Skip to content

Latest commit

 

History

History
280 lines (224 loc) · 28.9 KB

README.md

File metadata and controls

280 lines (224 loc) · 28.9 KB

Dockerized IaC framework for Terraform, OpenTofu and Terragrunt

Supporting amd64 and aarch64/arm64 images!

Supporting fully OpenTofu by image version (prefix ot-)!

Docker image with Terraform or Terragrunt, together with Terragrunt, Go, Python, Make, Docker, Git, and all needed components to easily manage cloud infrastructure for CI/CD environments as a runner image.

Including cloud CLIs and SDKs for Amazon Web Services, Microsoft Azure, Google Cloud Platform and YandexCloud.

Best used as runner image for CI/CD in automation, as well as a consistent local run environment.

Please note focus of those images is to maintain availability of current versions of Terraform, OpenTofu and Terragrunt, not CLIs or other dependencies.
Hence, images are updated when new version of Terraform, OpenTofu or Terragrunt is released. Furthermore, versioning labels of images contain versions of said software to emphasize it.

Source code is available at devops-infra/docker-terragrunt.

Dockerfile was based on two images made by cytopia: docker-terragrunt and docker-terragrunt-fmt .
Original README files are included in this repository: docker-terragrunt and docker-terragrunt-fmt . This project grew much bigger than the original ones and is intended to be a framework for cloud Infrastructure-as-a-Code.

All Contributors

Push to master Push to other
GitHub GitHub code size in bytes GitHub last commit
DockerHub Dockerfile size Docker Pulls

Available source images

Tag of the image tells which version of Terraform and Terragrunt it contains and which public cloud provider CLI it's bundled with or not (see second table below).

Current release full tag version value
tf-1.9.5-ot-1.8.2-tg-0.67.4
Registry Example full image name Image name Image version Terraform version OpenTofu version Terragrunt version
Docker Hub devopsinfra/docker-terragrunt:tf-1.9.5-tg-0.67.4 docker-terragrunt tf-1.9.5-tg-0.67.4 1.9.5 N/A 0.67.4
Docker Hub devopsinfra/docker-terragrunt:ot-1.8.2-tg-0.67.4 docker-terragrunt ot-1.8.2-tg-0.67.4 N/A 1.8.2 0.67.4
GitHub Packages ghcr.io/devops-infra/docker-terragrunt/docker-terragrunt:tf-1.9.5-tg-0.67.4 docker-terragrunt tf-1.9.5-tg-0.67.4 1.9.5 N/A 0.67.4
GitHub Packages ghcr.io/devops-infra/docker-terragrunt/docker-terragrunt:ot-1.8.2-tg-0.67.4 docker-terragrunt ot-1.8.2-tg-0.67.4 N/A 1.8.2 0.67.4

Available flavours

Tag of the image tells also which cloud API/SDK is included in the image.

