sethvargo / Atlantis On Gke
Projects that are alternatives of or similar to Atlantis On Gke
Atlantis on GKE with Terraform
These Terraform configurations provision an Atlantis cluster on Google Kubernetes Engine using HashiCorp Terraform as the provisioning tool.
Feature Highlights
-
Google Cloud Storage Backend - Automatically creates a GSC storage bucket for use with Terraform.
-
Dedicated Service Account - There's a dedicated service account with access to the storage bucket which can be given to Terraform or attached to instances executing Terraform.
-
(Self-signed) TLS - Automatically generates certificates and secures the Atlantis server with them. This could be replaced with real certificates if needed.
-
Automatic GitHub Repo Creation & Configuration - Automatically creates a dedicated (private) GitHub repository with the Atlantis webhook configured automatically.
Requirements
-
A Google Cloud Organization because these configurations create a new project which (through Terraform) must be associated with an organization.
-
A GitHub Organization (not a personal account) because the Terraform GitHub provider does not support personal accounts
Tutorial
-
Download and install Terraform
-
Download, install, and configure the Google Cloud SDK. You will need to configure your default application credentials so Terraform can run. It will run against your default project, but all resources are created in the (new) project that it creates.
-
Run Terraform:
$ cd terraform/ $ terraform init $ terraform applyThis operation will take some time as it:
- Creates a new project
- Enables the required services on that project
- Creates a bucket for Terraform remote state
- Creates a service account with the most restrictive permissions to those resources
- Creates a GKE cluster with the configured service account attached
- Creates a public IP
- Generates a self-signed certificate authority (CA)
- Generates a certificate signed by that CA
- Configures Terraform to talk to Kubernetes
- Creates a Kubernetes secret with the TLS file contents
- Submits the Atlantis Pod and Service (LoadBalancer) to the Kubernetes API
- Creates a sample "demo" folder with Terraform configurations that are pre-configured to connect to the provisioned Google Cloud Storage backend with customer-provided encryption keys.
Run Locally
-
Configure local Terraform with the correct credentials
cd demo/ source env.sh -
Run some commands
$ terraform plan $ terraform apply -
Go to GitHub
-
Make a change
n1-standard-1 -> n1-standard-2 -
Open a Pull Request with the changes on a new branch
-
Plan changes
atlantis plan -
Apply changes
atlantis apply
Cleaning Up
$ cd terraform/
# If you ran locally
$ unset GOOGLE_PROJECT
$ unset GOOGLE_ENCRYPTION_KEY
$ unset GOOGLE_CREDENTIALS
$ terraform destroy
Note that this can sometimes fail. Re-run it and it should succeed. If things get into a bad state, you can always just delete the project.
Security
This set of Terraform configurations is designed to make your life easy. Some data, including the TLS certificates and webhook secrets will be stored in your state file in plain text.
License & Author
Copyright 2018 Google, Inc.
Copyright 2018 Seth Vargo
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.