GitOps: Introduction to Atlantis

Transcript

1. GitOps: Introduction to Atlantis

2. Bruno Russi Lautenschlager • SRE @ iFood • AWS Community

   Builder • Pai de pet linktr.ee/bruno_russi

3. What is Infrastructure as Code • Define your infrastructure as

   code instead of creating it manually • Infrastructure can be easily reproduced

4. Types of IaC Not only infrastructure • Network as Code

   • Policy as Code • Configuration as Code • Security as Code

5. How usually people use IaC Not on a git repository

   • Create and test locally infra files • Execute from local machine

6. How usually people use IaC I have a repository but

   commit and push all on main/master No Review/Approval process • No pull requests • No code review • No collaboration • No automated tests

7. How usually people use IaC Apply the infrastructure locally •

   Tooling version variations from one machine to another • Many people have access to the infrastructure • Difficulty tracking changes ◦ Hard to know who performed it and when ◦ No visibility of what is being applied and what has been applied

8. How usually people use IaC No defined environment • No

   development/test environment for infra • You will find the problems only after applying

9. Infra as code is very good and has many benefits,

   but often the process is 💩

10. Gitops: requirements Git repository - Version controlled - Team collaboration

    CI/CD - Lint Process - Test Process

11. GitOps: workflow 1. Make infrastructure changes 2. Create pull request

    (Visibility, RFC) 3. CI Pipeline (Lint, tests) 4. Approve by team (Review from team) 5. Applies infra files on infrastructure (Atlantis)

12. Atlantis

13. What is Atlantis? Atlantis is open-source https://github.com/runatlantis/atlantis https://www.runatlantis.io/

14. How Atlantis works? • Atlantis is self-hosted. Your credentials don't

    leave your infrastructure • Runs as a Golang binary or Docker image • Can be deployed on VMs, Kubernetes, Fargate, etc • Listens for webhooks from GitHub/GitLab/Bitbucket/Azure DevOps • Runs terraform commands remotely and comments back with their output

15. How to configure? - Git Host - Create git access

    credentials - Deploy Atlantis - Configure webhooks - Configure provider credentials

16. How to configure Atlantis server? All the Altantis flags can

    be configured using: - Environment variables - Config yaml file - Flags on execution command

17. How to customize Atlantis workflows? • Customize on server side

    with repos.yaml config file

18. How to customize Atlantis workflows? • Customize on terraform repo

    with atlantis.yaml config file

19. Atlantis workflow: apply requirements Atlantis allows you to require certain

    conditions be satisfied before an Atlantis apply command can be run: • Approved • Mergeable

20. How to deploy?

21. How to deploy?

22. How Atlantis works? • Atlantis plan example

23. Demo ⚡

24. Benefits - Automated process - No tolling version variation -

    No human failures - More transparent - Team collaboration - More quality in code - Any person can send a PR and propose a change - Greater security - Only the pipeline has access to infra - Centralized - Git is the source of truth (everything that passes is applied) - Just revert a commit and open an MR for rollback - Infra reflect what's in git

25. 󰢨 Questions? 󰢡

26. Thank's

27. Reference • https://www.runatlantis.io • https://hub.docker.com/r/runatlantis/atlantis • https://github.com/terraform-aws-modules/terraform-aws-atlantis • https://github.com/msfidelis/atlantis-aws •

    https://youtu.be/f5EpcWp0THw
28. None