Creates self hosted Terraform Cloud agents on Google Cloud. Using these Terraform modules you can quickly deploy agent pools for your Terraform Cloud workflows.
The tfc-agent-gke module provisions the resources required to deploy self hosted Terraform Cloud agents on Google Cloud infrastructure using Google Kubernetes Engine (GKE).
This includes
- Enabling necessary APIs
- VPC
- GKE Cluster
- Kubernetes Secret
Below are some examples:
- Terraform Cloud agents on GKE - This example shows how to deploy the Terraform Cloud agent on GKE.
- Terraform Cloud agents on GKE with a custom image - This example shows how to deploy a custom built Terraform Cloud agent image on GKE.
The tfc-agent-mig-vm module provisions the resources required to deploy Terrform Cloud agent on Google Cloud infrastructure using Managed Instance Groups (MIG).
This includes
- Enabling necessary APIs
- VPC
- NAT & Cloud Router
- Service Account for MIG
- MIG Instance Template
- MIG Instance Manager
- FW Rules
- Secret Manager Secret
Deployment of Managed Instance Groups requires a Google VM image with a startup script that downloads and configures the agent or a pre-baked image with the agent installed.
Below are some examples:
- Terraform Cloud agents on MIG VMs - This example shows how to deploy the Terraform Cloud agent on MIG with startup scripts.
- Terraform Cloud agents on MIG VMs from Packer image - This example shows how to deploy the Terraform Cloud agent with an image pre-baked using Packer.
The tfc-agent-mig-container-vm module provisions the resources required to deploy Terraform Cloud agents on Google Cloud infrastructure using Managed Instance Groups and Container VMs.
This includes
- Enabling necessary APIs
- VPC
- NAT & Cloud Router
- MIG Container Instance Template
- MIG Instance Manager
- FW Rules
Below are some examples:
- Terraform Cloud agents on MIG Container VMs - This example shows how to deploy a Terraform Cloud agent on MIG Container VMs.
The tfc-oidc module handles the opinionated creation of infrastructure necessary to configure Workload Identity pools and providers for authenticating to GCP using Terraform Cloud Dynamic Credentials.
This includes
- Enabling necessary APIs
- Creation of a Workload Identity pool
- Configuring a Workload Identity provider
- Granting external identities necessary IAM roles on Service Accounts
Below are some examples:
- OIDC Simple - This example shows how to use this module along with a Service Account to access storage buckets.
These sections describe requirements for using this module.
The following dependencies might be required based on the module being used:
- Terraform CLI
- Terraform Provider for GCP
- Terraform Provider for GCP beta
- Google Cloud CLI
- Kubernetes Provider
- Random Provider
Refer to the contribution guidelines for information on contributing to this module.
Please see our security disclosure process.