  }

  volumes {
    container_path = "/var/log/nginx"
    volume_name    = docker_volume.nginx_logs.name
  }

  env = [
    "NGINX_HOST=${var.domain}",
    "NGINX_PORT=80",
  ]

  networks_advanced {
    name = docker_network.app_network.name
  }

  restart = "unless-stopped"

  healthcheck {
    test         = ["CMD", "curl", "-f", "http://localhost/health"]
    interval     = "30s"
    timeout      = "10s"
    retries      = 3
    start_period = "10s"
  }
}

Réseaux et volumes

resource "docker_network" "app_network" {
  name   = "app-net"
  driver = "bridge"

  ipam_config {
    subnet  = "172.20.0.0/16"
    gateway = "172.20.0.1"
  }
}

resource "docker_volume" "nginx_logs" {
  name   = "nginx-logs"
  driver = "local"
}

Stack complète nginx + app

resource "docker_container" "app" {
  name  = "myapp"
  image = docker_image.myapp.image_id

  networks_advanced {
    name = docker_network.app_network.name
  }

  env = [
    "DATABASE_URL=${var.db_url}",
    "REDIS_URL=redis://redis:6379",
  ]

  depends_on = [docker_container.redis]
}

resource "docker_container" "redis" {
  name  = "redis"
  image = "redis:7-alpine"

  networks_advanced {
    name = docker_network.app_network.name
    aliases = ["redis"]
  }
}

Introduction (Terraform)

Fondamentaux (Terraform)

Organisation (Terraform)

Production (Terraform)