This module handles the opinionated creation of infrastructure necessary to deploy Terraform Cloud agents on a Managed Instance Group (MIG).
This includes:
- Enabling necessary APIs
- VPC
- NAT & Cloud Router
- Service Account for MIG
- MIG Instance Template
- MIG Instance Manager
- FW Rules
- Secret Manager Secret
Below are some examples:
This example shows how to deploy a MIG self hosted Terraform Cloud agent bootstrapped using startup scripts.
Name | Description | Type | Default | Required |
---|---|---|---|---|
cooldown_period | The number of seconds that the autoscaler should wait before it starts collecting information from a new instance |
number |
60 |
no |
create_network | When set to true, VPC, router and NAT will be auto created | bool |
true |
no |
create_service_account | Set to true to create a new service account, false to use an existing one | bool |
true |
no |
custom_metadata | User provided custom metadata | map(any) |
{} |
no |
machine_type | The GCP machine type to deploy | string |
"n1-standard-1" |
no |
max_replicas | Maximum number of Terraform agent instances | number |
10 |
no |
min_replicas | Minimum number of Terraform agent instances | number |
1 |
no |
network_name | Name for the VPC network | string |
"tfc-agent-network" |
no |
network_project | The project ID of the shared VPCs host (for shared vpc support). If not provided, the project_id is used |
string |
"" |
no |
project_id | The Google Cloud Platform project ID to deploy Terraform Cloud agent | string |
n/a | yes |
region | The GCP region to use when deploying resources | string |
"us-central1" |
no |
service_account_email | Service account email address to use with the MIG template, required if create_service_account is set to false | string |
"" |
no |
source_image | Source disk image. If neither source_image nor source_image_family is specified, defaults to the latest public CentOS image |
string |
"" |
no |
source_image_family | Source image family. If neither source_image nor source_image_family is specified, defaults to the latest public Ubuntu image |
string |
"ubuntu-2204-lts" |
no |
source_image_project | Project where the source image originates | string |
"ubuntu-os-cloud" |
no |
startup_script | User startup script to run when instances spin up | string |
"" |
no |
subnet_ip | IP range for the subnet | string |
"10.10.10.0/24" |
no |
subnet_name | Name for the subnet | string |
"tfc-agent-subnet" |
no |
tfc_agent_address | The HTTP or HTTPS address of the Terraform Cloud/Enterprise API | string |
"https://app.terraform.io" |
no |
tfc_agent_auto_update | Controls automatic core updates behavior. Acceptable values include disabled, patch, and minor |
string |
"minor" |
no |
tfc_agent_labels | Terraform Cloud agent labels to attach to the VMs | set(string) |
[] |
no |
tfc_agent_name_prefix | This name may be used in the Terraform Cloud user interface to help easily identify the agent |
string |
"tfc-agent-mig-vm" |
no |
tfc_agent_secret | The secret id for storing the Terraform Cloud agent secret | string |
"tfc-agent" |
no |
tfc_agent_single | Enable single mode. This causes the agent to handle at most one job and immediately exit thereafter. Useful for running agents as ephemeral containers, VMs, or other isolated contexts with a higher-level scheduler or process supervisor |
bool |
false |
no |
tfc_agent_token | Terraform Cloud agent token. (Organization Settings >> Agents) | string |
n/a | yes |
tfc_agent_version | Terraform Cloud agent version to install | string |
"1.12.0" |
no |
Name | Description |
---|---|
mig_instance_group | The instance group url of the created MIG |
mig_instance_template | The name of the MIG Instance Template |
mig_name | The name of the MIG |
network_name | Name of the VPC |
service_account_email | Service account email used with the MIG template |
Before this module can be used on a project, you must ensure that the following pre-requisites are fulfilled:
-
Required APIs are activated
"iam.googleapis.com", "compute.googleapis.com", "storage-component.googleapis.com", "logging.googleapis.com", "monitoring.googleapis.com", "secretmanager.googleapis.com",