Image name AWS Azure GCP OT TF Description Size
docker-terragrunt:slim-tf-1.9.5-tg-0.67.4 Lightweight version with TF, TG and bare dependencies Docker size
docker-terragrunt:slim-ot-1.8.2-tg-0.67.4 Lightweight version with OT, TG and bare dependencies Docker size
docker-terragrunt:tf-1.9.5-tg-0.67.4 Normal version, with TF. Having Go, Python, Make, etc. Docker size
docker-terragrunt:ot-1.8.2-tg-0.67.4 Normal version, with OT. Having Go, Python, Make, etc. Docker size
docker-terragrunt:aws-tf-1.9.5-tg-0.67.4 Normal version with AWS CLI, with TF. Docker size
docker-terragrunt:aws-ot-1.8.2-tg-0.67.4 Normal version with AWS CLI, with OT. Docker size
docker-terragrunt:azure-tf-1.9.5-tg-0.67.4 Normal version with Azure CLI, with TF. Docker size
docker-terragrunt:azure-ot-1.8.2-tg-0.67.4 Normal version with Azure CLI, with OT. Docker size
docker-terragrunt:aws-azure-tf-1.9.5-tg-0.67.4 Normal version with AWS and Azure CLIs, with TF. Docker size
docker-terragrunt:aws-azure-ot-1.8.2-tg-0.67.4 Normal version with AWS and Azure CLIs, with OT. Docker size
docker-terragrunt:gcp-tf-1.9.5-tg-0.67.4 Normal version with GCP CLI, with TF. Docker size
docker-terragrunt:gcp-ot-1.8.2-tg-0.67.4 Normal version with GCP CLI, with OT. Docker size
docker-terragrunt:aws-gcp-tf-1.9.5-tg-0.67.4 Normal version with AWS and GCP CLIs, with TF. Docker size
docker-terragrunt:aws-gcp-ot-1.8.2-tg-0.67.4 Normal version with AWS and GCP CLIs, with OT. Docker size
docker-terragrunt:azure-gcp-tf-1.9.5-tg-0.67.4 Normal version with Azure and GCP CLIs, with TF. Docker size
docker-terragrunt:azure-gcp-ot-1.8.2-tg-0.67.4 Normal version with Azure and GCP CLIs, with OT. Docker size
docker-terragrunt:aws-azure-gcp-tf-1.9.5-tg-0.67.4 Normal version with AWS, Azure and GCP CLIs, with TF. Docker size
docker-terragrunt:aws-azure-gcp-ot-1.8.2-tg-0.67.4 Normal version with AWS, Azure and GCP CLIs, with OT. Docker size
docker-terragrunt:yc-tf-1.9.5-tg-0.67.4 Normal version with YandexCloud CLI, with TF. Docker size
docker-terragrunt:yc-ot-1.8.2-tg-0.67.4 Normal version with YandexCloud CLI, with OT. Docker size

Usage

  • For working with local files - mount working directory under /data, e.g. --volume $(pwd):/data.
  • For working with cloud providers - pass their credentials as additional file or environment variables,
    e.g. --env AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN} or --volume ~/.aws/credentials:/root/.aws/credentials.
  • For running other Docker images - by sharing the socket,
    e.g. --privileged --volume /var/run/docker.sock:/var/run/docker.sock.
  • For configuring git - mount desired .gitconfig and/or SSH key (if needed),
    e.g. --volume ~/.gitconfig:/root/.gitconfig --volume ~/.ssh/id_rsa_github:/root/.ssh/id_rsa

Examples of .gitconfig to mount

  • Use https with Personal Access Token:
[url "https://{GITHUB_TOKEN}@github.com/"]
	insteadOf = https://github.com/
[url "https://{GITHUB_TOKEN}@github.com/"]
	insteadOf = git+ssh://github.com/
[url "https://{GITHUB_TOKEN}@github.com/"]
	insteadOf = [email protected]:
  • Use https instead of git/ssh:
[url "https://github.com/"]
	insteadOf = git+ssh://github.com/
[url "https://github.com/"]
	insteadOf = [email protected]:
  • Use ssh instead of https:
[url "ssh://[email protected]/"]
  insteadOf = https://github.com/
[url "ssh://[email protected]/"]
	insteadOf = [email protected]:

Examples

  • Format all HCL files in the current directory. Including subdirectories.
docker run --rm \
    --user $(id -u):$(id -g) \
    --volume $(pwd):/data \
    devopsinfra/docker-terragrunt:latest format-hcl
  • Plan terraform deployment in AWS for files in current directory.
docker run --rm \
    --tty --interactive \
    --env AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION} \
    --env AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} \
    --env AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} \
    --env AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN} \
    --user $(id -u):$(id -g) \
    --volume $(pwd):/data \
    devopsinfra/docker-terragrunt:aws-latest terraform plan
  • Apply terragrunt deployment in subdirectory. With GitHub using a ~/.gitconfig file with PAT.
docker run --rm \
    --tty --interactive \
    --user $(id -u):$(id -g) \
    --volume $(pwd):/data \
    --volume ~/.gitconfig:/root/.gitconfig \
    devopsinfra/docker-terragrunt:aws-latest terragrunt apply --terragrunt-working-dir some/module
  • Run a Makefile target as orchestration script.
docker run --rm \
    --tty --interactive \
    --user $(id -u):$(id -g) \
    --volume $(pwd):/data \
    devopsinfra/docker-terragrunt:aws-latest make build

