This repository is a template for provisioning your Cloud and Local environment using Terraform and Ansible.
Docker and Docker Compose are needed. If you want to provision only local environments, that's all.
However, if you want to provision a cloud environment, you need permission that can administer for at least one cloud: AWS, Azure, or Google Cloud.
And you need to set up the repository following steps.
You should write your account IDs and credentials depending on your need, such as AWS, Azure, and Google Cloud, in the .env file as follows.
# UID=1234
# GID=1234
# DOCKER_GID=2345
PROJECT_UNIQUE_ID=my-unique-b78e
_TERRAFORM_BACKEND_TYPE=s3
TF_VAR_allowed_ipaddr_list=["203.0.113.0/24"]
#
# <AWS>
AWS_ACCESS_KEY_ID=AKXXXXXXXX
AWS_ACCOUNT_ID=123456789012
# AWS_DEFAULT_REGION=us-east-1
AWS_SECRET_ACCESS_KEY=AWxxxxxxxx00000000
# </AWS>ℹ️ If you are using Linux, write out UID, GID, and GID for the docker group, into the .env file to let that as exported on Docker Compose as environment variables.
test $(uname -s) = 'Linux' && {
echo -e "DOCKER_GID=$(getent group docker | cut -d : -f 3)"
echo -e "GID=$(id -g)"
echo -e "UID=$(id -u)"
} >> .env || :ℹ️ In addition, if you use Google Cloud, you should place the key file for Google Cloud Service Account as config/credentials/google-cloud-keyfile.provisioning-owner.json.
Environment variable names and uses are as follows.
| Name | Required on Linux | Value |
|---|---|---|
| UID | Yes | This ID number is used as UID for your Docker user, so this ID becomes the owner of all files and directories created by the container. |
| GID | Yes | The same as the above UID. |
| DOCKER_GID | Yes | This ID number is used to provide permission to read and write your docker socket on your local machine from your container. |
| Name | Required with Terraform | Value |
|---|---|---|
| PROJECT_UNIQUE_ID | Yes | An ID to indicate your environment. The value is used for the name of the Object Storage bucket or Storage Account for Terraform backend. |
| _TERRAFORM_BACKEND_TYPE | Yes | Acceptable values are azurerm, gcs, s3, and none. |
| TF_VAR_allowed_ipaddr_list | no | IP address ranges you want access to your cloud environment. |
AWS
| Name | Required with AWS | Value |
|---|---|---|
| AWS_ACCOUNT_ID | Yes | A 12-digit AWS Account ID you want to provision. The S3 bucket is created in this account to store the tfstate file if you choose the S3 backend. |
| AWS_ACCESS_KEY_ID | Yes | An AWS Access Key for the IAM user that is used to create the S3 bucket to store tfstate file and apply all in your AWS environment. |
| AWS_SECRET_ACCESS_KEY | Yes | |
| AWS_DEFAULT_REGION | no |
You are able to update and define the provisioning service to your need in the docker-compose.yml.
services:
provisioning:
<<: *provisioning-baseMake sure your config.
docker compose configNow, you are able to provision your environment as follows. 🎉
docker compose builddocker compose updocker compose exec provisioning terraform applydocker compose downThe gh command helps set secrets.
gh secret set --app actions --env-file .envcat config/credentials/google-cloud-keyfile.provisioning-owner.json\
| gh secret set GOOGLE_SA_KEY --app=actions