fix: datadog 에이전트를 사이드카로 수정

lvalentine6 · lvalentine6 · commit d0199f1e003a · 2025-08-07T08:15:39.000+09:00
diff --git a/terraform/dev/locals.tf b/terraform/dev/locals.tf
@@ -63,57 +63,71 @@ locals {
   }
 
   container_definitions_map = {
-    for svc, def in local.task_definitions_with_roles : svc => [
-      {
-        name      = svc
-        image     = svc == "api-dev" ? "${local.ecr_repo_urls["dev"]}:placeholder" : def.container_image
-        cpu       = def.cpu
-        memory    = def.memory
-        essential = true
-        stopTimeout = lookup(def, "stop_timeout", 30)
-        command   = svc == "api-dev" ? [
-          "java",
-          "-javaagent:/dd-java-agent.jar",
-          "-Ddd.logs.injection=true",
-          "-Ddd.runtime-metrics.enabled=true",
-          "-Ddd.service=eatda-api",
-          "-Ddd.env=dev",
-          "-Ddd.version=v1",
-          "-Ddd.agent.host=10.0.7.245",
-          "-Dspring.profiles.active=dev",
-          "-jar",
-          "/api.jar"
-        ] : null
-        portMappings = [
-          for m in lookup(def, "port_mappings", []) : {
-            name          = "${svc}-${m.container_port}-${m.protocol}"
-            containerPort = m.container_port
-            hostPort      = m.host_port
-            protocol      = m.protocol
-          }
-        ]
-        environment = [for k, v in lookup(def, "environment", {}) : { name = k, value = v }]
-        secrets     = svc == "datadog-agent-task" ? [
-          { name = "DD_API_KEY", valueFrom = "/dev/DD_API_KEY" }
-        ] : (svc == "mysql-dev" ? [
-          { name = "MYSQL_USER", valueFrom = "/dev/MYSQL_USER_NAME" },
-          { name = "MYSQL_ROOT_PASSWORD", valueFrom = "/dev/MYSQL_ROOT_PASSWORD" },
-          { name = "MYSQL_PASSWORD", valueFrom = "/dev/MYSQL_PASSWORD" }
-        ] : [
-          for s in lookup(def, "secrets", []) : {
-            name      = s.name
-            valueFrom = s.valueFrom
-          }
-        ])
-        mountPoints = [
-          for vol in lookup(def, "volumes", []) : {
-            sourceVolume  = vol.name
-            containerPath = vol.containerPath
-            readOnly      = vol.readOnly
-          }
-        ]
-      }
-    ]
+    for svc, task_def in local.task_definitions_with_roles : svc =>
+    (svc == "api-dev" ?
+      [
+        {
+          name      = "api-dev"
+          image     = "${local.ecr_repo_urls["dev"]}:placeholder"
+          cpu       = task_def.cpu
+          memory    = contains(keys(task_def), "memory") ? task_def.memory : null
+          essential = true
+          command = [
+            "java", "-javaagent:/dd-java-agent.jar",
+            "-Ddd.logs.injection=true", "-Ddd.runtime-metrics.enabled=true",
+            "-Ddd.service=eatda-api", "-Ddd.env=dev", "-Ddd.version=v1",
+            "-Ddd.agent.host=127.0.0.1",
+            "-Dspring.profiles.active=dev", "-jar", "/api.jar"
+          ]
+          portMappings = [{ containerPort = 8080, hostPort = 0, protocol = "tcp" }]
+          mountPoints = [{ sourceVolume = "dev-api-volume", containerPath = "/logs", readOnly = false }]
+        },
+        {
+          name      = "datadog-agent"
+          image     = "public.ecr.aws/datadog/agent:latest"
+          cpu       = 256
+          memory    = 128
+          essential = true
+          environment = [
+            { name = "DD_SITE", value = "us5.datadoghq.com" },
+            { name = "DD_PROCESS_AGENT_ENABLED", value = "true" },
+            { name = "DD_APM_ENABLED", value = "true" },
+            { name = "DD_LOGS_ENABLED", value = "true" },
+            { name = "DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL", value = "true" },
+            { name = "DD_DOGSTATSD_NON_LOCAL_TRAFFIC", value = "false" },
+          ]
+          secrets = [{ name = "DD_API_KEY", valueFrom = "/dev/DD_API_KEY" }]
+          mountPoints = [
+            { sourceVolume = "docker_sock", containerPath = "/var/run/docker.sock", readOnly = true },
+            { sourceVolume = "proc", containerPath = "/host/proc", readOnly = true },
+            { sourceVolume = "cgroup", containerPath = "/host/sys/fs/cgroup", readOnly = true }
+          ]
+        }
+      ]
+      :
+      [
+        {
+          name         = svc
+          image        = task_def.container_image
+          cpu          = task_def.cpu
+          memory       = task_def.memory
+          essential    = true
+          portMappings = [
+            for m in lookup(task_def, "port_mappings", []) :
+            { containerPort = m.container_port, hostPort = m.host_port, protocol = m.protocol }
+          ]
+          environment = [for k, v in lookup(task_def, "environment", {}) : { name = k, value = v }]
+          secrets     = [for s in lookup(task_def, "secrets", []) : { name = s.name, valueFrom = s.valueFrom }]
+          mountPoints = [
+            for vol in lookup(task_def, "volumes", []) : {
+              sourceVolume  = vol.name
+              containerPath = (svc == "mysql-dev" && vol.name == "dev-mysql-volume") ? "/var/lib/mysql" :
+                vol.containerPath
+              readOnly = false
+            }
+          ]
+        }
+      ])
   }
 
