This module handles the opinionated creation of infrastructure necessary to deploy Terraform Cloud agents on MIG Container VMs.
This includes:
- Enabling necessary APIs
- VPC
- NAT & Cloud Router
- MIG Container Instance Template
- MIG Instance Manager
- FW Rules
Below are some examples:
This example shows how to deploy a self hosted Terraform Cloud agent on MIG Container VMs.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| additional_metadata | Additional metadata to attach to the instance | map(any) |
{} |
no |
| autoscaling_enabled | Set to true to enable autoscaling in the MIG | bool |
true |
no |
| cooldown_period | The number of seconds that the autoscaler should wait before it starts collecting information from a new instance. |
number |
60 |
no |
| create_network | When set to true, VPC, router and NAT will be auto created | bool |
true |
no |
| create_service_account | Set to true to create a new service account, false to use an existing one | bool |
true |
no |
| dind | Flag to determine whether to expose dockersock | bool |
false |
no |
| image | The Terraform Cloud agent image | string |
"hashicorp/tfc-agent:latest" |
no |
| network_name | Name for the VPC network. Only used if subnetwork_project and subnet_name are not specified | string |
"tfc-agent-network" |
no |
| project_id | The Google Cloud Platform project ID to deploy Terraform Cloud agent | string |
n/a | yes |
| region | The GCP region to use when deploying resources | string |
"us-central1" |
no |
| restart_policy | The desired Docker restart policy for the agent image | string |
"Always" |
no |
| service_account_email | Service account email address to use with the MIG template, required if create_service_account is set to false | string |
"" |
no |
| startup_script | User startup script to run when instances spin up | string |
"" |
no |
| subnet_ip | IP range for the subnet | string |
"10.10.10.0/24" |
no |
| subnet_name | Name for the subnet | string |
"tfc-agent-subnet" |
no |
| subnetwork_project | The project ID of the shared VPCs host (for shared vpc support). If not provided, the project_id is used |
string |
"" |
no |
| target_size | The number of Terraform Cloud agent instances | number |
2 |
no |
| tfc_agent_address | The HTTP or HTTPS address of the Terraform Cloud/Enterprise API | string |
"https://app.terraform.io" |
no |
| tfc_agent_auto_update | Controls automatic core updates behavior. Acceptable values include disabled, patch, and minor | string |
"minor" |
no |
| tfc_agent_name_prefix | This name may be used in the Terraform Cloud user interface to help easily identify the agent | string |
"tfc-agent-container-vm" |
no |
| tfc_agent_single | Enable single mode. This causes the agent to handle at most one job and immediately exit thereafter. Useful for running agents as ephemeral containers, VMs, or other isolated contexts with a higher-level scheduler or process supervisor. |
bool |
false |
no |
| tfc_agent_token | Terraform Cloud agent token. (Organization Settings >> Agents) | string |
n/a | yes |
| Name | Description |
|---|---|
| mig_instance_group | The instance group url of the created MIG |
| mig_instance_template | The name of the MIG Instance Template |
| mig_name | The name of the MIG |
| network_name | Name of the VPC |
| service_account_email | Service account email attached to MIG templates for GCE |
| subnet_name | Name of the subnet in the VPC |
Before this module can be used on a project, you must ensure that the following pre-requisites are fulfilled:
-
Required APIs are activated
"iam.googleapis.com", "cloudresourcemanager.googleapis.com", "containerregistry.googleapis.com", "storage-component.googleapis.com", "logging.googleapis.com", "monitoring.googleapis.com"