How to run terraform in container!
I am running this from Docker Desktop 2.3.0.2. on Windows 10. I am on my work network which brings special certificate issue.
Going to use this official Hashicorp Terraform Image.
Creating New Image to incorporate your certificate
Create a new dockerfile and insert following. Be sure to have your PEM file in the same directory.
##Pull down the latest version of terraform from Hashi
FROM hashicorp/terraform:light
##Need this else you get cert trust error
COPY "myWork.pem" "/usr/local/share/ca-certificates/"
##Need this to apply the new cert (above) on this box
##https://manpages.ubuntu.com/manpages/xenial/man8/update-ca-certificates.8.html#name
RUN "/usr/sbin/update-ca-certificates"
##Need this so that it runs terraform upon launch
ENTRYPOINT ["/bin/terraform"]
Run following command to build your image
docker build -t terraform:latest .
Now you should bee a new image...
Create a terraform launcher
Now you can launch this image every time you want to invoke Terraform.
docker run --rm -it terraform:latest -version
But that's not very helpful. So we'll need to attach some volumes to make this useful. See this
link for details. This is a little more useful call to this image from docker
docker run --rm -it -e TF_LOG=%debugVar% -e TF_CLI_CONFIG_FILE=%TF_CLI_CONFIG_FILE_NEW% -v %cd%:/data -v %tf_config%:/terraform -w /data -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker:/var/lib/docker terraform:latest %newarg%
Now we'll make this into a Batch Script and ensure it's accessible from %PATH%. You can also create an Alias if you have permission to edit Registry.
This Batch Script is gonna add some extra features
- Enable toggling Debug at will
- Ability to pass in Terraform Config
- Ability to write and read back credential via Terraform Login
@echo off
:dockerizedTerraform
setlocal enabledelayedexpansion
:: Initiall set this to 0, remember /A means this is number type
set /A debug = 0
::Set all the incoming argument into another variable, didn't know how to work with %*
set "args=%*"
::loop through the arguments, when something we want to is found, flag it
:: if there are more special flags we need to catch then just them here
:: be sure to put quote around both side of comparison
for %%x in (%*) do (
if "%%x" == "-debug" set /A debug = 1
)
:: If debug flag was set to 1 then remove -debug from the args
if %debug%==1 (
set "newarg=%args:-debug= %"
set "debugVar=DEBUG"
) else (
set "newarg=%args%"
set "debugVar= "
)
:: use -e for passing in environment variables to Docker container
::Need to pass in environment variable for the token file
:: but we need to mount the volume and pass in the remote-end equivalent
FOR %%i IN ("%TF_CLI_CONFIG_FILE%") DO (
:: get the folder path
set "tf_config=%%~di%%~pi"
:: get the file name and extension
set "tf_config_file=%%~ni%%~xi"
)
::This will be the mount point for the terraform configuration file
set "TF_CONFIG_PATH=terraform"
::THis will be the new config file location in the remote-end
set "TF_CLI_CONFIG_FILE_NEW=/%TF_CONFIG_PATH%/%tf_config_file%"
docker run --rm -it -e TF_LOG=%debugVar% -e TF_CLI_CONFIG_FILE=%TF_CLI_CONFIG_FILE_NEW% -v %cd%:/data -v %tf_config%:/terraform -w /data -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/docker:/var/lib/docker terraform:latest %newarg%
You can download the files
here.
How to get your PEM
