Docker image with Terraform, Terragrunt, Python, Make, Docker, Git, and all needed components to easily manage cloud
infrastructure.
Including cloud CLIs and SDKs for Amazon Web Services, Microsoft Azure and Google Cloud Platform.
Best used as runner image for CI/CD in automation, as well as a local environment.
Please note focus of those images is to maintain availability of cutting edge versions of Terraform and Terragrunt,
not CLIs or other dependencies.
Hence, images are updated when new version of Terraform or Terragrunt is released. Furthermore, versioning labels of
images contain versions of said software to emphasize it.
Source code is available at devops-infra/docker-terragrunt.
Dockerfile was based on two images made
by cytopia: docker-terragrunt
and docker-terragrunt-fmt
.
Original README files are included in this
repository: docker-terragrunt
and docker-terragrunt-fmt
. This project grew much bigger than the original ones and is intended to be a framework for cloud
Infrastructure-as-a-Code.
Tag of the image tells which version of Terraform and Terragrunt it contains and which public cloud provider CLI it's bundled with or not (see second table below).
Registry | Example full image name | Image name | Image version | Terraform version | Terragrunt version |
---|---|---|---|---|---|
Docker Hub | devopsinfra/docker-terragrunt:tf-0.15.0-tg-0.29.0 |
docker-terragrunt |
tf-0.15.0-tg-0.29.0 |
0.15.0 |
0.29.0 |
GitHub Packages | docker.pkg.github.com/devops-infra/docker-terragrunt/docker-terragrunt:tf-0.15.0-tg-0.29.0 |
docker-terragrunt |
tf-0.15.0-tg-0.29.0 |
0.15.0 |
0.29.0 |
Tag of the image tells also which cloud API/SDK is included in the image.
- For working with local files - mount working directory under
/data
, e.g.--volume $(pwd):/data
. - For working with cloud providers - pass their credentials as additional file or environment variables,
e.g.--env AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN}
or--volume ~/.aws/credentials:/root/.aws/credentials
. - For running other Docker images - by sharing the socket,
e.g.--privileged --volume /var/run/docker.sock:/var/run/docker.sock
. - For configuring git - mount desired
.gitconfig
and/or SSH key (if needed),
e.g.--volume ~/.gitconfig:/root/.gitconfig --volume ~/.ssh/id_rsa_github:/root/.ssh/id_rsa
- Use https with Personal Access Token:
[url "https://{GITHUB_TOKEN}@github.com/"]
insteadOf = https://github.com/
[url "https://{GITHUB_TOKEN}@github.com/"]
insteadOf = git+ssh://github.com/
[url "https://{GITHUB_TOKEN}@github.com/"]
insteadOf = [email protected]:
- Use https instead of git/ssh:
[url "https://github.com/"]
insteadOf = git+ssh://github.com/
[url "https://github.com/"]
insteadOf = [email protected]:
- Use ssh instead of https:
[url "ssh://[email protected]/"]
insteadOf = https://github.com/
[url "ssh://[email protected]/"]
insteadOf = [email protected]:
- Format all HCL files in the current directory. Including subdirectories.
docker run --rm \
--user $(id -u):$(id -g) \
--volume $(pwd):/data \
devopsinfra/docker-terragrunt:latest format-hcl
- Plan terraform deployment in AWS for files in current directory.
docker run --rm \
--tty --interactive \
--env AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION} \
--env AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} \
--env AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} \
--env AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN} \
--user $(id -u):$(id -g) \
--volume $(pwd):/data \
devopsinfra/docker-terragrunt:aws-latest terraform plan
- Apply terragrunt deployment in subdirectory. With GitHub using a
~/.gitconfig
file with PAT.
docker run --rm \
--tty --interactive \
--user $(id -u):$(id -g) \
--volume $(pwd):/data \
--volume ~/.gitconfig:/root/.gitconfig \
devopsinfra/docker-terragrunt:aws-latest terragrunt apply --terragrunt-working-dir some/module
- Run a Makefile target as orchestration script.