   final_ecs_definitions_for_module = {
diff --git a/terraform/dev/terraform.tfvars b/terraform/dev/terraform.tfvars
@@ -11,18 +11,13 @@ ecs_services = {
   mysql-dev = {
     task_definition = "mysql"
   }
-
-  datadog-agent-task = {
-    task_definition     = "datadog-agent-task"
-    scheduling_strategy = "DAEMON"
-  }
 }
 
 ecs_task_definitions_base = {
   api-dev = {
-    cpu          = 256
-    memory       = 256
-    network_mode = "bridge"
+    cpu               = 512
+    memoryReservation = 384
+    network_mode      = "bridge"
     requires_compatibilities = ["EC2"]
 
     port_mappings = [
@@ -36,10 +31,24 @@ ecs_task_definitions_base = {
     environment = {}
     volumes = [
       {
-        name          = "dev-api-volume"
-        host_path     = "/home/ec2-user/logs/"
-        containerPath = "/logs"
-        readOnly      = false
+        name      = "dev-api-volume"
+        host_path = "/home/ec2-user/logs/"
+        readOnly  = false
+      },
+      {
+        name      = "docker_sock"
+        host_path = "/var/run/docker.sock"
+        readOnly  = true
+      },
+      {
+        name      = "proc"
+        host_path = "/proc/"
+        readOnly  = true
+      },
+      {
+        name      = "cgroup"
+        host_path = "/sys/fs/cgroup/"
+        readOnly  = true
       }
     ]
   }
@@ -86,59 +95,4 @@ ecs_task_definitions_base = {
       }
     ]
   }
-
-  "datadog-agent-task" = {
-    cpu             = 256
-    memory          = 128
-    network_mode    = "bridge"
-    requires_compatibilities = ["EC2"]
-    container_image = "public.ecr.aws/datadog/agent:latest"
-
-    port_mappings = [
-      {
-        container_port = 8126,
-        host_port      = 8126,
-        protocol       = "tcp"
-      },
-      {
-        container_port = 8125,
-        host_port      = 8125,
-        protocol       = "udp"
-      }
-    ]
-
-    environment = {
-      DD_SITE                              = "us5.datadoghq.com"
-      DD_PROCESS_AGENT_ENABLED             = "true"
-      DD_APM_ENABLED                       = "true"
-      DD_LOGS_ENABLED                      = "true"
-      DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL = "true"
-      DD_EC2_USE_IMDSV2                    = "true"
-      DD_DOGSTATSD_NON_LOCAL_TRAFFIC       = "true"
-      DD_SERVICE                           = "eatda-api"
-      DD_ENV                               = "dev"
-      DD_VERSION                           = "v1"
-    }
-
-    volumes = [
-      {
-        name          = "docker_sock"
-        host_path     = "/var/run/docker.sock"
-        containerPath = "/var/run/docker.sock"
-        readOnly      = true
-      },
-      {
-        name          = "proc"
-        host_path     = "/proc/"
-        containerPath = "/host/proc"
-        readOnly      = true
-      },
-      {
-        name          = "cgroup"
-        host_path     = "/sys/fs/cgroup/"
-        containerPath = "/host/sys/fs/cgroup"
-        readOnly      = true
-      }
-    ]
-  }
 }
