add fargate ha consul cluster backed by efs

[fdr2]

Changes proposed in this PR:

• add an additional module implementing consul on ecs backed by efs storage
• add a load test for consul kv

How I've tested this PR:

After building consul with PR: 13782 to support ECS for Go Discover, create a variables file as described within the README.md to point your consul image variable at the image url for the image you have built (until consul is updated with the necessary go-discover version).

How I expect reviewers to test this PR:

Using the example ha-cluster-fargate, create ca and certs, deploy resources to AWS and load test.

Checklist:

• Tests added
• CHANGELOG entry added
• Tag @pglass for visibility

[pglass]

Hi @fdr2. I've (finally) taken an initial pass through this, but have not reviewed everything.

Thank you so much for doing this!

[pglass]

I'd prefer to add only one additional module at the top of the modules/ directory for deploying a consul server cluster.

I'd suggest the following:

• Move both ecs-service and efs-cluster modules to be submodules of the ha-cluster module
  • Move modules/ecs-service to modules/ha-cluster/ecs-service
  • Move modules/efs-cluster to modules/ha-cluster/efs-cluster
• Rename modules/ha-cluster to modules/dev-server-ha (or modules/dev-server-cluster) to better fit alongside the existing modules/dev-server module

[pglass]

Stated in another comment, but please rename this module to modules/dev-server-ha (or modules/dev-server-cluster or similar) to better fit alongside the existing modules/dev-server module, and indicate that the module is for dev/testing and not (yet) for production use.

[pglass]

I'd suggest removing these comments. Instead, we should update the README with any requirements for using this module.

[pglass]

Please move this lambda-k6 module out of the modules directory. I'd suggest either examples/lambda-k6 or test/performance/lambda-k6 for the new location.

[pglass]

Add type = string.

[pglass]

I notice you have ports.grpc_tls = 8503 above, so probably add 8503 to the list of container ports here for consistency. (Note that ports.grpc_tls is only supported in Consul 1.14+)

[pglass]

nit: Please remove the hostPort field from these port mappings. We only support the awsvpc network mode for our other modules, so we can assume the same here (for now). In awsvpc network mode, the host port cannot be different than the container port, so I'd prefer to leave the field out (similar to the dev-server module)

[pglass]

The sidecar_name variable appears to be unused? Can it be removed?

[pglass]

Please remove the datadog specific functionality.

Instead, we can support generic variables, like additional_container_definitions, additional_task_role_policies, etc, in order to inject an additional container into the task definition. That way we can support any kind of additional "sidecar" container.

[pglass]

minor / non-blocking: Validate the consul_count is odd and greater than 0. Something like the following:

Suggested change

	default = 3
	default = 3
	validation {
	error_message = "The consul_count must be odd and must be greater than 0."
	condition = var.consul_count % 2 == 1 && var.consul_count > 0
	}