juju_controller (Resource)

A resource that represents a Juju Controller.

Example Usage

locals {
  # Obtained from `juju show-credentials --client localhost localhost --show-secrets --format yaml`
  lxd_creds = yamldecode(file("~/lxd-credentials.yaml"))
}

resource "juju_controller" "this" {
  name          = "my-controller"
  agent_version = "3.6.14"
  # If using Snap, use the unconfined Juju binary.
  juju_binary    = "/snap/juju/current/bin/juju"
  bootstrap_base = "ubuntu@24.04"

  # Constraints for the provisioned controller machine.
  bootstrap_constraints = {
    "cores"     = "2"
    "mem"       = "4G"
    "root-disk" = "10G"
    "arch"      = "amd64"
  }

  # Here we use Juju's built-in cloud for LXD, but 
  # you can also specify a custom cloud definition.
  cloud = {
    name       = "localhost"
    auth_types = ["certificate"]
    type       = "lxd"
  }

  # Credentials to authenticate with the cloud
  cloud_credential = {
    name      = "test-credential"
    auth_type = "certificate"

    attributes = {
      server-cert = local.lxd_creds.server-cert
      client-key  = local.lxd_creds.client-key
      client-cert = local.lxd_creds.client-cert
    }
  }

  bootstrap_config = {
    "admin-secret" = "test-secret"
  }

  controller_config = {
    "allow-model-access" = "true"
  }

  controller_model_config = {
    "http-proxy"  = "http://proxy.example.com:8080"
    "https-proxy" = "http://proxy.example.com:8080"
  }

  # Optional: If you import a controller, you may need 
  # to ignore changes to certain fields that are not fetched.
  #   lifecycle {
  #     ignore_changes = [
  #       cloud.endpoint,
  #       cloud.region,
  #       cloud_credential.attributes["client-cert"],
  #       cloud_credential.attributes["client-key"]
  #     ]
  #   }
}

Schema

Required

  • cloud (Attributes) The cloud where the controller will operate. (see below for nested schema)

  • cloud_credential (Attributes, Sensitive) Cloud credentials to use for bootstrapping the controller. (see below for nested schema)

  • juju_binary (String) The path to the juju CLI binary. If you have installed Juju as a snap, use the path /snap/juju/current/bin/juju to avoid snap confinement issues.

  • name (String) The name to be assigned to the controller. Changing this value will require the controller to be destroyed and recreated by terraform.

Optional

  • agent_version (String) Specifies a controller version to bootstrap. If not specified, the latest stable agent version will be used. Updating this value only supports in-place upgrades to higher patch versions within the same major.minor series. The provider does not wait for the upgrade to complete, so we recommend waiting for the upgrade to finish before applying further changes.

  • bootstrap_base (String) The base for the bootstrap machine.

  • bootstrap_config (Map of String) Configuration options that apply during the bootstrap process.

  • bootstrap_constraints (Map of String) Constraints for the bootstrap machine.

  • controller_config (Map of String) Configuration options for the bootstrapped controller. Note that removing a key from this map will not unset it in the controller, instead it will be left unchanged on the controller.

  • controller_model_config (Map of String) Configuration options to be set for the controller model.

  • destroy_flags (Attributes) Additional flags for destroying the controller. Changing any of these values will require applying before they can be taken into account during destroy. (see below for nested schema)

  • model_constraints (Map of String) Constraints for all workload machines in models.

  • model_default (Map of String) Configuration options to be set for all models.

  • storage_pool (Attributes) Options for the initial storage pool (see below for nested schema)

Read-Only

  • api_addresses (List of String) API addresses of the controller.

  • ca_cert (String) CA certificate for the controller.

  • controller_uuid (String) The UUID of the controller.

  • id (String) The ID of this resource.

  • password (String, Sensitive) Admin password for the controller.

  • username (String) Admin username for the controller.

Nested Schema for cloud

Required:

  • auth_types (Set of String) The authentication type(s) supported by the cloud.

  • name (String) The name of the cloud

  • type (String) The type of the cloud .

Optional:

  • ca_certificates (Set of String) CA certificates for the cloud.

  • config (Map of String) Configuration options for the cloud.

  • endpoint (String) The API endpoint for the cloud.

  • host_cloud_region (String) The host cloud region for the cloud.

  • region (Attributes) The cloud region where the controller will operate. (see below for nested schema)

Nested Schema for cloud.region

Required:

  • name (String) The name of the region.

Optional:

  • endpoint (String) The API endpoint for the region.

  • identity_endpoint (String) The identity endpoint for the region.

  • storage_endpoint (String) The storage endpoint for the region.

Nested Schema for cloud_credential

Required:

  • attributes (Map of String) Authentication attributes (key-value pairs specific to the auth type).

  • auth_type (String) The authentication type (e.g., ‘userpass’, ‘oauth2’, ‘access-key’).

  • name (String) The name of the credential.

Nested Schema for destroy_flags

Optional:

  • destroy_all_models (Boolean) Destroy all models in the controller.

  • destroy_storage (Boolean) Destroy all storage instances managed by the controller.

  • force (Boolean) Force destroy models ignoring any errors.

  • model_timeout (Number) Timeout for each step of force model destruction.

  • release_storage (Boolean) Release all storage instances from management of the controller, without destroying them.

Nested Schema for storage_pool

Required:

  • name (String) The name of the storage pool.

  • type (String) The storage pool type

Optional:

  • attributes (Map of String) Additional storage pool attributes.