diff --git a/providers/aws/fargate/container.go b/providers/aws/fargate/container.go index 5722c5a90..b475a7142 100644 --- a/providers/aws/fargate/container.go +++ b/providers/aws/fargate/container.go @@ -1,6 +1,7 @@ package fargate import ( + "fmt" "time" "github.com/aws/aws-sdk-go/aws" @@ -18,6 +19,11 @@ const ( containerStatusRunning = "RUNNING" containerStatusStopped = "STOPPED" + // Container log configuration options. + containerLogOptionRegion = "awslogs-region" + containerLogOptionGroup = "awslogs-group" + containerLogOptionStreamPrefix = "awslogs-stream-prefix" + // Default container resource limits. containerDefaultCPULimit = VCPU / 4 containerDefaultMemoryLimit = 512 * MiB @@ -65,6 +71,21 @@ func newContainerFromDefinition(def *ecs.ContainerDefinition, startTime *time.Ti return &cntr, nil } +// ConfigureLogs configures container logs to be sent to the given CloudWatch log group. +func (cntr *container) configureLogs(region string, logGroupName string, streamPrefix string) { + streamPrefix = fmt.Sprintf("%s_%s", streamPrefix, *cntr.definition.Name) + + // Fargate requires awslogs log driver. + cntr.definition.LogConfiguration = &ecs.LogConfiguration{ + LogDriver: aws.String(ecs.LogDriverAwslogs), + Options: map[string]*string{ + containerLogOptionRegion: aws.String(region), + containerLogOptionGroup: aws.String(logGroupName), + containerLogOptionStreamPrefix: aws.String(streamPrefix), + }, + } +} + // GetStatus returns the status of a container running in Fargate. func (cntr *container) getStatus(runtimeState *ecs.Container) corev1.ContainerStatus { var reason string diff --git a/providers/aws/fargate/pod.go b/providers/aws/fargate/pod.go index ece3fb894..273087bb6 100644 --- a/providers/aws/fargate/pod.go +++ b/providers/aws/fargate/pod.go @@ -80,10 +80,6 @@ func NewPod(cluster *Cluster, pod *corev1.Pod) (*Pod, error) { ContainerDefinitions: []*ecs.ContainerDefinition{}, } - if cluster.executionRoleArn != "" { - taskDef.ExecutionRoleArn = aws.String(cluster.executionRoleArn) - } - // For each container in the pod... for _, containerSpec := range pod.Spec.Containers { // Create a container definition. @@ -92,16 +88,9 @@ func NewPod(cluster *Cluster, pod *corev1.Pod) (*Pod, error) { return nil, err } + // Configure container logs to be sent to CloudWatch Logs if enabled. if cluster.cloudWatchLogGroupName != "" { - // Configure container logs to be sent to the configured Cloudwatch Logs Log Group. - cntr.definition.LogConfiguration = &ecs.LogConfiguration{ - LogDriver: aws.String(ecs.LogDriverAwslogs), - Options: map[string]*string{ - "awslogs-group": aws.String(cluster.cloudWatchLogGroupName), - "awslogs-region": aws.String(cluster.region), - "awslogs-stream-prefix": aws.String(fmt.Sprintf("%s_%s", tag, containerSpec.Name)), - }, - } + cntr.configureLogs(cluster.region, cluster.cloudWatchLogGroupName, tag) } // Add the container's resource requirements to its pod's total resource requirements. @@ -124,9 +113,15 @@ func NewPod(cluster *Cluster, pod *corev1.Pod) (*Pod, error) { taskDef.Cpu = aws.String(strconv.Itoa(int(fgPod.taskCPU))) taskDef.Memory = aws.String(strconv.Itoa(int(fgPod.taskMemory))) + // Set a custom task execution IAM role if configured. + if cluster.executionRoleArn != "" { + taskDef.ExecutionRoleArn = aws.String(cluster.executionRoleArn) + } + + // Set a custom task IAM role if configured. if val, ok := pod.Annotations[taskRoleAnnotation]; ok { taskDef.TaskRoleArn = aws.String(val) - fgPod.taskRoleArn = *taskDef.TaskRoleArn + fgPod.taskRoleArn = val } // Register the task definition with Fargate.