Docker image with Terraform or Terragrunt, together with Terragrunt, Go, Python, Make, Docker, Git, and all needed components to easily manage cloud infrastructure for CI/CD environments as a runner image.
Including cloud CLIs and SDKs for Amazon Web Services, Microsoft Azure, Google Cloud Platform and YandexCloud.
Best used as runner image for CI/CD in automation, as well as a consistent local run environment.
Please note focus of those images is to maintain availability of current versions of Terraform, OpenTofu and Terragrunt, not CLIs or other dependencies.
Hence, images are updated when new version of Terraform, OpenTofu or Terragrunt is released. Furthermore, versioning labels of images contain versions of said software to emphasize it.
Source code is available at devops-infra/docker-terragrunt.
Dockerfile was based on two images made
by cytopia: docker-terragrunt
and docker-terragrunt-fmt
.
Original README files are included in this
repository: docker-terragrunt
and docker-terragrunt-fmt
. This project grew much bigger than the original ones and is intended to be a framework for cloud
Infrastructure-as-a-Code.
Tag of the image tells which version of Terraform and Terragrunt it contains and which public cloud provider CLI it's bundled with or not (see second table below).
Current release full tag version value |
---|
tf-1.10.4-ot-1.9.0-tg-0.72.1 |
Registry | Example full image name | Image name | Image version | Terraform version | OpenTofu version | Terragrunt version |
---|---|---|---|---|---|---|
Docker Hub | devopsinfra/docker-terragrunt:tf-1.10.4-tg-0.72.1 |
docker-terragrunt |
tf-1.10.4-tg-0.72.1 |
1.10.4 |
N/A |
0.72.1 |
Docker Hub | devopsinfra/docker-terragrunt:ot-1.9.0-tg-0.72.1 |
docker-terragrunt |
ot-1.9.0-tg-0.72.1 |
N/A |
1.9.0 |
0.72.1 |
GitHub Packages | ghcr.io/devops-infra/docker-terragrunt/docker-terragrunt:tf-1.10.4-tg-0.72.1 |
docker-terragrunt |
tf-1.10.4-tg-0.72.1 |
1.10.4 |
N/A |
0.72.1 |
GitHub Packages | ghcr.io/devops-infra/docker-terragrunt/docker-terragrunt:ot-1.9.0-tg-0.72.1 |
docker-terragrunt |
ot-1.9.0-tg-0.72.1 |
N/A |
1.9.0 |
0.72.1 |
Tag of the image tells also which cloud API/SDK is included in the image.
- For working with local files - mount working directory under
/data
, e.g.--volume $(pwd):/data
. - For working with cloud providers - pass their credentials as additional file or environment variables,
e.g.--env AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN}
or--volume ~/.aws/credentials:/root/.aws/credentials
. - For running other Docker images - by sharing the socket,
e.g.--privileged --volume /var/run/docker.sock:/var/run/docker.sock
. - For configuring git - mount desired
.gitconfig
and/or SSH key (if needed),
e.g.--volume ~/.gitconfig:/root/.gitconfig --volume ~/.ssh/id_rsa_github:/root/.ssh/id_rsa
- Use https with Personal Access Token:
[url "https://{GITHUB_TOKEN}@github.com/"]
insteadOf = https://github.com/
[url "https://{GITHUB_TOKEN}@github.com/"]
insteadOf = git+ssh://github.com/
[url "https://{GITHUB_TOKEN}@github.com/"]
insteadOf = git@github.com:
- Use https instead of git/ssh:
[url "https://github.com/"]
insteadOf = git+ssh://github.com/
[url "https://github.com/"]
insteadOf = git@github.com:
- Use ssh instead of https:
[url "ssh://git@github.com/"]
insteadOf = https://github.com/
[url "ssh://git@github.com/"]
insteadOf = git@github.com:
- Format all HCL files in the current directory. Including subdirectories.
docker run --rm \
--user $(id -u):$(id -g) \
--volume $(pwd):/data \
devopsinfra/docker-terragrunt:latest format-hcl
- Plan terraform deployment in AWS for files in current directory.
docker run --rm \
--tty --interactive \
--env AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION} \
--env AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} \
--env AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY} \
--env AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN} \
--user $(id -u):$(id -g) \
--volume $(pwd):/data \
devopsinfra/docker-terragrunt:aws-latest terraform plan
- Apply terragrunt deployment in subdirectory. With GitHub using a
~/.gitconfig
file with PAT.
docker run --rm \
--tty --interactive \
--user $(id -u):$(id -g) \
--volume $(pwd):/data \
--volume ~/.gitconfig:/root/.gitconfig \
devopsinfra/docker-terragrunt:aws-latest terragrunt apply --terragrunt-working-dir some/module
- Run a Makefile target as orchestration script.
