Docs
Guides
Terraform Getting Started

Getting Started with Terraform

This guide will help you get started with using Terraform to manage your Thalassa Cloud resources. Terraform allows you to define your infrastructure as code, making it easier to manage and version control your cloud resources.

Prerequisites

  • Terraform installed (version 1.0.0 or later)
  • Access to a Thalassa Cloud account
  • API token for authentication (can be obtained from the Thalassa Cloud Console)

Helpful documentation

Provider Setup

Add the Thalassa Cloud provider to your Terraform configuration:

terraform {
  required_providers {
    thalassa = {
      source = "thalassa-cloud/thalassa"
      version = "~> 0.17.2"
    }
  }
}


variable "thalassa_access_key" {
  type        = string
  description = "Thalassa API access key from an access credentials set"
  default     = ""
}

variable "thalassa_secret_key" {
  type        = string
  description = "Thalassa API secret key from an access credentials set"
  sensitive   = true
  default     = ""
}

variable "thalassa_personal_access_token" {
  type        = string
  description = "Thalassa Personal Access Token for your user"
  sensitive   = true
  default     = ""
}

variable "thalassa_api" {
  type        = string
  description = "Thalassa API URL"
  default     = "https://api.thalassa.cloud"
}

variable "organisation_id" {
  type        = string
  description = "Thalassa organisation Identity or slug"
}

provider "thalassa" {
  token           = var.thalassa_personal_access_token
  client_id       = var.thalassa_access_key
  client_secret   = var.thalassa_secret_key
  api             = var.thalassa_api
  organisation_id = var.organisation_id
}

You can authenticate with either a Personal Access Token, or Client Credentials. You can find these in the Console, top right, by clicking API access. Ensure that you configure your credential or PAT with the right scopes (API read, API write) and organisation.

The Thalassa Cloud provider can be configured using environment variables or the provider block:

provider "thalassa" {
  # Optional: API endpoint (defaults to https://api.thalassa.cloud)
  endpoint = "https://api.thalassa.cloud"
  
  # Optional: API token (can also be set via THALASSA_API_TOKEN environment variable)
  token = "your-api-token"
}

Advanced / Production

For production purposes, it’s recommended to instead use a Service Account with it’s own access credentials or OIDC service account impersionation.

Run terraform init to download the provider (and any terraform modules you may have already setup). When upgrading, you may need to also use the flag -upgrade.

terraform init

Creating Resources

Terraform creates resources by reading your configuration files and making the necessary changes to your infrastructure. You define what you want, and Terraform handles the rest. Learn more in the Terraform resources docs and Thalassa provider docs.

Using Terraform Modules

Terraform modules allow you to reuse infrastructure code and follow best practices. Thalassa Cloud provides official modules to help you get started quickly.

VPC Module

Our official VPC module provides a production-ready VPC setup with best practices:

module "vpc" {
  source = "github.com/thalassa-cloud/terraform-thalassa-vpc"

  name             = "my-vpc"
  description      = "Production VPC for my application"
  organisation_id  = "org-123456"
  region           = "nl-01"

  vpc_cidrs = ["10.0.0.0/16"]

  public_subnets = {
    public-1 = {
      cidr        = "10.0.1.0/24"
      description = "Public subnet"
      labels = {
        environment = "production"
        tier       = "public"
      }
    }
  }

  private_subnets = {
    private-1 = {
      cidr        = "10.0.2.0/24"
      description = "Private subnet"
      labels = {
        environment = "production"
        tier       = "private"
      }
    }
  }

  enable_nat_gateway = true
  labels = {
    environment = "production"
    managed-by  = "terraform"
  }
}

The VPC module offers a simple way to set up a standardized, best-practice VPC with configurable subnets, internet access, and useful resource tagging. For more details, see the VPC Module Documentation.

Kubernetes Setup

This example demonstrates how to create a complete Kubernetes cluster setup using Terraform modules. It includes a VPC with public and private subnets, and a Kubernetes cluster with an autoscaling worker nodepool.

terraform {
  required_providers {
    thalassa = {
      version = ">= 0.17"
      source  = "thalassa-cloud/thalassa"
    }
  }
}

variable "thalassa_token" {
  type        = string
  description = "Thalassa API token"
  sensitive   = true
}

variable "thalassa_api" {
  type        = string
  description = "Thalassa API URL"
}

variable "organisation_id" {
  type        = string
  description = "Thalassa organisation Identity or slug"
}

variable "region" {
  type        = string
  description = "Thalassa region"
  default     = "nl-01"
}

variable "availability_zones" {
  type        = list(string)
  description = "Thalassa availability zones"
  default     = ["nl-01a", "nl-01b", "nl-01c"]
}

provider "thalassa" {
  token           = var.thalassa_token
  api             = var.thalassa_api
  organisation_id = var.organisation_id
}

module "vpc" {
  source          = "thalassa-cloud/vpc/thalassa"
  organisation_id = var.organisation_id
  name            = "kubernetes-example"
  description     = "VPC for Kubernetes example"
  region          = var.region

  labels = {
    "module" = "vpc"
  }
  # module variables
  enable_nat_gateway = true

  public_subnets = {
    "public" = {
      "cidr"        = "10.0.1.0/24"
      "description" = "Public subnet"
    }
  }

  private_subnets = {
    "private" = {
      "cidr"        = "10.0.2.0/24"
      "description" = "Private subnet"
    }
  }
}

locals {
  environment = "example"

  labels = {
    "module"      = "kubernetes"
    "environment" = local.environment
  }
  annotations = {
    "module"      = "kubernetes"
    "environment" = local.environment
  }
}

module "kubernetes" {
  source          = "thalassa-cloud/kubernetes/thalassa"
  organisation_id = var.organisation_id
  name            = "kubernetes-example"
  description     = "Kubernetes example for Thalassa Cloud Kubernetes module"
  region          = var.region
  cni             = "cilium"
  labels          = local.labels
  annotations     = local.annotations
  vpc_id          = module.vpc.vpc_id
  # Deploy the Control Plane in the private subnet of the VPC
  subnet_id = module.vpc.private_subnet_ids["private"]

  auto_upgrade_policy  = "latest-stable"
  maintenance_day      = 5
  maintenance_start_at = 20
  # api_server_acls      = ["10.0.0.0/0"]

  nodepools = {
    "workers" = {
      machine_type       = "pgp-medium"
      availability_zones = var.availability_zones
      # replicas           = 0
      enable_autoscaling = true
      min_replicas       = 1
      max_replicas       = 2
      subnet_id          = module.vpc.public_subnet_ids["public"]
      labels = {
        "module" = "nodepool"
      }
      annotations = {
        "module" = "nodepool"
      }
      node_labels = {
        "node-type" = "worker"
      }
      node_annotations = {
        "node-type" = "worker"
      }
      node_taints = [
        {
          key      = "node-type"
          value    = "worker"
          effect   = "NoSchedule"
          operator = "Equal"
        }
      ]
    }
  }
}

Next Steps

For additional help, contact Thalassa Cloud support or visit our GitHub repository.

Exposing Pod with TraefikHow to Create and Configure a VPC