- Fixed removal of
ulimit
capability.
- Fixed
ulimit
capabilities definition.
- Added
app/
prefix to cpu and memory metrics so they are grouped on the dashboard. - Added support for
ulimit
on main container definition from capability modules.
- Fixed issue with
.terraform.lock.hcl
containingtlkamp/validation
.
- Upgraded Terraform providers.
- Removed extra
validation
stanza from.terraform.lock.hcl
that prevented plans from running.
- Upgrade terraform providers (aws ->
5.41.0
).
- Added permissions to list image tags in image repository.
- Added support for metrics for capabilities.
- Fixed mapping syntax.
- Added metrics configuration. (
metrics_provider
,metrics_reader
,metrics_mappings
)
- Added support for querying metric data from the log reader.
- Added support for "target-group" metric alarms.
- Added
execution_role_name
to injectedapp_metadata
in capabilities. - Increased default
var.health_check_grace_period
to30s
.
- Fixed
var.health_check_grace_period
to configure only when load balancers are attached.
- Added
var.health_check_grace_period
to delay enforcement of failed health checks.
- Added support for
secret()
ref.
- Updated
README.md
with application management info.
- Prevent collisions of fargate services when using shared infrastructure.
- Added optional
var.command
to override imageCMD
.
- Fixed "known after apply" for event capabilities.
- Added support for events.
- Changed
task_definition_arn
totask_definition_name
to avoid cyclical dependencies.
- Added
task_definition_name
andlaunch_type
toapp_metadata
for capabilities.
- Fixed duplicate port mappings when using sidecars.
- Added support for additional ports in load balancers.
- Changed service discovery to gracefully update a namespace changes using
create_before_destroy
.
- Changed
cluster
connection tocluster-namespace
connection. - Dropped
service_
prefix from variables.
- Fixed capability generation to emit variable that is set to a zero value, but not nil.
- Fixed
.terraform.lock.hcl
.
- Fixed "(known after apply)" issue with secret interpolation.
- Added variable
ephemeral_storage
to allow a user to expand the disk. - Added
.terraform.lock.hcl
to module.
- Added env var interpolation to all environment variables (including secrets) injected into the app.
- Fixed incorrect usage of
signum
in security group updates.
- Fix security groups from failing when network does not have private or public subnets.
- Fixed generation of newlines in capabilities template.
- Updated capabilities template to not generate a capability variable if the value is
null
.
- Added
NULLSTONE_STACK
,NULLSTONE_APP
,NULLSTONE_VERSION
,NULLSTONE_COMMIT_SHA
to app env vars.
- Add support for overriding the run command of a sidecar container.
- Fix reading of secrets keys.
- Fix "known after apply" error.
- Added support capability namespace.
- Added
service_secrets
variable to enable user-created secrets that are marked sensitive.
- Configured
aws_ecr_repository
withforce_delete
to fix destroy plans.
- Removed outputs:
service_image
,service_id
,task_family
. - Added outputs:
task_arn
. - Renamed output:
service_security_group_id
=>app_security_group_id
.
- Upgrade
ns_connection
to usecontract
instead oftype
.
- Fixed
random_string
to usenumeric
instead of deprecatednumber
. - Added description to
region
output.
- Created unique secret names that don't collide with deletes.
- Added
NULLSTONE_PUBLIC_HOSTS
andNULLSTONE_PRIVATE_HOSTS
to app env vars. - Added
public_hosts
andprivate_hosts
outputs. - Fixed ECR repository being replaced on every apply due to using KMS alias instead of KMS key.
- Fixed access to app secrets encryption key.
- Enabled in-transit encryption for EFS volumes.
- Using CMK (customer-managed key) when encrypting cloudwatch logs, secrets, and image repository.
- Enabled image scanning when an image is pushed to the image repository.
- Enabled tag immutability on the image repository. Can only push an image once.