docker run --rm \
--tty --interactive \
--user $(id -u):$(id -g) \
--volume $(pwd):/data \
devopsinfra/docker-terragrunt:aws-latest make build
Script name | Is included in PATH | Purpose | Source/Documentation |
---|---|---|---|
format-hcl |
Yes | For formatting all HCL files (.hcl , .tf and .tfvars ) into format suggested by Hashicorp. |
devops-infra |
terragrunt-fmt.sh |
No | Dependency for format-hcl |
cytopia |
show-versions.sh |
Yes | Main CMD target for Docker image, just to show all installed binaries versions. | devops-infra |
Some are conditional, depending on the selected flavour, marked with *
Name | Type | Description | Source/Documentation |
---|---|---|---|
awscli* | Binary | For interacting with AWS via terminal. | https://github.com/aws/aws-cli |
azure-cli* | Binary | For interacting with Azure via terminal. | https://github.com/Azure/azure-cli |
bc | Binary | For numeric operations. | https://www.gnu.org/software/bc/bc.html |
boto3* | Python library | For interacting with AWS via Python. | https://github.com/boto/boto3 |
cloudflare | Python library | For Cloudflare API operations | https://github.com/cloudflare/python-cloudflare |
curl | Binary | For interacting with ElasticSearch and Kibana. | https://curl.haxx.se/ |
docker | Binary | For running another container, e.g. for deploying Lambdas with LambCI's docker-lambda. | https://github.com/docker/docker-ce |
git | Binary | For interacting with Github repositories. | https://git-scm.com/ |
go | Binary | For using Golang, e.g. easy install of additional libraries/binaries. | https://go.dev/ |
google-cloud-sdk* | Binary | For interacting with GCP via terminal. | https://cloud.google.com/sdk |
gnupg | Binary | For GPG operations. | https://gnupg.org/ |
graphviz | Binary | For generating graphic files from dot graphs, like terraform graph . |
https://graphviz.org/ |
hub | Binary | For interacting with Github APIs. | https://github.com/github/hub |
jq | Binary | For parsing JSON outputs of awscli. | https://stedolan.github.io/jq/ |
hcledit | Binary | For reading and writing HCL files. | https://github.com/minamijoyo/hcledit |
make | Binary | For using Makefile instead of scripts in deployment process. |
https://www.gnu.org/software/make/ |
ncurses | Binary | For expanding Makefile with some colors. |
https://invisible-island.net/ncurses/announce.html |
openssh | Binary | For allowing outgoing SSH connections. | https://www.openssh.com/ |
openssl | Binary | For calculating BASE64SHA256 hash of Lambda packages. Assures updating Lambdas only when package hash changed. | https://github.com/openssl/openssl |
opentofu | Binary | As open-source alternative to Terraform. | https://github.com/opentofu/opentofu |
PyGithub | Python library | For interacting with GitHub API. | https://github.com/PyGithub/PyGithub |
python-hcl2 | Python library | For reading HCL files in Python. | https://github.com/amplify-education/python-hcl2 |
python3 | Binary | For running more complex scripts during deployment process. | https://www.python.org/ |
requests | Python library | For sending HTTP requests, for example integration with Slack | https://github.com/psf/requests |
slack_sdk | Python library | For integration with Slack applications/bots, e.g. creating channels for notifications | https://github.com/slackapi/python-slack-sdk |
sops | Binary | For encrypting config files for Terragrunt's sops_decrypt_file . |
https://github.com/mozilla/sops/ |
terraform | Binary | For managing IaC. Dependency for Terragrunt. | https://github.com/hashicorp/terraform |
terragrunt | Binary | For managing IaC. Wrapper over Terraform. | https://github.com/gruntwork-io/terragrunt |
tflint | Binary | For linting Terraform files. | https://github.com/terraform-linters/tflint |
unzip | Binary | For extracting packages. | http://infozip.sourceforge.net/ |
yc | Binary | For interaction with Yandex Cloud via terminal. | https://cloud.yandex.com/en/docs/cli |
zip | Binary | For creating packages for Lambdas. | http://infozip.sourceforge.net/ |
Thanks goes to these wonderful people (emoji key):
Krzysztof Szyper 💻 📦 🚧 |
cytopia 🤔 💻 |
Marko Djukic 💻 |
Phileas Lebada 🤔 |
Matthew Smedberg 💻 |
Dmitri 🐛 💻 |
This project follows the all-contributors specification. Contributions of any kind welcome!