Additional software available in all images

Scripts

Script name Is included in PATH Purpose Source/Documentation
format-hcl Yes For formatting all HCL files (.hcl, .tf and .tfvars) into format suggested by Hashicorp. devops-infra
terragrunt-fmt.sh No Dependency for format-hcl cytopia
show-versions.sh Yes Main CMD target for Docker image, just to show all installed binaries versions. devops-infra

Binaries and Python libraries

Some are conditional, depending on the selected flavour, marked with *

Name Type Description Source/Documentation
awscli* Binary For interacting with AWS via terminal. https://github.com/aws/aws-cli
azure-cli* Binary For interacting with Azure via terminal. https://github.com/Azure/azure-cli
bc Binary For numeric operations. https://www.gnu.org/software/bc/bc.html
boto3* Python library For interacting with AWS via Python. https://github.com/boto/boto3
cloudflare Python library For Cloudflare API operations https://github.com/cloudflare/python-cloudflare
curl Binary For interacting with ElasticSearch and Kibana. https://curl.haxx.se/
docker Binary For running another container, e.g. for deploying Lambdas with LambCI's docker-lambda. https://github.com/docker/docker-ce
git Binary For interacting with Github repositories. https://git-scm.com/
go Binary For using Golang, e.g. easy install of additional libraries/binaries. https://go.dev/
google-cloud-sdk* Binary For interacting with GCP via terminal. https://cloud.google.com/sdk
gnupg Binary For GPG operations. https://gnupg.org/
graphviz Binary For generating graphic files from dot graphs, like terraform graph. https://graphviz.org/
hub Binary For interacting with Github APIs. https://github.com/github/hub
jq Binary For parsing JSON outputs of awscli. https://stedolan.github.io/jq/
hcledit Binary For reading and writing HCL files. https://github.com/minamijoyo/hcledit
make Binary For using Makefile instead of scripts in deployment process. https://www.gnu.org/software/make/
ncurses Binary For expanding Makefile with some colors. https://invisible-island.net/ncurses/announce.html
openssh Binary For allowing outgoing SSH connections. https://www.openssh.com/
openssl Binary For calculating BASE64SHA256 hash of Lambda packages. Assures updating Lambdas only when package hash changed. https://github.com/openssl/openssl
opentofu Binary As open-source alternative to Terraform. https://github.com/opentofu/opentofu
PyGithub Python library For interacting with GitHub API. https://github.com/PyGithub/PyGithub
python-hcl2 Python library For reading HCL files in Python. https://github.com/amplify-education/python-hcl2
python3 Binary For running more complex scripts during deployment process. https://www.python.org/
requests Python library For sending HTTP requests, for example integration with Slack https://github.com/psf/requests
slack_sdk Python library For integration with Slack applications/bots, e.g. creating channels for notifications https://github.com/slackapi/python-slack-sdk
sops Binary For encrypting config files for Terragrunt's sops_decrypt_file. https://github.com/mozilla/sops/
terraform Binary For managing IaC. Dependency for Terragrunt. https://github.com/hashicorp/terraform
terragrunt Binary For managing IaC. Wrapper over Terraform. https://github.com/gruntwork-io/terragrunt
tflint Binary For linting Terraform files. https://github.com/terraform-linters/tflint
unzip Binary For extracting packages. http://infozip.sourceforge.net/
yc Binary For interaction with Yandex Cloud via terminal. https://cloud.yandex.com/en/docs/cli
zip Binary For creating packages for Lambdas. http://infozip.sourceforge.net/

Contributors ✨

Thanks goes to these wonderful people (emoji key):


Krzysztof Szyper

💻 📦 🚧

cytopia

🤔 💻

Marko Djukic

💻

Phileas Lebada

🤔

Matthew Smedberg

💻

Dmitri

🐛 💻

This project follows the all-contributors specification. Contributions of any kind welcome!