docker run --rm \
--tty --interactive \
--user $(id -u):$(id -g) \
--volume $(pwd):/data \
devopsinfra/docker-terragrunt:aws-latest make build
Script name | Is included in PATH | Purpose | Source/Documentation |
---|---|---|---|
format-hcl |
Yes | For formatting all HCL files (.hcl , .tf and .tfvars ) into format suggested by Hashicorp. |
devops-infra |
terragrunt-fmt.sh |
No | Dependency for format-hcl |
cytopia |
show-versions.sh |
Yes | Main CMD target for Docker image, just to show all installed binaries versions. | devops-infra |
Some are conditional, depending on the selected flavour, marked with *
Name | Type | Description | Source/Documentation |
---|---|---|---|
awscli* | Binary | For interacting with AWS via terminal. | https://github.com/aws/aws-cli |
azure-cli* | Binary | For interacting with Azure via terminal. | https://github.com/Azure/azure-cli |
bash | Binary | For color output from terraform andterragrunt . Assures also access to some builtins. |
https://www.gnu.org/software/bash/ |
bc | Binary | For numeric operations. | https://www.gnu.org/software/bc/bc.html |
boto3* | Python library | For interacting with AWS via Python. | https://github.com/boto/boto3 |
cloudflare | Python library | For Cloudflare API operations | https://github.com/cloudflare/python-cloudflare |
curl | Binary | For interacting with ElasticSearch and Kibana. | https://curl.haxx.se/ |
docker | Binary | For running another container, e.g. for deploying Lambdas with LambCI's docker-lambda. | https://github.com/docker/docker-ce |
git | Binary | For interacting with Github repositories. | https://git-scm.com/ |
google-cloud-sdk* | Binary | For interacting with GCP via terminal. | https://cloud.google.com/sdk |
hub | Binary | For interacting with Github APIs. | https://github.com/github/hub |
jq | Binary | For parsing JSON outputs of awscli. | https://stedolan.github.io/jq/ |
hcledit | Binary | For reading and writing HCL files. | https://github.com/minamijoyo/hcledit |
make | Binary | For using Makefile instead of scripts in deployment process. |
https://www.gnu.org/software/make/ |
ncurses | Binary | For expanding Makefile with some colors. |
https://invisible-island.net/ncurses/announce.html |
openssh | Binary | For allowing outgoing SSH connections. | https://www.openssh.com/ |
openssl | Binary | For calculating BASE64SHA256 hash of Lambda packages. Assures updating Lambdas only when package hash changed. | https://github.com/openssl/openssl |
PyGithub | Python library | For interacting with GitHub API. | https://github.com/PyGithub/PyGithub |
python-hcl2 | Python library | For reading HCL files in Python. | https://github.com/amplify-education/python-hcl2 |
python3 | Binary | For running more complex scripts during deployment process. | https://www.python.org/ |
requests | Python library | For sending HTTP requests, for example integration with Slack | https://github.com/psf/requests |
slack_sdk | Python library | For integration with Slack applications/bots, e.g. creating channels for notifications | https://github.com/slackapi/python-slack-sdk |
sops | Binary | For encrypting config files for Terragrunt's sops_decrypt_file . |
https://github.com/mozilla/sops/ |
terraform | Binary | For managing IaC. Dependency for Terragrunt. | https://github.com/hashicorp/terraform |
terragrunt | Binary | For managing IaC. Wrapper over Terraform. | https://github.com/gruntwork-io/terragrunt |
tflint | Binary | For linting Terraform files. | https://github.com/terraform-linters/tflint |
unzip | Binary | For extracting packages. | http://infozip.sourceforge.net/ |
zip | Binary | For creating packages for Lambdas. | http://infozip.sourceforge.net/ |
Thanks goes to these wonderful people (emoji key):
Krzysztof Szyper 💻 📦 🚧 |
cytopia 🤔 💻 |
Marko Djukic 💻 |
Phileas Lebada 🤔 |
This project follows the all-contributors specification. Contributions of any kind welcome!