Replies: 1 comment
-
|
I think I just realised that atlantis is not technically pull-based due to the requirement of configuring webhooks.. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hey guys,
Have been aware of atlantis for a little while now and I've always been interested in it's real world applicability in an enterprise setting. I'm a big fan of pull-based CD (for example Flux/ArgoCD for k8s resources) and have been pondering how best to carry out IaC deployments following a GitOps model.
Most examples I have seen for IaC GitOps deployments rely on a push-based model where a PR/MR merge to master/main triggers a pipeline which completes the deployment via a build agent. Being pull-based, atlantis seems to offer the ability to remove a pipeline and it's associated config for deployment purposes as the atlantis agent handles this.
I notice from the atlantis docs that it is possible to deploy the atlantis agent via a number of methods like on a VM, as a "raw" container or within k8s. I began thinking about how you would deploy the atlantis agent itself in an automated fashion. I work in an enterprise setting which is all Kube based. I'm a big fan of grouping as much of a platform as possible into grouped code within a single repo for ease of use, so my initial take would be to deploy atlantis onto a Kube cluster as a deployment. I would likely deploy atlantis via something like Argo/Flux onto a cluster that I would look to create via... Terraform.
As I followed this line of thinking, it struck me that using atlantis to manage TF infrastructure that atlantis is itself deployed onto, you potentially get into a scenario whereby if you wanted or needed to drop the kube cluster (think a rollback following EKS/AKS/GKE upgrade gone wrong), you are inadvertently going to drop the atlantis agent too. Obviously I don't think this would work.
Resultantly I reach the conclusion that for atlantis to be deployed in a protected manner avoiding the above scenario, you would have to separate the deployment of atlantis from any IaC projects that you configure it to watch. I guess that's not a huge deal but just wanted to see if anyone else had any thoughts or battle-tested experience on this one cause as I said above I'm a huge fan of pull-based CD (single source of the truth, soft-immutability, less pipeline config required).
Thanks in advance!
Beta Was this translation helpful? Give feedback.
All reactions