juju_controller (Resource)

A resource that represents a Juju Controller.

Example Usage

locals {
  # Obtained from `juju show-credentials --client localhost localhost --show-secrets --format yaml`
  lxd_creds = yamldecode(file("~/lxd-credentials.yaml"))
}

resource "juju_controller" "this" {
  name          = "my-controller"
  agent_version = "3.6.14"
  # If using Snap, use the unconfined Juju binary.
  juju_binary    = "/snap/juju/current/bin/juju"
  bootstrap_base = "ubuntu@24.04"

  # Constraints for the provisioned controller machine.
  bootstrap_constraints = {
    "cores"     = "2"
    "mem"       = "4G"
    "root-disk" = "10G"
    "arch"      = "amd64"
  }

  # Here we use Juju's built-in cloud for LXD, but 
  # you can also specify a custom cloud definition.
  cloud = {
    name       = "localhost"
    auth_types = ["certificate"]
    type       = "lxd"
  }

  # Credentials to authenticate with the cloud
  cloud_credential = {
    name      = "test-credential"
    auth_type = "certificate"

    attributes = {
      server-cert = local.lxd_creds.server-cert
      client-key  = local.lxd_creds.client-key
      client-cert = local.lxd_creds.client-cert
    }
  }

  bootstrap_config = {
    "admin-secret" = "test-secret"
  }

  controller_config = {
    "allow-model-access" = "true"
  }

  controller_model_config = {
    "http-proxy"  = "http://proxy.example.com:8080"
    "https-proxy" = "http://proxy.example.com:8080"
  }

  # Optional: If you import a controller, you may need 
  # to ignore changes to certain fields that are not fetched.
  #   lifecycle {
  #     ignore_changes = [
  #       cloud.endpoint,
  #       cloud.region,
  #       cloud_credential.attributes["client-cert"],
  #       cloud_credential.attributes["client-key"]
  #     ]
  #   }
}

Schema

Required

  • cloud (Attributes) The cloud where the controller will operate. (see below for nested schema)

  • cloud_credential (Attributes, Sensitive) Cloud credentials to use for bootstrapping the controller. (see below for nested schema)

  • juju_binary (String) The path to the juju CLI binary. If you have installed Juju as a snap, use the path /snap/juju/current/bin/juju to avoid snap confinement issues.

  • name (String) The name to be assigned to the controller. Changing this value will require the controller to be destroyed and recreated by terraform.

Optional

  • agent_version (String) Specifies a controller version to bootstrap. If not specified, the latest stable agent version will be used.

  • bootstrap_base (String) The base for the bootstrap machine.

  • bootstrap_config (Map of String) Configuration options that apply during the bootstrap process.

  • bootstrap_constraints (Map of String) Constraints for the bootstrap machine.

  • controller_config (Map of String) Configuration options for the bootstrapped controller. Note that removing a key from this map will not unset it in the controller, instead it will be left unchanged on the controller.

  • controller_model_config (Map of String) Configuration options to be set for the controller model.

  • destroy_flags (Attributes) Additional flags for destroying the controller. Changing any of these values will require applying before they can be taken into account during destroy. (see below for nested schema)

  • model_constraints (Map of String) Constraints for all workload machines in models.

  • model_default (Map of String) Configuration options to be set for all models.

  • storage_pool (Attributes) Options for the initial storage pool (see below for nested schema)

Read-Only

  • api_addresses (List of String) API addresses of the controller.

  • ca_cert (String) CA certificate for the controller.

  • controller_uuid (String) The UUID of the controller.

  • id (String) The ID of this resource.

  • password (String, Sensitive) Admin password for the controller.

  • username (String) Admin username for the controller.

Nested Schema for cloud

Required:

  • auth_types (Set of String) The authentication type(s) supported by the cloud.

  • name (String) The name of the cloud

  • type (String) The type of the cloud .

Optional:

  • ca_certificates (Set of String) CA certificates for the cloud.

  • config (Map of String) Configuration options for the cloud.

  • endpoint (String) The API endpoint for the cloud.

  • host_cloud_region (String) The host cloud region for the cloud.

  • region (Attributes) The cloud region where the controller will operate. (see below for nested schema)

Nested Schema for cloud.region

Required:

  • name (String) The name of the region.

Optional:

  • endpoint (String) The API endpoint for the region.

  • identity_endpoint (String) The identity endpoint for the region.

  • storage_endpoint (String) The storage endpoint for the region.

Nested Schema for cloud_credential

Required:

  • attributes (Map of String) Authentication attributes (key-value pairs specific to the auth type).

  • auth_type (String) The authentication type (e.g., ‘userpass’, ‘oauth2’, ‘access-key’).

  • name (String) The name of the credential.

Nested Schema for destroy_flags

Optional:

  • destroy_all_models (Boolean) Destroy all models in the controller.

  • destroy_storage (Boolean) Destroy all storage instances managed by the controller.

  • force (Boolean) Force destroy models ignoring any errors.

  • model_timeout (Number) Timeout for each step of force model destruction.

  • release_storage (Boolean) Release all storage instances from management of the controller, without destroying them.

Nested Schema for storage_pool

Required:

  • name (String) The name of the storage pool.

  • type (String) The storage pool type

Optional:

  • attributes (Map of String) Additional storage pool attributes.